Antivirus Software:
Code:
avgcsrva.exe c:\program files (x86)\avg\avg2012\avgcsrva.exe 3040 8 200 1380 2012/03/05 12:41 12.0.0.1786 507.34 KB (519,520 bytes) 2011/08/15 6:21
avgemca.exe c:\program files (x86)\avg\avg2012\avgemca.exe 2416 8 200 1380 2012/03/05 12:41 12.0.0.1854 1.52 MB (1,593,696 bytes) 2011/09/21 19:53
avgidsagent.exe c:\program files (x86)\avg\avg2012\avgidsagent.exe 2588 8 200 1380 2012/03/05 12:41 12.0.0.1855 4.23 MB (4,433,248 bytes) 2011/10/12 6:25
avgnsa.exe c:\program files (x86)\avg\avg2012\avgnsa.exe 2408 8 200 1380 2012/03/05 12:41 12.0.0.1883 1.90 MB (1,987,424 bytes) 2011/09/13 10:33
avgrsa.exe c:\program files (x86)\avg\avg2012\avgrsa.exe 3020 8 200 1380 2012/03/05 12:41 12.0.0.1806 1.31 MB (1,370,464 bytes) 2011/09/08 20:53
avgtray.exe c:\program files (x86)\avg\avg2012\avgtray.exe 4796 8 200 1380 2012/03/05 12:42 12.0.0.1912 2.30 MB (2,416,480 bytes) 2012/01/24 17:24
avgwdsvc.exe c:\program files (x86)\avg\avg2012\avgwdsvc.exe 1836 8 200 1380 2012/03/05 12:41 12.0.0.1773 188.26 KB (192,776 bytes) 2011/08/02 6:09
ccsvchst.exe c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccsvchst.exe 1968 8 200 1380 2012/03/05 12:41 109.0.0.107 123.43 KB (126,392 bytes) 2011/12/09 18:59
ccsvchst.exe c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccsvchst.exe 3920 8 200 1380 2012/03/05 12:42 109.0.0.107 123.43 KB (126,392 bytes) 2011/12/09 18:59
symcpcculaunchsvc.exe c:\program files (x86)\norton pc checkup\engine\2.0.3.198\symcpcculaunchsvc.exe 5944 8 200 1380 2012/03/05 12:44 1.0.0.13 132.43 KB (135,608 bytes) 2011/12/09 18:59
I would recommend removing Norton PC Checkup. I do not see the benefit of the software, and it may cause conflicts on the system.
Possible out of date drivers
Code:
regi fffff880`052d9000 fffff880`052e1000 Mon Apr 16 09:19:10 2007 (462393ee) 000082b5 regi.sys
GEARAspiWDM fffff880`041ea000 fffff880`041f7000 Mon May 18 06:17:04 2009 (4a1151c0) 000159b4 GEARAspiWDM.sys
tosrfec fffff880`0303a000 fffff880`03043000 Mon Jun 01 00:58:53 2009 (4a237c2d) 00014970 tosrfec.sys
QIOMem fffff880`101eb000 fffff880`101f5000 Sun Jun 14 23:58:48 2009 (4a35e318) 0000ab35 QIOMem.sys
tosporte fffff880`05593000 fffff880`055a4000 Tue Jun 16 04:48:47 2009 (4a37788f) 00010ea3 tosporte.sys
TVALZFL fffff880`0404d000 fffff880`04054000 Fri Jun 19 04:05:44 2009 (4a3b62f8) 00010921 TVALZFL.sys
pgeffect fffff880`0545c000 fffff880`05462e80 Mon Jun 22 03:00:11 2009 (4a3f481b) 00017d48 pgeffect.sys
tos_sps64 fffff880`01cfd000 fffff880`01d77000 Tue Jun 23 23:31:09 2009 (4a41ba1d) 0007eb46 tos_sps64.sys
thpdrv fffff880`01d79000 fffff880`01d85000 Sun Jun 28 20:02:56 2009 (4a4820d0) 000138cc thpdrv.sys
Thpevm fffff880`01d77000 fffff880`01d78f80 Mon Jun 29 02:15:37 2009 (4a487829) 000124b8 Thpevm.SYS
regi.sys
QIOMem.sys
tosporte.sys
TVALZFL.sys
pgeffect.sys
tos_sps64.sys
thpdrv.sys
Thpevm.SYS
None of the above raise red flags, but if there are any updates available through the Toshiba support site, I would recommend downloading and installing them.
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\scarborough\Windows_NT6_BSOD_jcgriff2\030412-15007-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03859000 PsLoadedModuleList = 0xfffff800`03a9e670
Debug session time: Sun Mar 4 21:51:45.166 2012 (UTC - 7:00)
System Uptime: 0 days 0:23:08.259
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffa8047a4f830, 2, 1, fffff800038dafaa}
Probably caused by : ntkrnlmp.exe ( nt!KiCommitThreadWait+24a )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa8047a4f830, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800038dafaa, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003b08100
fffffa8047a4f830
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiCommitThreadWait+24a
fffff800`038dafaa f00fba2e07 lock bts dword ptr [rsi],7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: plugin-contain
TRAP_FRAME: fffff88009ca98f0 -- (.trap 0xfffff88009ca98f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000fff7d000 rbx=0000000000000000 rcx=fffff88009ca9a40
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800038dafaa rsp=fffff88009ca9a80 rbp=0000000000000000
r8=fffffa8002c9a6f8 r9=0000000000000000 r10=fffffffffffffff7
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCommitThreadWait+0x24a:
fffff800`038dafaa f00fba2e07 lock bts dword ptr [rsi],7 ds:00bd:00000000`00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800038d51e9 to fffff800038d5c40
STACK_TEXT:
fffff880`09ca97a8 fffff800`038d51e9 : 00000000`0000000a fffffa80`47a4f830 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`09ca97b0 fffff800`038d3e60 : 00000000`00000000 fffff800`038d88a4 00000000`00000003 fffffa80`07a4f770 : nt!KiBugCheckDispatch+0x69
fffff880`09ca98f0 fffff800`038dafaa : fffffa80`07a4f770 fffffa80`07a4f770 00000000`00000000 fffffa80`00000003 : nt!KiPageFault+0x260
fffff880`09ca9a80 fffff800`038dd74f : 00000000`00000378 fffffa80`07a4f770 fffffa80`0000009e fffff800`038d823f : nt!KiCommitThreadWait+0x24a
fffff880`09ca9b10 fffff800`03bcc44e : 00000000`064bb000 fffff880`00000006 00000000`00000001 fffff800`03bc0000 : nt!KeWaitForSingleObject+0x19f
fffff880`09ca9bb0 fffff800`038d4ed3 : fffffa80`07a4f770 00000000`00000378 fffff880`09ca9bf8 fffffa80`053a9ae0 : nt!NtWaitForSingleObject+0xde
fffff880`09ca9c20 00000000`726d2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0441edd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x726d2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiCommitThreadWait+24a
fffff800`038dafaa f00fba2e07 lock bts dword ptr [rsi],7
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiCommitThreadWait+24a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KiCommitThreadWait+24a
BUCKET_ID: X64_0xA_nt!KiCommitThreadWait+24a
Followup: MachineOwner
---------
In addition to the above, I see a number of memory_corruption crashes. Also, there were a couple network related crashes that may have been related to AVG...
Start with the possible memory problems:- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.
Another concern is all the corrupted .dmp files. This could indicate hard drive problems. Since the Windows hard disk check came up clean, I would recommend a more intensive check with the Drive Fitness Test