Code:
BugCheck 1E, {ffffffffc0000005, fffff80003081149, 0, ffffffffffffffff}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+487ed )
Code:
1: kd> knL
# Child-SP RetAddr Call Site
00 fffff880`0b478098 fffff800`030c0738 nt!KeBugCheckEx
01 fffff880`0b4780a0 fffff800`03075242 nt! ?? ::FNODOBFM::`string'+0x487ed
02 fffff880`0b478740 fffff800`03073b4a nt!KiExceptionDispatch+0xc2
03 fffff880`0b478920 fffff800`03081149 nt!KiGeneralProtectionFault+0x10a
04 fffff880`0b478ab0 fffff800`03080f41 nt!KeUpdateRunTime+0x49
05 fffff880`0b478ae0 00000001`40a8a136 nt!KiSecondaryClockInterrupt+0x131
06 00000000`5374f8b0 00000000`00000000 0x00000001`40a8a136
Looking at the stack, we can see that the processor received a clock interrupt, which then lead to the run time being updated. This is a normal process. However, it seems something seemed to go wrong with nt!KeUpdateRunTime, leading to a access violation.
Code:
1: kd> !error 0xc0000005
Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
This can be caused by data alignment issues or referencing invalid memory addresses.
Code:
1: kd> u nt!KeUpdateRunTime+0x49
nt!KeUpdateRunTime+0x49:
fffff800`03081149 f683dc21000008 test byte ptr [rbx+21DCh],8
fffff800`03081150 7544 jne nt!KeUpdateRunTime+0x96 (fffff800`03081196)
fffff800`03081152 48b90800000080f7ffff mov rcx,0FFFFF78000000008h
fffff800`0308115c 8bc7 mov eax,edi
fffff800`0308115e 488b09 mov rcx,qword ptr [rcx]
fffff800`03081161 448b83e8210000 mov r8d,dword ptr [rbx+21E8h]
fffff800`03081168 412bc0 sub eax,r8d
fffff800`0308116b 3d00010000 cmp eax,100h
The test instruction is used to perform a bitwise logical AND operation between the rbx register (32-bits) and the high byte of both the edx register and the ecx register, with the value of 8, and if equal jump to the nt!KeUpdateRunTime+0x96.
Code:
nt!KeUpdateRunTime+0x96:
fffff800`03081196 89bbe8210000 mov dword ptr [rbx+21E8h],edi
fffff800`0308119c 450fb6842470010000 movzx r8d,byte ptr [r12+170h]
fffff800`030811a5 4863d6 movsxd rdx,esi
fffff800`030811a8 440fb6cd movzx r9d,bpl
fffff800`030811ac 488bcb mov rcx,rbx
fffff800`030811af 4180e001 and r8b,1
fffff800`030811b3 e8f8aefeff call nt!KeAccumulateTicks (fffff800`0306c0b0)
fffff800`030811b8 84c0 test al,al
fffff800`030811ba 7414 je nt!KeUpdateRunTime+0xd0 (fffff800`030811d0)
Code:
nt!KeUpdateRunTime+0xd0:
fffff800`030811d0 488b5c2430 mov rbx,qword ptr [rsp+30h]
fffff800`030811d5 488b6c2438 mov rbp,qword ptr [rsp+38h]
fffff800`030811da 488b742440 mov rsi,qword ptr [rsp+40h]
fffff800`030811df 488b7c2448 mov rdi,qword ptr [rsp+48h]
fffff800`030811e4 4883c420 add rsp,20h
fffff800`030811e8 415c pop r12
fffff800`030811ea c3 ret
Code:
lmvm avipbb
start end module name
fffff880`041ab000 fffff880`041d0000 avipbb T (no symbols)
Loaded symbol image file: avipbb.sys
Image path: \SystemRoot\system32\DRIVERS\avipbb.sys
Image name: avipbb.sys
Timestamp: Thu Sep 19 13:16:13 2013 (523AEB0D)
CheckSum: 0002BE7F
ImageSize: 00025000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your Avira AntiVir driver seems to be causing problems, please remove the program completely with the Avira AntiVir Removal Tool, and then install these free alternatives for at least troubleshooting purposes:
Install and perform full scans with:
Information
Remember to install the free version of Malwarebytes not the free trail; untick the free trial box during installation. MSE is the most lightweight and compatible with the Windows 7 operating system
You can also view this thread for a complete free and lightweight security protection combination: