Antivirus Software:
Code:
avastsvc.exe c:\program files\alwil software\avast5\avastsvc.exe 1364 8 200 1380 3/13/2012 5:59 AM 5.0.677.0 39.44 KB (40,384 bytes) 2/9/2012 5:04 PM
avastui.exe c:\program files\alwil software\avast5\avastui.exe 4568 8 200 1380 3/13/2012 10:10 AM 5.0.677.0 2.71 MB (2,838,912 bytes) 2/9/2012 5:04 PM
Possible out of date driver:
Code:
Lycosa fffff880`0765a000 fffff880`0765e980 Fri Jan 18 01:51:42 2008 (4790689e) 0000e99d Lycosa.sys
Lycosa.sys
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\wrexblade\Windows_NT6_BSOD_jcgriff2\031312-10420-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0300a000 PsLoadedModuleList = 0xfffff800`0324f670
Debug session time: Tue Mar 13 05:57:50.191 2012 (UTC - 6:00)
System Uptime: 1 days 15:26:41.159
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff8000336cddf, fffff88002a70000, 0}
Probably caused by : ntkrnlmp.exe ( nt!AlpcpCancelMessage+4ff )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8000336cddf, Address of the instruction which caused the bugcheck
Arg3: fffff88002a70000, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!AlpcpCancelMessage+4ff
fffff800`0336cddf f00fc141f4 lock xadd dword ptr [rcx-0Ch],eax
CONTEXT: fffff88002a70000 -- (.cxr 0xfffff88002a70000)
rax=00000000ffffffff rbx=0000000000000000 rcx=7ac00001a9b8c025
rdx=fffff8a00f7c25d0 rsi=fffff8a00f7c25d0 rdi=fffff8a00f445d00
rip=fffff8000336cddf rsp=fffff88002a709e0 rbp=fffffa800bb30ba0
r8=fffffa800b3aaa80 r9=fffffa800b3aaa80 r10=fffffa800b3aaa50
r11=fffff88002a6f140 r12=0000000000000001 r13=00000000ffffffff
r14=0000000000000001 r15=0000000000010000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!AlpcpCancelMessage+0x4ff:
fffff800`0336cddf f00fc141f4 lock xadd dword ptr [rcx-0Ch],eax ds:002b:7ac00001`a9b8c019=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: GoogleUpdate.e
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800033d2d77 to fffff8000336cddf
STACK_TEXT:
fffff880`02a709e0 fffff800`033d2d77 : 00000000`00000103 fffffa80`0b3aaa80 00000000`00010000 fffffa80`0b3aaa80 : nt!AlpcpCancelMessage+0x4ff
fffff880`02a70a60 fffff800`033943a6 : fffffa80`0bb30ba0 fffff880`c0000000 00000000`c0000000 fffffa80`0bb30ba0 : nt! ?? ::NNGAKEGL::`string'+0x3ff07
fffff880`02a70b00 fffff800`03085ed3 : fffffa80`0c34db60 fffff880`02a70ca0 00000000`01f3e7f8 fffffa80`0b8a5380 : nt!NtAlpcSendWaitReceivePort+0x1e6
fffff880`02a70bb0 00000000`772e1b6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01f3e7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772e1b6a
FOLLOWUP_IP:
nt!AlpcpCancelMessage+4ff
fffff800`0336cddf f00fc141f4 lock xadd dword ptr [rcx-0Ch],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!AlpcpCancelMessage+4ff
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff88002a70000 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!AlpcpCancelMessage+4ff
BUCKET_ID: X64_0x3B_nt!AlpcpCancelMessage+4ff
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\wrexblade\Windows_NT6_BSOD_jcgriff2\031112-11200-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03015000 PsLoadedModuleList = 0xfffff800`0325a670
Debug session time: Sun Mar 11 14:30:03.245 2012 (UTC - 6:00)
System Uptime: 12 days 21:48:34.660
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 0, fffffa800b061250, 0}
Probably caused by : hardware ( nt! ?? ::FNODOBFM::`string'+4874 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000000
Arg3: fffffa800b061250
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffffa800d262438 -- (.exr 0xfffffa800d262438)
ExceptionAddress: fffff8000339a356 (nt!IopSynchronousServiceTail+0x0000000000000236)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000000000b0
Attempt to read from address 00000000000000b0
TRAP_FRAME: fffffa800d2624e0 -- (.trap 0xfffffa800d2624e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80094cf060
rdx=fffffa800c7d48d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000339a356 rsp=fffffa800d262678 rbp=0000000000d80005
r8=fffffa800d262670 r9=0000000000000001 r10=fffffa8006744c70
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!IopSynchronousServiceTail+0x236:
fffff800`0339a356 83b8b000000000 cmp dword ptr [rax+0B0h],0 ds:0400:00000000`000000b0=????????
Resetting default scope
MISALIGNED_IP:
nt!IopSynchronousServiceTail+236
fffff800`0339a356 83b8b000000000 cmp dword ptr [rax+0B0h],0
LAST_CONTROL_TRANSFER: from fffff800030e937a to fffff80003091c40
STACK_TEXT:
fffffa80`0d261538 fffff800`030e937a : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`0b061250 : nt!KeBugCheckEx
fffffa80`0d261540 fffff800`030bbef3 : 00000000`00000000 fffffa80`0ba10a90 00000000`00000003 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4874
fffffa80`0d261580 fffff800`030cd361 : fffffa80`0d262438 fffffa80`0d262190 fffffa80`0d2624e0 fffffa80`0c7d48d0 : nt!RtlDispatchException+0x33
fffffa80`0d261c60 fffff800`030912c2 : fffffa80`0d262438 fffffa80`0c7d49e8 fffffa80`0d2624e0 00000000`00000000 : nt!KiDispatchException+0x135
fffffa80`0d262300 fffff800`0308fe3a : 00000000`00000000 00000000`000000b0 fffffa80`0d262500 fffffa80`0c7d49e8 : nt!KiExceptionDispatch+0xc2
fffffa80`0d2624e0 fffff800`0339a356 : fffffa80`094cf060 00000000`00000000 00000000`00000101 fffff8a0`027dc010 : nt!KiPageFault+0x23a
fffffa80`0d262678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopSynchronousServiceTail+0x236
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4874
fffff800`030e937a cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4874
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
- Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... Graphics Driver... Drivers...
- Verifier enabled; indicates a hardware fault.
Thanks to Dave76 for help understanding possible causes.
Do these steps to check your hardware: