Antivirus Software:
Code:
avastsvc.exe c:\program files\avast software\avast\avastsvc.exe 1516 8 200 1380 07/03/2012 12:40 7.0.1407.0 43.72 KB (44,768 bytes) 05/03/2012 00:06
avastui.exe c:\program files\avast software\avast\avastui.exe 3388 8 200 1380 07/03/2012 12:40 7.0.1407.0 3.84 MB (4,031,368 bytes) 05/03/2012 00:06
Possible out of date drivers:
Code:
Alpham264 fffff880`0cdc1000 fffff880`0cdc6500 Tue Mar 20 03:51:03 2007 (45ffae87) 000058cb Alpham264.sys
Alpham164 fffff880`0cdb4000 fffff880`0cdc0f00 Mon Jul 23 01:57:03 2007 (46a45f4f) 000134fc Alpham164.sys
Alpham264.sys
Alpham164.sys
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\Kalz\Windows_NT6_BSOD_jcgriff2\030612-16161-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0365c000 PsLoadedModuleList = 0xfffff800`038a1670
Debug session time: Tue Mar 6 12:18:04.677 2012 (UTC - 7:00)
System Uptime: 0 days 0:29:19.457
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {99, 3ebd04, 0, 3ebd44}
Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )
Followup: MachineOwner
---------
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 00000000003ebd04, page frame number
Arg3: 0000000000000000, current page state
Arg4: 00000000003ebd44, 0
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80003761d7c to fffff800036d8c40
STACK_TEXT:
fffff880`0d322e18 fffff800`03761d7c : 00000000`0000004e 00000000`00000099 00000000`003ebd04 00000000`00000000 : nt!KeBugCheckEx
fffff880`0d322e20 fffff800`036806e2 : 00000000`00000000 fffff680`003232e8 00000000`00000002 00000000`00000001 : nt!MiBadShareCount+0x4c
fffff880`0d322e60 fffff800`036a94b3 : fffffa80`0cfc8060 fffff700`00004e07 0000007f`fffffff8 fffff8a0`030b8638 : nt! ?? ::FNODOBFM::`string'+0x333ca
fffff880`0d322ef0 fffff800`036aa596 : fffffa80`0cfc8060 fffffa80`00000000 fffff880`000030a2 fffff800`00000000 : nt!MiDeleteAddressesInWorkingSet+0x307
fffff880`0d3237a0 fffff800`039aeb1a : fffff8a0`080a4680 fffff880`0d323ae0 00000000`00000000 fffffa80`14afbb60 : nt!MmCleanProcessAddressSpace+0x96
fffff880`0d3237f0 fffff800`0399209d : 00000000`c0000005 00000000`00000001 00000000`7efad000 fffffa80`14745790 : nt!PspExitThread+0x56a
fffff880`0d3238f0 fffff800`036cc3fa : 00000000`00000001 fffff880`0d323a68 00000000`01e0e5d0 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffff880`0d323920 fffff800`036cc740 : 00000000`023ffb2c fffff880`0d3239a0 fffff800`03992010 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`0d3239a0 fffff800`036d7f77 : fffffa80`14afbb60 00000000`7efad000 00000000`000000c0 00000000`00f1f5d0 : nt!KiInitiateUserApc+0x70
fffff880`0d323ae0 00000000`77b32c1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`01e0e5a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b32c1a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`03761d7c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Kalz\Windows_NT6_BSOD_jcgriff2\030612-15319-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03651000 PsLoadedModuleList = 0xfffff800`03896670
Debug session time: Tue Mar 6 10:39:45.766 2012 (UTC - 7:00)
System Uptime: 0 days 0:13:14.951
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff96000161697, fffff8800f698f70, 0}
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000161697, Address of the instruction which caused the bugcheck
Arg3: fffff8800f698f70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!DWP_SetHotKey+43
fffff960`00161697 f6413740 test byte ptr [rcx+37h],40h
CONTEXT: fffff8800f698f70 -- (.cxr 0xfffff8800f698f70)
rax=fffff900c1c00b90 rbx=fffff900c1c022c0 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000002 rdi=fffff900c1b0cc20
rip=fffff96000161697 rsp=fffff8800f699950 rbp=0000000000000000
r8=fffffa8013c37da0 r9=fffff900c1c022c0 r10=fffff900c0580a70
r11=fffff8800f699988 r12=0000000000000000 r13=00000000013afd20
r14=00000000013af170 r15=0000000075482450
iopl=0 nv up ei pl nz ac pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010213
win32k!DWP_SetHotKey+0x43:
fffff960`00161697 f6413740 test byte ptr [rcx+37h],40h ds:002b:00000000`00000037=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x3B
PROCESS_NAME: aaHMSvc.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff96000161697
STACK_TEXT:
fffff880`0f699950 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!DWP_SetHotKey+0x43
CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32k
fffff9600016166f - win32k!DWP_SetHotKey+1b
[ da:ca ]
fffff96000161938-fffff9600016193f 8 bytes - win32k!ClearSendMessages+180 (+0x2c9)
[ 90 90 90 90 90 90 90 90:00 2a ee 06 80 f8 ff ff ]
fffff96000161941-fffff96000161945 5 bytes - win32k!NtUserDestroyWindow+1 (+0x09)
[ f3 48 83 ec 20:25 32 ed 00 00 ]
14 errors : !win32k (fffff9600016166f-fffff96000161945)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xfffff8800f698f70 ; kb
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
Followup: memory_corruption
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Kalz\Windows_NT6_BSOD_jcgriff2\030512-15397-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03610000 PsLoadedModuleList = 0xfffff800`03855670
Debug session time: Mon Mar 5 09:50:32.044 2012 (UTC - 7:00)
System Uptime: 0 days 1:14:53.229
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {4, 2, 1, fffff880079bf309}
Unable to load image \SystemRoot\system32\DRIVERS\Xeno7x64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Xeno7x64.sys
*** ERROR: Module load completed but symbols could not be loaded for Xeno7x64.sys
Probably caused by : Xeno7x64.sys ( Xeno7x64+c309 )
Followup: MachineOwner
---------
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000004, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880079bf309, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800038bf100
0000000000000004
CURRENT_IRQL: 2
FAULTING_IP:
Xeno7x64+c309
fffff880`079bf309 44894a04 mov dword ptr [rdx+4],r9d
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff880062f1910 -- (.trap 0xfffff880062f1910)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8015058490 rbx=0000000000000000 rcx=00000000000000c6
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880079bf309 rsp=fffff880062f1aa0 rbp=fffffa8013288d10
r8=00000000000000c6 r9=0000000000000000 r10=9a488b80f0600311
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
Xeno7x64+0xc309:
fffff880`079bf309 44894a04 mov dword ptr [rdx+4],r9d ds:00000000`00000004=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000368c1e9 to fffff8000368cc40
STACK_TEXT:
fffff880`062f17c8 fffff800`0368c1e9 : 00000000`0000000a 00000000`00000004 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`062f17d0 fffff800`0368ae60 : fffff800`03688ab6 fffffa80`0d7acb10 fffffa80`0d5c3cc0 fffffa80`15058490 : nt!KiBugCheckDispatch+0x69
fffff880`062f1910 fffff880`079bf309 : fffffa80`15058490 fffff880`087f0802 00000000`00000000 fffff880`062c9101 : nt!KiPageFault+0x260
fffff880`062f1aa0 fffffa80`15058490 : fffff880`087f0802 00000000`00000000 fffff880`062c9101 fffff880`062ce140 : Xeno7x64+0xc309
fffff880`062f1aa8 fffff880`087f0802 : 00000000`00000000 fffff880`062c9101 fffff880`062ce140 00000000`00000000 : 0xfffffa80`15058490
fffff880`062f1ab0 00000000`00000000 : fffff880`062c9101 fffff880`062ce140 00000000`00000000 fffffa80`1340e220 : 0xfffff880`087f0802
STACK_COMMAND: kb
FOLLOWUP_IP:
Xeno7x64+c309
fffff880`079bf309 44894a04 mov dword ptr [rdx+4],r9d
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: Xeno7x64+c309
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Xeno7x64
IMAGE_NAME: Xeno7x64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d23ab32
FAILURE_BUCKET_ID: X64_0xD1_Xeno7x64+c309
BUCKET_ID: X64_0xD1_Xeno7x64+c309
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Kalz\Windows_NT6_BSOD_jcgriff2\030512-15506-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03605000 PsLoadedModuleList = 0xfffff800`0384a670
Debug session time: Mon Mar 5 08:34:50.108 2012 (UTC - 7:00)
System Uptime: 0 days 0:21:15.293
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 101, {11, 0, fffff880062c9180, a}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000011, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff880062c9180, The PRCB address of the hung processor.
Arg4: 000000000000000a, 0.
Debugging Details:
------------------
BUGCHECK_STR: CLOCK_WATCHDOG_TIMEOUT_c_PROC
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: d
STACK_TEXT:
fffff880`009a9628 fffff800`036d98c9 : 00000000`00000101 00000000`00000011 00000000`00000000 fffff880`062c9180 : nt!KeBugCheckEx
fffff880`009a9630 fffff800`0368c497 : 00000000`00000000 fffff800`0000000a 00000000`00002710 fffff880`009a9628 : nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff880`009a96c0 fffff800`03bf8895 : fffff800`03c1e460 fffff880`009a9870 fffff800`03c1e460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff880`009a97c0 fffff800`0367e173 : 00000000`5b47b36d fffff800`037f7e80 fffff800`037f7e80 00000000`0000000a : hal!HalpHpetClockInterrupt+0x8d
fffff880`009a97f0 fffff800`036b8327 : fffff800`037f7e80 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLock+0x163
fffff880`009a9980 fffff800`036877cc : 00000000`00000000 fffff880`009a9ab8 00000000`00000000 00000000`00000000 : nt!KxFlushEntireTb+0x93
fffff880`009a99c0 fffff800`03649469 : 00000000`0000000a 00000000`0000003f fffffa80`047dcbd0 00000000`00000040 : nt!KeFlushMultipleRangeTb+0x28c
fffff880`009a9a90 fffff800`03649cb7 : 00000000`0017f400 00000000`0000003f 00000000`00000000 00000000`00000000 : nt!MiZeroPageChain+0x14e
fffff880`009a9ad0 fffff800`0391cfee : fffffa80`0cd7ab60 00000000`00000080 fffffa80`0cd7a040 fffff800`036735d9 : nt!MmZeroPageThread+0x83a
fffff880`009a9c00 fffff800`036735e6 : fffff800`037f7e80 fffffa80`0cd7ab60 fffff800`03805cc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`009a9c40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_CLOCK_WATCHDOG_TIMEOUT_c_PROC_ANALYSIS_INCONCLUSIVE
BUCKET_ID: X64_CLOCK_WATCHDOG_TIMEOUT_c_PROC_ANALYSIS_INCONCLUSIVE
Followup: MachineOwner
---------
- Possible causes are Memory problems... Drivers...
- Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... Graphics Driver... Drivers...
- Caused by your Bigfoot Networks Killer Xeno PCI-E Gaming Adapter driver.
- 0X101: An expected clock interrupt was not received on a secondary processor in an MP system within the allocated interval. This indicates that the specified processor is hung and not processing interrupts.
Thanks to Dave76 for help understanding possible causes.
We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.
If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.
- If you are overclocking any hardware, please stop.
- Use STOP 0x101: CLOCK_WATCHDOG_TIMEOUT troubleshtg as a guide to troubleshooting the 0X101 crash.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.
- An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a.
Backup your system and user files
b.
Create a system restore point
c. If you do not have a Windows 7 DVD,
Create a system repair disc
d. Run
Driver Verifier
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using
System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the Verifier steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.