BSOD randomly when idle.

wrexblade · 13 Mar 2012

My computer:
Custom Rig about 3 years old
Windows 7 Ultimate 64bit
Mobo: X58A-UD3R Gigabyte
Proc: Intel Core i7 930 @ 2.8ghz
Memory : 8192mb Ram
GFX: ATI 5800 HD

Like the title says my computer will randomly BSOD. I leave it on with out putting it to sleep or hib. Common programs that are open overnight when these BSOD's happen are, WORD, Excel, Google Chrome, AVast! win rar, windows explorer all at the same time.

PS: the perfmon report is in the zipped file, named perfmon report.

writhziden · 15 Mar 2012

Antivirus Software:

Code:

avastsvc.exe	c:\program files\alwil software\avast5\avastsvc.exe	1364	8	200	1380	3/13/2012 5:59 AM	5.0.677.0	39.44 KB (40,384 bytes)	2/9/2012 5:04 PM
avastui.exe	c:\program files\alwil software\avast5\avastui.exe	4568	8	200	1380	3/13/2012 10:10 AM	5.0.677.0	2.71 MB (2,838,912 bytes)	2/9/2012 5:04 PM

Possible out of date driver:

Code:

Lycosa	fffff880`0765a000	fffff880`0765e980	Fri Jan 18 01:51:42 2008 (4790689e)	0000e99d		Lycosa.sys

Lycosa.sys

Code:


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Kingston\BSODDmpFiles\wrexblade\Windows_NT6_BSOD_jcgriff2\031312-10420-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0300a000 PsLoadedModuleList = 0xfffff800`0324f670
Debug session time: Tue Mar 13 05:57:50.191 2012 (UTC - 6:00)
System Uptime: 1 days 15:26:41.159
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff8000336cddf, fffff88002a70000, 0}

Probably caused by : ntkrnlmp.exe ( nt!AlpcpCancelMessage+4ff )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8000336cddf, Address of the instruction which caused the bugcheck
Arg3: fffff88002a70000, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!AlpcpCancelMessage+4ff
fffff800`0336cddf f00fc141f4      lock xadd dword ptr [rcx-0Ch],eax

CONTEXT:  fffff88002a70000 -- (.cxr 0xfffff88002a70000)
rax=00000000ffffffff rbx=0000000000000000 rcx=7ac00001a9b8c025
rdx=fffff8a00f7c25d0 rsi=fffff8a00f7c25d0 rdi=fffff8a00f445d00
rip=fffff8000336cddf rsp=fffff88002a709e0 rbp=fffffa800bb30ba0
 r8=fffffa800b3aaa80  r9=fffffa800b3aaa80 r10=fffffa800b3aaa50
r11=fffff88002a6f140 r12=0000000000000001 r13=00000000ffffffff
r14=0000000000000001 r15=0000000000010000
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
nt!AlpcpCancelMessage+0x4ff:
fffff800`0336cddf f00fc141f4      lock xadd dword ptr [rcx-0Ch],eax ds:002b:7ac00001`a9b8c019=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  GoogleUpdate.e

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800033d2d77 to fffff8000336cddf

STACK_TEXT:  
fffff880`02a709e0 fffff800`033d2d77 : 00000000`00000103 fffffa80`0b3aaa80 00000000`00010000 fffffa80`0b3aaa80 : nt!AlpcpCancelMessage+0x4ff
fffff880`02a70a60 fffff800`033943a6 : fffffa80`0bb30ba0 fffff880`c0000000 00000000`c0000000 fffffa80`0bb30ba0 : nt! ?? ::NNGAKEGL::`string'+0x3ff07
fffff880`02a70b00 fffff800`03085ed3 : fffffa80`0c34db60 fffff880`02a70ca0 00000000`01f3e7f8 fffffa80`0b8a5380 : nt!NtAlpcSendWaitReceivePort+0x1e6
fffff880`02a70bb0 00000000`772e1b6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01f3e7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772e1b6a


FOLLOWUP_IP: 
nt!AlpcpCancelMessage+4ff
fffff800`0336cddf f00fc141f4      lock xadd dword ptr [rcx-0Ch],eax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!AlpcpCancelMessage+4ff

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

STACK_COMMAND:  .cxr 0xfffff88002a70000 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_nt!AlpcpCancelMessage+4ff

BUCKET_ID:  X64_0x3B_nt!AlpcpCancelMessage+4ff

Followup: MachineOwner
---------

Loading Dump File [D:\Kingston\BSODDmpFiles\wrexblade\Windows_NT6_BSOD_jcgriff2\031112-11200-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03015000 PsLoadedModuleList = 0xfffff800`0325a670
Debug session time: Sun Mar 11 14:30:03.245 2012 (UTC - 6:00)
System Uptime: 12 days 21:48:34.660
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.....................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {91, 0, fffffa800b061250, 0}

Probably caused by : hardware ( nt! ?? ::FNODOBFM::`string'+4874 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
	the operating system. The only supported way to extend a kernel
	mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000000
Arg3: fffffa800b061250
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  chrome.exe

CURRENT_IRQL:  0

EXCEPTION_RECORD:  fffffa800d262438 -- (.exr 0xfffffa800d262438)
ExceptionAddress: fffff8000339a356 (nt!IopSynchronousServiceTail+0x0000000000000236)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000b0
Attempt to read from address 00000000000000b0

TRAP_FRAME:  fffffa800d2624e0 -- (.trap 0xfffffa800d2624e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80094cf060
rdx=fffffa800c7d48d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000339a356 rsp=fffffa800d262678 rbp=0000000000d80005
 r8=fffffa800d262670  r9=0000000000000001 r10=fffffa8006744c70
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!IopSynchronousServiceTail+0x236:
fffff800`0339a356 83b8b000000000  cmp     dword ptr [rax+0B0h],0 ds:0400:00000000`000000b0=????????
Resetting default scope

MISALIGNED_IP: 
nt!IopSynchronousServiceTail+236
fffff800`0339a356 83b8b000000000  cmp     dword ptr [rax+0B0h],0

LAST_CONTROL_TRANSFER:  from fffff800030e937a to fffff80003091c40

STACK_TEXT:  
fffffa80`0d261538 fffff800`030e937a : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`0b061250 : nt!KeBugCheckEx
fffffa80`0d261540 fffff800`030bbef3 : 00000000`00000000 fffffa80`0ba10a90 00000000`00000003 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4874
fffffa80`0d261580 fffff800`030cd361 : fffffa80`0d262438 fffffa80`0d262190 fffffa80`0d2624e0 fffffa80`0c7d48d0 : nt!RtlDispatchException+0x33
fffffa80`0d261c60 fffff800`030912c2 : fffffa80`0d262438 fffffa80`0c7d49e8 fffffa80`0d2624e0 00000000`00000000 : nt!KiDispatchException+0x135
fffffa80`0d262300 fffff800`0308fe3a : 00000000`00000000 00000000`000000b0 fffffa80`0d262500 fffffa80`0c7d49e8 : nt!KiExceptionDispatch+0xc2
fffffa80`0d2624e0 fffff800`0339a356 : fffffa80`094cf060 00000000`00000000 00000000`00000101 fffff8a0`027dc010 : nt!KiPageFault+0x23a
fffffa80`0d262678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopSynchronousServiceTail+0x236


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+4874
fffff800`030e937a cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4874

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner
---------

Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... Graphics Driver... Drivers...
Verifier enabled; indicates a hardware fault.

Thanks to Dave76 for help understanding possible causes.

Do these steps to check your hardware:

If you are overclocking any hardware, please stop.
Disable Verifier: Start Menu -> All Programs -> Accessories -> Right click Command Prompt -> Run as administrator ->
verifier /reset
-> Restart your computer
Monitor temperatures during the following tests.

Use the following programs to monitor the temperatures.
- Real Temp is a good CPU temperature monitor.
- Speccy - System Information - Free Download will monitor all hardware temperatures.
- HWiNFO, HWiNFO32 & HWiNFO64 - Hardware Information and Analysis Tools can be inaccurate for CPU temperatures, but is a good program for GPU temperature monitoring.
- Use FurMark: VGA Stress Test, Graphics Card and GPU Stability Test, Burn-in Test, OpenGL Benchmark and GPU Temperature | oZone3D.Net to test the graphics card GPU. Then use the |MG| Video Memory Stress Test 1.7.116 Download to test your graphics card memory. Let the memory test run for at least seven passes; the more the better.
- Run Hardware - Stress Test With Prime95 to determine any hardware problems. Run all three tests for a few hours each. If you get errors, stop the test and post back here.
Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).

If you swap any memory components, follow these steps for ESD safety:
1. Shut down and turn off your computer.
2. Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
3. Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
4. Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.