Code:
Kernel base = 0xfffff800`01c5b000 PsLoadedModuleList = 0xfffff800`01e98e50
Debug session time: Fri Oct 8 23:06:35.831 2010 (GMT-4)
System Uptime: 0 days 0:06:58.534
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80001ca2dad, 0, ffffffffffffffff}
Probably caused by : memory_corruption ( nt!MiComputeImagePteIndex+41 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80001ca2dad, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiComputeImagePteIndex+41
fffff800`01ca2dad 488b8f88000000 mov rcx,qword ptr [rdi+88h]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001f030e0
ffffffffffffffff
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880094563e8 -- (.exr 0xfffff880094563e8)
ExceptionAddress: fffff80001ca2dad (nt!MiComputeImagePteIndex+0x0000000000000041)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88009456490 -- (.trap 0xfffff88009456490)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80035844f0 rbx=0000000000000000 rcx=0000058000000000
rdx=fffffa8009cce6b0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001ca2dad rsp=fffff88009456620 rbp=fffffa8007875c40
r8=0000000000000001 r9=0000000000000727 r10=fffff8800128f700
r11=fffff880094564f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!MiComputeImagePteIndex+0x41:
fffff800`01ca2dad 488b8f88000000 mov rcx,qword ptr [rdi+88h] ds:40f0:00000000`00000088=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001d05a39 to fffff80001ccb740
STACK_TEXT:
fffff880`09455c18 fffff800`01d05a39 : 00000000`0000001e ffffffff`c0000005 fffff800`01ca2dad 00000000`00000000 : nt!KeBugCheckEx
fffff880`09455c20 fffff800`01ccad82 : fffff880`094563e8 fffff8a0`03219600 fffff880`09456490 fffffa80`089adce8 : nt!KiDispatchException+0x1b9
fffff880`094562b0 fffff800`01cc968a : fffffa80`06e05fb8 fffffa80`06e05bd0 fffffa80`0748bc30 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`09456490 fffff800`01ca2dad : 00000000`00000000 fffffa80`09df5b60 fffffa80`076c3300 fffffa80`09cce6b2 : nt!KiGeneralProtectionFault+0x10a
fffff880`09456620 fffff800`0200110b : fffffa80`07178010 fffffa80`099adc30 fffffa80`076c33a1 00000000`00000001 : nt!MiComputeImagePteIndex+0x41
fffff880`09456650 fffff800`01f2bafb : 00000000`00000001 00000000`00000001 fffffa80`071d9680 00000000`00000004 : nt! ?? ::NNGAKEGL::`string'+0x19135
fffff880`094566b0 fffff800`021290ad : 00000000`0000002a 00000000`0000002a fffffa80`071d9680 fffff880`09456778 : nt!MmPrefetchPages+0xfb
fffff880`09456710 fffff800`021310ce : fffff8a0`00000000 fffff8a0`00000000 fffff8a0`00000019 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x21d
fffff880`09456810 fffff800`02131c67 : 00000000`00000000 fffff880`09456ca0 fffff880`09456a08 fffff8a0`01f16060 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`09456960 fffff800`0213e23e : fffff880`09456a08 00000000`00000001 fffffa80`08793f60 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`094569d0 fffff800`0214296e : 00000000`00000000 00000000`05faf7f0 00000000`0000004f fffffa80`07b07201 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`09456ab0 fffff800`01cca993 : fffffa80`09df5b60 00000000`00000000 fffffa80`07852b40 00000000`00000001 : nt!NtSetSystemInformation+0xb91
fffff880`09456c20 00000000`77af144a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`05faf7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77af144a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiComputeImagePteIndex+41
fffff800`01ca2dad 488b8f88000000 mov rcx,qword ptr [rdi+88h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MiComputeImagePteIndex+41
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1E_nt!MiComputeImagePteIndex+41
BUCKET_ID: X64_0x1E_nt!MiComputeImagePteIndex+41
Followup: MachineOwner
---------
Kernel base = 0xfffff800`01c15000 PsLoadedModuleList = 0xfffff800`01e52e50
Debug session time: Mon Oct 11 06:42:53.113 2010 (GMT-4)
System Uptime: 0 days 10:29:26.800
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffab004d9cc8b, 0, fffff80001c995ff, 5}
Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MiAgeWorkingSet+4df )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffab004d9cc8b, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80001c995ff, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001ebd0e0
fffffab004d9cc8b
FAULTING_IP:
nt!MiAgeWorkingSet+4df
fffff800`01c995ff 410fb6471b movzx eax,byte ptr [r15+1Bh]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff880021327a0 -- (.trap 0xfffff880021327a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000ffffffff rbx=0000000000000000 rcx=fffff68000012480
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001c995ff rsp=fffff88002132930 rbp=0000000000000000
r8=0000000000000001 r9=fffffa80079549c8 r10=0000000000000005
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!MiAgeWorkingSet+0x4df:
fffff800`01c995ff 410fb6471b movzx eax,byte ptr [r15+1Bh] ds:204a:00000000`0000001b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001d048c1 to fffff80001c85740
STACK_TEXT:
fffff880`02132638 fffff800`01d048c1 : 00000000`00000050 fffffab0`04d9cc8b 00000000`00000000 fffff880`021327a0 : nt!KeBugCheckEx
fffff880`02132640 fffff800`01c8382e : 00000000`00000000 6b801001`9deed025 00000000`00001000 fffff800`01db9bfe : nt! ?? ::FNODOBFM::`string'+0x40e8b
fffff880`021327a0 fffff800`01c995ff : 00000003`00000000 6b700001`ca0de025 00000000`00000000 00000000`000006b7 : nt!KiPageFault+0x16e
fffff880`02132930 fffff800`01d07a5e : fffffa80`079549c8 fffff880`00000001 00000000`00000001 fffff880`02132bb0 : nt!MiAgeWorkingSet+0x4df
fffff880`02132ae0 fffff800`01c99ee2 : 00000000`00000ec3 00000000`00000000 fffffa80`00000000 00000000`00000004 : nt! ?? ::FNODOBFM::`string'+0x496d6
fffff880`02132b80 fffff800`01c9a173 : 00000000`00000008 fffff880`02132c10 00000000`00000001 fffffa80`00000000 : nt!MmWorkingSetManager+0x6e
fffff880`02132bd0 fffff800`01f29c06 : fffffa80`06d20040 00000000`00000080 fffffa80`06d07040 00000000`00000001 : nt!KeBalanceSetManager+0x1c3
fffff880`02132d40 fffff800`01c63c26 : fffff800`01dffe80 fffffa80`06d20040 fffff800`01e0dc40 b887f600`28608368 : nt!PspSystemThreadStartup+0x5a
fffff880`02132d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiAgeWorkingSet+4df
fffff800`01c995ff 410fb6471b movzx eax,byte ptr [r15+1Bh]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiAgeWorkingSet+4df
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x50_nt!MiAgeWorkingSet+4df
BUCKET_ID: X64_0x50_nt!MiAgeWorkingSet+4df
Followup: MachineOwner
---------
Kernel base = 0xfffff800`01c19000 PsLoadedModuleList = 0xfffff800`01e56e50
Debug session time: Sun Oct 10 18:47:25.938 2010 (GMT-4)
System Uptime: 0 days 10:02:42.625
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {5002, fffff70001080000, 1785, 3786fffffffe}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+21b31 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005002, The subtype of the bugcheck.
Arg2: fffff70001080000
Arg3: 0000000000001785
Arg4: 00003786fffffffe
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_5002
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: avgcsrva.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001cf1971 to fffff80001c89740
STACK_TEXT:
fffff880`07a48a68 fffff800`01cf1971 : 00000000`0000001a 00000000`00005002 fffff700`01080000 00000000`00001785 : nt!KeBugCheckEx
fffff880`07a48a70 fffff800`01ca404c : fffff680`00019788 fffff880`07a48b40 00000000`00000000 ffffffff`ffffffff : nt! ?? ::FNODOBFM::`string'+0x21b31
fffff880`07a48ac0 fffff800`01c8782e : 00000000`00000001 00000000`00001895 00000000`00000001 fffffa80`09f84f20 : nt!MmAccessFault+0xc4c
fffff880`07a48c20 0000000a`008cc0ec : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0816d890 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xa`008cc0ec
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+21b31
fffff800`01cf1971 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+21b31
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x1a_5002_nt!_??_::FNODOBFM::_string_+21b31
BUCKET_ID: X64_0x1a_5002_nt!_??_::FNODOBFM::_string_+21b31
Followup: MachineOwner
---------
Kernel base = 0xfffff800`01c0b000 PsLoadedModuleList = 0xfffff800`01e48e50
Debug session time: Sun Oct 10 01:07:21.732 2010 (GMT-4)
System Uptime: 0 days 10:04:52.669
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 0, fffffa800ce4bb60, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4904 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000000
Arg3: fffffa800ce4bb60
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff8800b806858 -- (.exr 0xfffff8800b806858)
ExceptionAddress: fffff80001f76e4f (nt!IoRemoveIoCompletion+0x000000000000009f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010
TRAP_FRAME: fffff8800b806900 -- (.trap 0xfffff8800b806900)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001f76e4f rsp=fffff8800b806a90 rbp=fffffa800b806ca0
r8=fffff80001c0b000 r9=0000000000000000 r10=fffffffffffffffe
r11=fffffa8009a33630 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!IoRemoveIoCompletion+0x9f:
fffff800`01f76e4f 8b4b10 mov ecx,dword ptr [rbx+10h] ds:00000000`00000010=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001cd024a to fffff80001c7b740
STACK_TEXT:
fffff880`0b805968 fffff800`01cd024a : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`0ce4bb60 : nt!KeBugCheckEx
fffff880`0b805970 fffff800`01ca86b3 : 00000000`00000000 00000000`00000000 00000000`00000003 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff880`0b8059b0 fffff800`01cb59ef : fffff880`0b806858 fffff880`0b8065c0 fffff880`0b806900 00000000`00000000 : nt!RtlDispatchException+0x33
fffff880`0b806090 fffff800`01c7ad82 : fffff880`0b806858 00000000`00000000 fffff880`0b806900 00000000`00000001 : nt!KiDispatchException+0x16f
fffff880`0b806720 fffff800`01c798fa : 00000000`00000000 00000000`00000000 fffffa80`0ce4bb00 fffff880`009b8180 : nt!KiExceptionDispatch+0xc2
fffff880`0b806900 fffff800`01f76e4f : 00000200`00000000 fffff880`0b806bc8 00000a00`00000000 00000000`00000000 : nt!KiPageFault+0x23a
fffff880`0b806a90 fffff800`01c8baa6 : 000007fe`00000000 fffff880`0b806ba8 fffff880`0b806bc8 00000000`00000001 : nt!IoRemoveIoCompletion+0x9f
fffff880`0b806b20 fffff800`01c7a993 : fffffa80`0ce4bb60 00000000`779c4270 00000000`00000000 00000000`00000000 : nt!NtWaitForWorkViaWorkerFactory+0x285
fffff880`0b806c20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4904
fffff800`01cd024a cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4904
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4904
BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4904
Followup: MachineOwner
---------
To begin your troubleshooting, I recommend that you uninstall AVG. AVG is known to cause BSOD's on some Win 7 systems and antivirus scanner is mentioned in the usual causes above. Download and install Microsoft Security Essentials in its place. We want to eliminate all possible causes of crashes.