Hello Herb. I apologize for the inconvenience caused. May I know which AVG program you have installed on your PC?
I had a BSOD today and the bugcheck pointed to avgmfx64.sys. What needs to be updated? Windows 7 x64
---------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\061815-60575-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary ********
Response Time (ms) Location
Deferred SRVC:\SymCacheSymbol information
Symbol search path is: SRVC:\SymCacheSymbol information
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
Machine Name:
Kernel base = 0xfffff8000360f000 PsLoadedModuleList = 0xfffff800
03856730
Debug session time: Thu Jun 18 12:58:02.592 2015 (UTC - 4:00)
System Uptime: 1 days 6:15:32.544
Loading Kernel Symbols
…
…
…
…
Loading User Symbols
Loading unloaded module list
…
Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff800036cc83a, fffff8800efdd018, fffff8800efdc870}
WARNING: Unable to verify timestamp for avgmfx64.sys
ERROR: Module load completed but symbols could not be loaded for avgmfx64.sys
Probably caused by : avgmfx64.sys ( avgmfx64+5bb1 )
Followup: MachineOwner
---------
2: kd> !analyze -v
Bugcheck Analysis
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800036cc83a, The address that the exception occurred at
Arg3: fffff8800efdd018, Exception Record Address
Arg4: fffff8800efdc870, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!FsRtlLookupPerStreamContextInternal+7a
fffff800036cc83a 48397010 cmp qword ptr [rax+10h],rsi<br><br>EXCEPTION_RECORD: fffff8800efdd018 -- (.exr 0xfffff8800efdd018)<br>ExceptionAddress: fffff800036cc83a (nt!FsRtlLookupPerStreamContextInternal+0x000000000000007a)<br> ExceptionCode: c0000005 (Access violation)<br> ExceptionFlags: 00000000<br>NumberParameters: 2<br> Parameter[0]: 0000000000000000<br> Parameter[1]: 0000000000000016<br>Attempt to read from address 0000000000000016<br><br>CONTEXT: fffff8800efdc870 -- (.cxr 0xfffff8800efdc870;r)<br>rax=0000000000000006 rbx=fffff8a000c73140 rcx=0000000000000000<br>rdx=fffff8a000c73178 rsi=fffffa800a399010 rdi=0000000000000000<br>rip=fffff800036cc83a rsp=fffff8800efdd250 rbp=0000000000000000<br> r8=0000000000000000 r9=fffff8800efdd320 r10=0000000000000000<br>r11=0000000000000000 r12=0000000000000000 r13=0000000000000001<br>r14=fffffa800a3b6800 r15=fffff8800efdd500<br>iopl=0 nv up ei pl nz ac po cy<br>cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010217<br>nt!FsRtlLookupPerStreamContextInternal+0x7a:<br>fffff800
036cc83a 48397010 cmp qword ptr [rax+10h],rsi ds:002b:0000000000000016=????????????????<br>Last set context:<br>rax=0000000000000006 rbx=fffff8a000c73140 rcx=0000000000000000<br>rdx=fffff8a000c73178 rsi=fffffa800a399010 rdi=0000000000000000<br>rip=fffff800036cc83a rsp=fffff8800efdd250 rbp=0000000000000000<br> r8=0000000000000000 r9=fffff8800efdd320 r10=0000000000000000<br>r11=0000000000000000 r12=0000000000000000 r13=0000000000000001<br>r14=fffffa800a3b6800 r15=fffff8800efdd500<br>iopl=0 nv up ei pl nz ac po cy<br>cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010217<br>nt!FsRtlLookupPerStreamContextInternal+0x7a:<br>fffff800
036cc83a 48397010 cmp qword ptr [rax+10h],rsi ds:002b:0000000000000016=????????????????<br>Resetting default scope<br><br>CUSTOMER_CRASH_COUNT: 1<br><br>PROCESS_NAME: System<br><br>CURRENT_IRQL: 0<br><br>ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.<br><br>EXCEPTION_PARAMETER1: 0000000000000000<br><br>EXCEPTION_PARAMETER2: 0000000000000016<br><br>READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800038c0100<br>GetUlongFromAddress: unable to read from fffff800038c01c0<br> 0000000000000016 Nonpaged pool<br><br>FOLLOWUP_IP:<br>avgmfx64+5bb1<br>fffff880
01f3dbb1 ?? ???
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff88001073aae to fffff800036cc83a
STACK_TEXT:
fffff8800efdd250 fffff880
01073aae : 0000000000000000 fffffa80
0a399010 fffff8800efdd590 fffffa80
0d9bc010 : nt!FsRtlLookupPerStreamContextInternal+0x7a
fffff8800efdd290 fffff880
01073c99 : fffffa800a399010 fffff880
075c08a2 fffffa800a3be3f0 00000000
00000000 : fltmgr!FltpGetStreamListCtrl+0x8e
fffff8800efdd2f0 fffff880
01f3dbb1 : 0000000000000000 00000000
00000001 fffff8800efdd3d8 fffff880
010bc066 : fltmgr!FltGetStreamHandleContext+0x29
fffff8800efdd320 00000000
00000000 : 0000000000000001 fffff880
0efdd3d8 fffff880010bc066 00000000
10000004 : avgmfx64+0x5bb1
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: avgmfx64+5bb1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: avgmfx64
IMAGE_NAME: avgmfx64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 554b513d
STACK_COMMAND: .cxr 0xfffff8800efdc870 ; kb
FAILURE_BUCKET_ID: X64_0x7E_avgmfx64+5bb1
BUCKET_ID: X64_0x7E_avgmfx64+5bb1
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x7e_avgmfx64+5bb1
FAILURE_ID_HASH: {095588cd-6e07-d97f-3cb3-5997001cb335}
Followup: MachineOwner
---------