Security Software (this is just a check that it is installed and working properly; nothing needs to be done with this information at this time):
Code:
mcagent.exe c:\program files\mcafee.com\agent\mcagent.exe 4520 8 200 1380 09/04/2012 5:35 PM 11.0.644.0 1.60 MB (1,675,160 bytes) 21/12/2011 6:33 PM
Code:
- Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\alfred67\Windows7_Vista_jcgriff2\040912-14274-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03416000 PsLoadedModuleList = 0xfffff800`0365a650
Debug session time: Mon Apr 9 13:27:21.913 2012 (UTC - 6:00)
System Uptime: 0 days 0:00:30.646
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff960000f4efc, fffff88008668c30, 0}
Probably caused by : win32k.sys ( win32k!SURFACE::Map+16c )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960000f4efc, Address of the instruction which caused the bugcheck
Arg3: fffff88008668c30, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!SURFACE::Map+16c
fffff960`000f4efc 488b09 mov rcx,qword ptr [rcx]
CONTEXT: fffff88008668c30 -- (.cxr 0xfffff88008668c30)
rax=fffff900c32d1910 rbx=fffffa800ac63aa0 rcx=f7fff900c32d1830
rdx=0000000003950000 rsi=0000000000000001 rdi=f7fff900c32d1830
rip=fffff960000f4efc rsp=fffff88008669610 rbp=fffff900c07f3010
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff88003165180 r12=fffff88008669770 r13=0000000000000000
r14=fffff960002f1ae0 r15=fffff960002f1ac0
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
win32k!SURFACE::Map+0x16c:
fffff960`000f4efc 488b09 mov rcx,qword ptr [rcx] ds:002b:f7fff900`c32d1830=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff960000f4efc
STACK_TEXT:
fffff880`08669610 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFACE::Map+0x16c
FOLLOWUP_IP:
win32k!SURFACE::Map+16c
fffff960`000f4efc 488b09 mov rcx,qword ptr [rcx]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!SURFACE::Map+16c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f2b63bd
STACK_COMMAND: .cxr 0xfffff88008668c30 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!SURFACE::Map+16c
BUCKET_ID: X64_0x3B_win32k!SURFACE::Map+16c
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\alfred67\Windows7_Vista_jcgriff2\040812-14788-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03418000 PsLoadedModuleList = 0xfffff800`0365c650
Debug session time: Sun Apr 8 14:47:39.275 2012 (UTC - 6:00)
System Uptime: 0 days 2:30:01.007
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8800bb5c668, 0, fffff96000120f89, 2}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!xxxScanSysQueue+14f9 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8800bb5c668, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff96000120f89, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036c6100
fffff8800bb5c668
FAULTING_IP:
win32k!xxxScanSysQueue+14f9
fffff960`00120f89 448bac24e8000000 mov r13d,dword ptr [rsp+0E8h]
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: zuma.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800b95c3f0 -- (.trap 0xfffff8800b95c3f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c0a8d770 rbx=0000000000000000 rcx=fffff900c0e1f110
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff96000120f89 rsp=fffff8800b95c580 rbp=fffff8800b95cb60
r8=0000000000000001 r9=fffff900c0e1f110 r10=fffff900c0cfb010
r11=fffff8800b95c550 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
win32k!xxxScanSysQueue+0x14f9:
fffff960`00120f89 448bac24e8000000 mov r13d,dword ptr [rsp+0E8h] ss:0018:fffff880`0b95c668=00000201
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000343fc50 to fffff80003494d40
STACK_TEXT:
fffff880`0b95c288 fffff800`0343fc50 : 00000000`00000050 fffff880`0bb5c668 00000000`00000000 fffff880`0b95c3f0 : nt!KeBugCheckEx
fffff880`0b95c290 fffff800`03492e6e : 00000000`00000000 fffff880`0bb5c668 fffff880`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x43d76
fffff880`0b95c3f0 fffff960`00120f89 : 00000035`0000012b fffff880`0b95cb60 00000000`00000000 00000000`0000012b : nt!KiPageFault+0x16e
fffff880`0b95c580 fffff960`0015abf7 : fffff900`c0cfb010 fffff880`0b95ca28 00000000`00000000 00000000`00000000 : win32k!xxxScanSysQueue+0x14f9
fffff880`0b95c8c0 fffff960`0015b085 : 00000000`00000000 fffff800`000025ff 00000000`00000000 fffffa80`ffffffff : win32k!xxxRealInternalGetMessage+0x453
fffff880`0b95c9a0 fffff960`00153a97 : 00000000`73382450 00000000`0008ec80 00000000`0008fd20 00000000`7efdb001 : win32k!xxxInternalGetMessage+0x35
fffff880`0b95c9e0 fffff800`03493fd3 : fffffa80`06fddb60 00000000`0008e2f8 fffff880`0b95ca88 00000000`00000000 : win32k!NtUserPeekMessage+0x77
fffff880`0b95ca70 00000000`733cfdea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008e2d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x733cfdea
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxScanSysQueue+14f9
fffff960`00120f89 448bac24e8000000 mov r13d,dword ptr [rsp+0E8h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k!xxxScanSysQueue+14f9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f2b63bd
FAILURE_BUCKET_ID: X64_0x50_win32k!xxxScanSysQueue+14f9
BUCKET_ID: X64_0x50_win32k!xxxScanSysQueue+14f9
Followup: MachineOwner
---------
The crashes point to either Windows file corruption or memory problems.- If you are overclocking any hardware, please stop.
- Run Disk Check with Automatically fix file system errors checked. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.
For any drives that do not give the message:
Windows has checked the file system and found no problems
run disk check again as above. In other words, if it says:
Windows has made corrections to the file system
after running the disk check, run the disk check again.
- Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.