locked
Need help determine cause of BSOD. RRS feed

  • Question

  • We have 2 PC's which are getting BSOD at startup, both are Windows 7 x64, both have Kaspersky anti-virus 6.0 installed.

    I checked the dump files of both computers, I see the same errors, this is the result of the analasys of one of those PC's:

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: ffffffffffffffd0, memory referenced.
    Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
    Arg3: fffff80002ad912c, If non-zero, the instruction address which referenced the bad memory
    	address.
    Arg4: 0000000000000000, (reserved)
    
    Debugging Details:
    ------------------
    
    
    Could not read faulting driver name
    
    WRITE_ADDRESS:  ffffffffffffffd0 
    
    FAULTING_IP: 
    nt!ObfDereferenceObject+2c
    fffff800`02ad912c f0480fc11f      lock xadd qword ptr [rdi],rbx
    
    MM_INTERNAL_CODE:  0
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    BUGCHECK_STR:  0x50
    
    PROCESS_NAME:  winlogon.exe
    
    CURRENT_IRQL:  0
    
    TRAP_FRAME:  fffff8800384f770 -- (.trap 0xfffff8800384f770)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff900c00b6c20 rbx=0000000000000000 rcx=0000000000000000
    rdx=00000000000007ff rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002ad912c rsp=fffff8800384f900 rbp=fffff8800384fc60
     r8=fffff80002a51000  r9=0000000000000000 r10=0000000000000001
    r11=fffffa80021f4230 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    nt!ObfDereferenceObject+0x2c:
    fffff800`02ad912c f0480fc11f      lock xadd qword ptr [rdi],rbx ds:00000000`00000000=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002a77eec to fffff80002acffc0
    
    STACK_TEXT:  
    fffff880`0384f608 fffff800`02a77eec : 00000000`00000050 ffffffff`ffffffd0 00000000`00000001 fffff880`0384f770 : nt!KeBugCheckEx
    fffff880`0384f610 fffff800`02ace0ee : 00000000`00000001 ffffffff`ffffffd0 00000000`00000000 ffffffff`ffffffff : nt! ?? ::FNODOBFM::`string'+0x4514f
    fffff880`0384f770 fffff800`02ad912c : fffffa80`046467d0 00000000`00000000 fffff900`c00b6c20 00000000`00000001 : nt!KiPageFault+0x16e
    fffff880`0384f900 fffff960`00189fee : fffff880`0384fc60 00000000`00000000 fffffa80`04675f20 00000000`00000000 : nt!ObfDereferenceObject+0x2c
    fffff880`0384f960 fffff960`00150b7a : 00000000`00000000 00000000`000ff9c0 00000000`00000000 00000000`00000377 : win32k!xxxCreateDesktopEx+0x8e2
    fffff880`0384fb00 fffff800`02acf253 : fffffa80`04615620 00000000`000ff9a8 fffff880`0384fb88 00000000`0034f880 : win32k!NtUserCreateDesktopEx+0xe6
    fffff880`0384fb70 00000000`766b42aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`000ff988 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x766b42aa
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    win32k!xxxCreateDesktopEx+8e2
    fffff960`00189fee 49895d38        mov     qword ptr [r13+38h],rbx
    
    SYMBOL_STACK_INDEX:  4
    
    SYMBOL_NAME:  win32k!xxxCreateDesktopEx+8e2
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: win32k
    
    IMAGE_NAME:  win32k.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5080499a
    
    FAILURE_BUCKET_ID:  X64_0x50_win32k!xxxCreateDesktopEx+8e2
    
    BUCKET_ID:  X64_0x50_win32k!xxxCreateDesktopEx+8e2
    
    Followup: MachineOwner
    ---------
    
    What could cause these bluescreens? I suspect Kaspersky is causing them because the bluescreens appeard after installing Kaspersky, but I'm not 100% sure.



    Thursday, December 13, 2012 10:20 AM

Answers

  • Hi,

    For this BSOD, the minidump is useless. We need to analyze the kernel dump or full dump file to get the cause. Since it is already beyond what we can do at this forum, I suggest you contact our CSS team for better help.

    To contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. Please be advised that contacting phone support will be a charged call.

    To obtain the phone numbers for specific technology request please take a look at the web site listed below:
    Microsoft - Help and Support

    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

    If you are outside the US please see Microsoft Worldwide Home for regional support phone numbers.
    http://www.microsoft.com/worldwide/

    TechNet Subscriber
    Support

    If you are TechNet Subscription user
    and have any feedback on our support quality, please send your feedbackhere.


    Juke Chou
    TechNet Community Support

    • Marked as answer by Juke Chou Tuesday, January 8, 2013 10:48 AM
    Friday, December 14, 2012 8:16 AM