Avgmfx64.sys Caused BSOD

Hello Herb. I apologize for the inconvenience caused. May I know which AVG program you have installed on your PC?

User-added image

 

I had a BSOD today and the bugcheck pointed to avgmfx64.sys.  What needs to be updated?  Windows 7 x64
---------------------------------------------------------------------

Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\061815-60575-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary ********
Response                         Time (ms)     Location
Deferred                                       SRVC:\SymCacheSymbol information
Symbol search path is: SRVC:\SymCacheSymbol information
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
Machine Name:
Kernel base = 0xfffff8000360f000 PsLoadedModuleList = 0xfffff80003856730
Debug session time: Thu Jun 18 12:58:02.592 2015 (UTC - 4:00)
System Uptime: 1 days 6:15:32.544
Loading Kernel Symbols




Loading User Symbols
Loading unloaded module list


                                                                            
                        Bugcheck Analysis                                   
                                                                            


Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffff800036cc83a, fffff8800efdd018, fffff8800efdc870}

WARNING: Unable to verify timestamp for avgmfx64.sys
ERROR: Module load completed but symbols could not be loaded for avgmfx64.sys
Probably caused by : avgmfx64.sys ( avgmfx64+5bb1 )

Followup: MachineOwner
---------

2: kd> !analyze -v

                                                                            
                        Bugcheck Analysis                                   
                                                                            


SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800036cc83a, The address that the exception occurred at
Arg3: fffff8800efdd018, Exception Record Address
Arg4: fffff8800efdc870, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!FsRtlLookupPerStreamContextInternal+7a
fffff800036cc83a 48397010        cmp     qword ptr [rax+10h],rsi<br><br>EXCEPTION_RECORD:  fffff8800efdd018 -- (.exr 0xfffff8800efdd018)<br>ExceptionAddress: fffff800036cc83a (nt!FsRtlLookupPerStreamContextInternal+0x000000000000007a)<br>   ExceptionCode: c0000005 (Access violation)<br>  ExceptionFlags: 00000000<br>NumberParameters: 2<br>   Parameter[0]: 0000000000000000<br>   Parameter[1]: 0000000000000016<br>Attempt to read from address 0000000000000016<br><br>CONTEXT:  fffff8800efdc870 -- (.cxr 0xfffff8800efdc870;r)<br>rax=0000000000000006 rbx=fffff8a000c73140 rcx=0000000000000000<br>rdx=fffff8a000c73178 rsi=fffffa800a399010 rdi=0000000000000000<br>rip=fffff800036cc83a rsp=fffff8800efdd250 rbp=0000000000000000<br> r8=0000000000000000  r9=fffff8800efdd320 r10=0000000000000000<br>r11=0000000000000000 r12=0000000000000000 r13=0000000000000001<br>r14=fffffa800a3b6800 r15=fffff8800efdd500<br>iopl=0         nv up ei pl nz ac po cy<br>cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010217<br>nt!FsRtlLookupPerStreamContextInternal+0x7a:<br>fffff800036cc83a 48397010        cmp     qword ptr [rax+10h],rsi ds:002b:0000000000000016=????????????????<br>Last set context:<br>rax=0000000000000006 rbx=fffff8a000c73140 rcx=0000000000000000<br>rdx=fffff8a000c73178 rsi=fffffa800a399010 rdi=0000000000000000<br>rip=fffff800036cc83a rsp=fffff8800efdd250 rbp=0000000000000000<br> r8=0000000000000000  r9=fffff8800efdd320 r10=0000000000000000<br>r11=0000000000000000 r12=0000000000000000 r13=0000000000000001<br>r14=fffffa800a3b6800 r15=fffff8800efdd500<br>iopl=0         nv up ei pl nz ac po cy<br>cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010217<br>nt!FsRtlLookupPerStreamContextInternal+0x7a:<br>fffff800036cc83a 48397010        cmp     qword ptr [rax+10h],rsi ds:002b:0000000000000016=????????????????<br>Resetting default scope<br><br>CUSTOMER_CRASH_COUNT:  1<br><br>PROCESS_NAME:  System<br><br>CURRENT_IRQL:  0<br><br>ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.<br><br>EXCEPTION_PARAMETER1:  0000000000000000<br><br>EXCEPTION_PARAMETER2:  0000000000000016<br><br>READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800038c0100<br>GetUlongFromAddress: unable to read from fffff800038c01c0<br> 0000000000000016 Nonpaged pool<br><br>FOLLOWUP_IP:<br>avgmfx64+5bb1<br>fffff88001f3dbb1 ??              ???

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff88001073aae to fffff800036cc83a

STACK_TEXT:  
fffff8800efdd250 fffff88001073aae : 0000000000000000 fffffa800a399010 fffff8800efdd590 fffffa800d9bc010 : nt!FsRtlLookupPerStreamContextInternal+0x7a
fffff8800efdd290 fffff88001073c99 : fffffa800a399010 fffff880075c08a2 fffffa800a3be3f0 0000000000000000 : fltmgr!FltpGetStreamListCtrl+0x8e
fffff8800efdd2f0 fffff88001f3dbb1 : 0000000000000000 0000000000000001 fffff8800efdd3d8 fffff880010bc066 : fltmgr!FltGetStreamHandleContext+0x29
fffff8800efdd320 0000000000000000 : 0000000000000001 fffff8800efdd3d8 fffff880010bc066 0000000010000004 : avgmfx64+0x5bb1


SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  avgmfx64+5bb1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: avgmfx64

IMAGE_NAME:  avgmfx64.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  554b513d

STACK_COMMAND:  .cxr 0xfffff8800efdc870 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_avgmfx64+5bb1

BUCKET_ID:  X64_0x7E_avgmfx64+5bb1

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x7e_avgmfx64+5bb1

FAILURE_ID_HASH:  {095588cd-6e07-d97f-3cb3-5997001cb335}

Followup: MachineOwner
---------

Hello Herb. I apologize for the inconvenience caused. May I know which AVG program you have installed on your PC?
User-added image