Antivirus Software:
Code:
avgcsrva.exe c:\program files (x86)\avg\avg2012\avgcsrva.exe 380 8 200 1380 3/13/2012 11:03 PM 12.0.0.1786 507.34 KB (519,520 bytes) 8/15/2011 5:21 PM
avgemca.exe c:\program files (x86)\avg\avg2012\avgemca.exe 2240 8 200 1380 3/13/2012 11:03 PM 12.0.0.1854 1.52 MB (1,593,696 bytes) 10/10/2011 5:23 PM
avgidsagent.exe c:\program files (x86)\avg\avg2012\avgidsagent.exe 2648 8 200 1380 3/13/2012 11:03 PM 12.0.0.1855 4.23 MB (4,433,248 bytes) 10/12/2011 5:25 PM
avgnsa.exe c:\program files (x86)\avg\avg2012\avgnsa.exe 2220 8 200 1380 3/13/2012 11:03 PM 12.0.0.1883 1.90 MB (1,987,424 bytes) 11/28/2011 11:19 AM
avgtray.exe c:\program files (x86)\avg\avg2012\avgtray.exe 3504 8 200 1380 3/13/2012 11:04 PM 12.0.0.1912 2.30 MB (2,416,480 bytes) 1/24/2012 5:24 PM
avgwdsvc.exe c:\program files (x86)\avg\avg2012\avgwdsvc.exe 1948 8 200 1380 3/13/2012 11:03 PM 12.0.0.1773 188.26 KB (192,776 bytes) 8/2/2011 5:09 PM
avgrsa.exe c:\progra~2\avg\avg2012\avgrsa.exe 348 8 200 1380 3/13/2012 11:03 PM 12.0.0.1806 1.31 MB (1,370,464 bytes) 9/9/2011 7:53 AM
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\tehnub\Windows_NT6_BSOD_jcgriff2\031312-26395-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c14000 PsLoadedModuleList = 0xfffff800`02e51e70
Debug session time: Tue Mar 13 15:02:45.911 2012 (UTC - 6:00)
System Uptime: 0 days 2:21:39.456
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff900c22c27a0, 0, fffff960006cdc51, 0}
Could not read faulting driver name
Probably caused by : cdd.dll ( cdd!CddBitmapHw::Release+31 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900c22c27a0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960006cdc51, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ebc0e0
fffff900c22c27a0
FAULTING_IP:
cdd!CddBitmapHw::Release+31
fffff960`006cdc51 483b9080070000 cmp rdx,qword ptr [rax+780h]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: hl.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800b4a56b0 -- (.trap 0xfffff8800b4a56b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c22c2020 rbx=0000000000000000 rcx=fffff900c1ec9030
rdx=fffffa8004b8f580 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960006cdc51 rsp=fffff8800b4a5840 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=0000000000004257
r11=fffff8800b4a5860 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cdd!CddBitmapHw::Release+0x31:
fffff960`006cdc51 483b9080070000 cmp rdx,qword ptr [rax+780h] ds:0005:fffff900`c22c27a0=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d04df4 to fffff80002c845c0
STACK_TEXT:
fffff880`0b4a5548 fffff800`02d04df4 : 00000000`00000050 fffff900`c22c27a0 00000000`00000000 fffff880`0b4a56b0 : nt!KeBugCheckEx
fffff880`0b4a5550 fffff800`02c826ae : 00000000`00000000 fffff900`c00bf010 00000000`00000000 fffff900`c23e4010 : nt! ?? ::FNODOBFM::`string'+0x426f7
fffff880`0b4a56b0 fffff960`006cdc51 : 00000000`00000000 000010b4`00000000 0000161d`0b4a58e8 fffff900`c23e4010 : nt!KiPageFault+0x16e
fffff880`0b4a5840 fffff960`00116538 : 00000000`00000001 fffff900`c00bf010 00000000`00000001 fffff900`c223d260 : cdd!CddBitmapHw::Release+0x31
fffff880`0b4a5880 fffff960`0011e8c1 : 00000000`00000000 00000000`00000001 fffff900`c223d260 fffff900`00000000 : win32k!SURFACE::bDeleteSurface+0x358
fffff880`0b4a59d0 fffff960`00115ddc : 00000000`000010b4 00000000`00000000 fffff900`c244b6a0 fffff960`00000000 : win32k!NtGdiCloseProcess+0x2c9
fffff880`0b4a5a30 fffff960`00115523 : fffffa80`05edfe00 00000000`00000001 fffffa80`04b8f580 00000000`00000018 : win32k!GdiProcessCallout+0x200
fffff880`0b4a5ab0 fffff800`02f666bd : fffffa80`05edfe60 00000000`00000000 00000000`00000000 fffffa80`04b8f580 : win32k!W32pProcessCallout+0x6b
fffff880`0b4a5ae0 fffff800`02f3e35b : 00000000`00000000 00000000`00000001 fffffa80`04254b00 00000000`00000000 : nt!PspExitThread+0x561
fffff880`0b4a5ba0 fffff800`02c83813 : fffffa80`04254b30 fffff880`00000000 00000000`00000001 fffffa80`04b8f580 : nt!NtTerminateProcess+0x25b
fffff880`0b4a5c20 00000000`775bf97a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008e308 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775bf97a
STACK_COMMAND: kb
FOLLOWUP_IP:
cdd!CddBitmapHw::Release+31
fffff960`006cdc51 483b9080070000 cmp rdx,qword ptr [rax+780h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: cdd!CddBitmapHw::Release+31
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cdd
IMAGE_NAME: cdd.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4d3fbfc6
FAILURE_BUCKET_ID: X64_0x50_cdd!CddBitmapHw::Release+31
BUCKET_ID: X64_0x50_cdd!CddBitmapHw::Release+31
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tehnub\Windows_NT6_BSOD_jcgriff2\031312-23197-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c5a000 PsLoadedModuleList = 0xfffff800`02e97e70
Debug session time: Mon Mar 12 20:49:03.932 2012 (UTC - 6:00)
System Uptime: 0 days 9:51:28.524
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002c9477e, fffff8800aa3be40, 0}
Probably caused by : ntkrnlmp.exe ( nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c9477e, Address of the instruction which caused the bugcheck
Arg3: fffff8800aa3be40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26
fffff800`02c9477e f00fba3100 lock btr dword ptr [rcx],0
CONTEXT: fffff8800aa3be40 -- (.cxr 0xfffff8800aa3be40)
rax=fffffa8004164b60 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8004164b60 rsi=00000000ffffffff rdi=fffffa8004164b60
rip=fffff80002c9477e rsp=fffff8800aa3c810 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=0000000000000081
r11=fffff8800aa3c860 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=fffff900c078f370
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+0x26:
fffff800`02c9477e f00fba3100 lock btr dword ptr [rcx],0 ds:002b:00000000`00000000=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: Diablo III.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c9477e
STACK_TEXT:
fffff880`0aa3c810 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+0x26
FOLLOWUP_IP:
nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26
fffff800`02c9477e f00fba3100 lock btr dword ptr [rcx],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
STACK_COMMAND: .cxr 0xfffff8800aa3be40 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26
BUCKET_ID: X64_0x3B_nt!ExEnterCriticalRegionAndAcquireFastMutexUnsafe+26
Followup: MachineOwner
---------
- Possible causes are Memory problems... Graphics card memory problems... BIOS... Corrupted hard disk file system... Corrupted System Files... Missing Windows Updates... Antivirus Software... Drivers...
- Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... Graphics Driver... Drivers...
Thanks to Dave76 for help understanding possible causes.
We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.
If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.
- If you are overclocking any hardware, please stop.
- Update to Service Pack 1 (SP1)
Links to Service Pack 1 (SP1) and preparation for SP1 courtesy of JMH
Install all Windows updates after installing SP1.
- Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.