Security Software (this is to check that it is installed and working properly; nothing needs to be done with this information at this time):
Code:
msmpeng.exe c:\program files\microsoft security client\antimalware\msmpeng.exe 244 8 200 1380 20/04/2012 11:40 PM 3.0.8402.0 12.48 KB (12,784 bytes) 27/04/2011 5:21 PM
msseces.exe c:\program files\microsoft security client\msseces.exe 2968 8 200 1380 20/04/2012 11:40 PM 2.1.1116.0 1.37 MB (1,436,736 bytes) 15/06/2011 2:35 PM
Code:
Loading Dump File [D:\Kingston\BSODDmpFiles\monggoking\Windows_NT6_BSOD_jcgriff2\042012-12043-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16973.amd64fre.win7_gdr.120305-1504
Machine Name:
Kernel base = 0xfffff800`02e18000 PsLoadedModuleList = 0xfffff800`03054e70
Debug session time: Fri Apr 20 07:40:08.548 2012 (UTC - 6:00)
System Uptime: 0 days 0:02:36.532
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002ecf6ec, fffff8800698cf60, 0}
Probably caused by : memory_corruption ( nt!MiCaptureProtectionFromProto+1c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002ecf6ec, Address of the instruction which caused the bugcheck
Arg3: fffff8800698cf60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiCaptureProtectionFromProto+1c
fffff800`02ecf6ec 488b01 mov rax,qword ptr [rcx]
CONTEXT: fffff8800698cf60 -- (.cxr 0xfffff8800698cf60)
rax=0000000000000011 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8800698da88 rsi=fffffa80081a9618 rdi=fffffa80069d4060
rip=fffff80002ecf6ec rsp=fffff8800698d930 rbp=0000000000000001
r8=000000000ac07000 r9=fffffa80081a9280 r10=0000000000000000
r11=fffff80003087b80 r12=0000000000000011 r13=fffff68000056030
r14=fffff8800698da80 r15=000000000ac06000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!MiCaptureProtectionFromProto+0x1c:
fffff800`02ecf6ec 488b01 mov rax,qword ptr [rcx] ds:002b:00000000`00000000=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: MsMpEng.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002ecf6ec
STACK_TEXT:
fffff880`0698d930 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiCaptureProtectionFromProto+0x1c
FOLLOWUP_IP:
nt!MiCaptureProtectionFromProto+1c
fffff800`02ecf6ec 488b01 mov rax,qword ptr [rcx]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiCaptureProtectionFromProto+1c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4f558ca0
STACK_COMMAND: .cxr 0xfffff8800698cf60 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x3B_nt!MiCaptureProtectionFromProto+1c
BUCKET_ID: X64_0x3B_nt!MiCaptureProtectionFromProto+1c
Followup: MachineOwner
---------
Code:
Event[0]:
Log Name: System
Source: Ntfs
Date: 2012-04-20T23:56:51.190
Event ID: 55
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Gaming-PC
Description:
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
- If you are overclocking any hardware, please stop.
- Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.
For any drives that do not give the message:
Windows has checked the file system and found no problems
run disk check again as above. In other words, if it says:
Windows has made corrections to the file system
after running the disk check, run the disk check again.