Antivirus software:
Code:
protectionutilsurrogate.exe c:\program files (x86)\symantec\symantec endpoint protection\protectionutilsurrogate.exe 3212 8 200 1380 2/22/2012 8:18 AM 11.0.6200.513 49.36 KB (50,544 bytes) 4/12/2011 4:28 PM
rtvscan.exe c:\program files (x86)\symantec\symantec endpoint protection\rtvscan.exe 2276 8 200 1380 2/20/2012 8:20 PM 11.0.6200.513 1.75 MB (1,839,776 bytes) 4/12/2011 4:28 PM
smc.exe c:\program files (x86)\symantec\symantec endpoint protection\smc.exe 1104 8 200 1380 2/20/2012 8:20 PM 11.0.6200.530 3.10 MB (3,249,768 bytes) 4/12/2011 4:28 PM
smcgui.exe c:\program files (x86)\symantec\symantec endpoint protection\smcgui.exe 864 8 200 1380 2/22/2012 8:18 AM 11.0.6200.530 3.69 MB (3,866,480 bytes) 4/12/2011 4:28 PM
Possible out of date drivers (do not worry about these unless we mention them):
Code:
GEARAspiWDM fffff880`0f0b5000 fffff880`0f0c2000 Mon May 18 06:17:04 2009 (4a1151c0) 000159b4 GEARAspiWDM.sys
ADIHdAud fffff880`044e9000 fffff880`04569000 Mon Jun 22 13:01:24 2009 (4a3fd504) 00081e59 ADIHdAud.sys
HECIx64 fffff880`0fd8e000 fffff880`0fd9f000 Tue Jun 23 14:28:14 2009 (4a413ade) 00011e93 HECIx64.sys
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\Jopageri\Windows_NT6_BSOD_jcgriff2\022012-42167-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a65000 PsLoadedModuleList = 0xfffff800`02caa670
Debug session time: Mon Feb 20 18:18:33.776 2012 (UTC - 7:00)
System Uptime: 3 days 23:44:32.228
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff880059c1be4, fffff880063e97f0, 0}
Probably caused by : ncpl.sys ( ncpl+5be4 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880059c1be4, Address of the instruction which caused the bugcheck
Arg3: fffff880063e97f0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
ncpl+5be4
fffff880`059c1be4 4c894008 mov qword ptr [rax+8],r8
CONTEXT: fffff880063e97f0 -- (.cxr 0xfffff880063e97f0)
rax=005c00330008000c rbx=fffffa800388e1b8 rcx=fffffa800b227170
rdx=fffffa800a1818e8 rsi=fffffa800a1818e8 rdi=0000000000000000
rip=fffff880059c1be4 rsp=fffff880063ea1d8 rbp=fffff880097e5020
r8=fffffa800388e1b8 r9=fffff880059c6160 r10=fffff880009eddc0
r11=0000000000000000 r12=fffffa800a1818e8 r13=00000000c0000000
r14=fffff880063ea400 r15=fffff880097e5020
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
ncpl+0x5be4:
fffff880`059c1be4 4c894008 mov qword ptr [rax+8],r8 ds:002b:005c0033`00080014=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: MediaMonkey.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff880059c1be4
STACK_TEXT:
fffff880`063ea1d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ncpl+0x5be4
FOLLOWUP_IP:
ncpl+5be4
fffff880`059c1be4 4c894008 mov qword ptr [rax+8],r8
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ncpl+5be4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ncpl
IMAGE_NAME: ncpl.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c955c18
STACK_COMMAND: .cxr 0xfffff880063e97f0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_ncpl+5be4
BUCKET_ID: X64_0x3B_ncpl+5be4
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Jopageri\Windows_NT6_BSOD_jcgriff2\021512-106236-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a59000 PsLoadedModuleList = 0xfffff800`02c9e670
Debug session time: Wed Feb 15 18:21:50.636 2012 (UTC - 7:00)
System Uptime: 0 days 16:59:10.088
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff88007f90a2c, fffff88009537800, 0}
Probably caused by : nccache.sys ( nccache+5a2c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88007f90a2c, Address of the instruction which caused the bugcheck
Arg3: fffff88009537800, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nccache+5a2c
fffff880`07f90a2c 483b7b18 cmp rdi,qword ptr [rbx+18h]
CONTEXT: fffff88009537800 -- (.cxr 0xfffff88009537800)
rax=0000000000000001 rbx=74894808245c8948 rcx=fffffa80040793d8
rdx=0000000000040000 rsi=fffffa80040793d8 rdi=00000000008c0000
rip=fffff88007f90a2c rsp=fffff880095381e0 rbp=fffff88008200020
r8=0000000000000001 r9=00000000000a0000 r10=0000000000900000
r11=fffff880095381e0 r12=fffffa80040793d8 r13=00000000c0000000
r14=fffff88009538400 r15=fffff88008200020
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nccache+0x5a2c:
fffff880`07f90a2c 483b7b18 cmp rdi,qword ptr [rbx+18h] ds:002b:74894808`245c8960=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: MediaMonkey.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88007f90a2c
STACK_TEXT:
fffff880`095381e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nccache+0x5a2c
FOLLOWUP_IP:
nccache+5a2c
fffff880`07f90a2c 483b7b18 cmp rdi,qword ptr [rbx+18h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nccache+5a2c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nccache
IMAGE_NAME: nccache.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c955c38
STACK_COMMAND: .cxr 0xfffff88009537800 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nccache+5a2c
BUCKET_ID: X64_0x3B_nccache+5a2c
Followup: MachineOwner
---------
- Caused by ncpl.sys, and Novell Client Portability Layer is a driver file from company Novell, Inc. belonging to product Novell XTier.
- Caused by nccache.sys, and Novell XTier Cache File System Provider Driver is a driver file from company Novell, Inc. belonging to product Novell XTier.
Simple, remove Novell XTier.