BSOD Crash Dump Analysis RRS feed

  • Question

  • Hello.

    I have been getting a BSOD and Crash Dump upon logging in to Windows 7. Here is the analysis I've received:

    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603 Machine Name: Kernel base = 0xfffff800`03008000 PsLoadedModuleList = 0xfffff800`0324f730 Debug session time: Mon Oct 26 08:36:03.853 2015 (UTC - 4:00) System Uptime: 0 days 0:02:52.616 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff800031b4b15, Address of the instruction which caused the bugcheck Arg3: fffff88006cf05a0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". FAULTING_IP: nt!ExDeferredFreePool+249 fffff800`031b4b15 4c395808 cmp qword ptr [rax+8],r11 CONTEXT: fffff88006cf05a0 -- (.cxr 0xfffff88006cf05a0) rax=0067006e0069006d rbx=0000000000000003 rcx=fffffa8003c608f0 rdx=fffff8a004ca2380 rsi=0000000000000000 rdi=fffff8a004cbe950 rip=fffff800031b4b15 rsp=fffff88006cf0f80 rbp=0000000000000000 r8=fffff8a004ff5dd0 r9=fffff8a004ca2730 r10=0000000000000001 r11=fffff8a004ca2740 r12=fffffa8003c603c0 r13=0000000000000000 r14=0000000000000003 r15=0000000000000001 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206 nt!ExDeferredFreePool+0x249: fffff800`031b4b15 4c395808 cmp qword ptr [rax+8],r11 ds:002b:0067006e`00690075=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: avgidsagent.ex CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800031b4b15 STACK_TEXT: fffff880`06cf0f80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0x249 FOLLOWUP_IP: nt!ExDeferredFreePool+249 fffff800`031b4b15 4c395808 cmp qword ptr [rax+8],r11 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!ExDeferredFreePool+249 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption STACK_COMMAND: .cxr 0xfffff88006cf05a0 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!ExDeferredFreePool+249 BUCKET_ID: X64_0x3B_nt!ExDeferredFreePool+249 Followup: Pool_corruption

    Any ideas of what to do next?


    Tuesday, October 27, 2015 2:19 PM

All replies

  • I would try to uninstall AVG or at least it's identity Protection service :)


    Tuesday, October 27, 2015 2:54 PM
    We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.

    Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
    If you have any questions about the procedure please ask

    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Tuesday, October 27, 2015 3:08 PM