Hi there,
My computer has bluescreened today. I think the antivirus is the culprit, because it has never done so before and I just have Symantec Endpoint Protection Small Business Edition installed for some weeks.
I ran the dump through an online crashanalysis, which pointed to ccSvcHst.exe...
Anyone any ideas how to fix this?
Analysis log follows.
Thanks!
Edwin.
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02014000 PsLoadedModuleList = 0xfffff800`02258670
Debug session time: Fri Aug 16 09:40:35.182 2013 (UTC - 4:00)
System Uptime: 9 days 17:01:23.791
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8000209ed46, Address of the instruction which caused the bugcheck
Arg3: fffff880131214d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ExAcquireRundownProtectionCacheAwareEx+26
fffff800`0209ed46 498b00 mov rax,qword ptr [r8]
CONTEXT: fffff880131214d0 -- (.cxr 0xfffff880131214d0)
rax=0000000000000000 rbx=fffffa8019127300 rcx=fffff880010a85e2
rdx=00000000000007e0 rsi=fffffa8019364108 rdi=fffffa8020e939b0
rip=fffff8000209ed46 rsp=fffff88013121eb8 rbp=fffffa80193640a0
r8=6be9c93345f89328 r9=0000000000000001 r10=fffff8800132e940
r11=fffff88013121f20 r12=fffffa8019416a60 r13=fffff880010dce98
r14=0000000000000011 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!ExAcquireRundownProtectionCacheAwareEx+0x26:
fffff800`0209ed46 498b00 mov rax,qword ptr [r8] ds:002b:6be9c933`45f89328=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x3B
PROCESS_NAME: ccSvcHst.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8800131bb47 to fffff8000209ed46
STACK_TEXT:
fffff880`13121eb8 fffff880`0131bb47 : 00000000`00000000 fffffa80`1cad2010 fffffa80`193640a0 fffff800`022c5d68 : nt!ExAcquireRundownProtectionCacheAwareEx+0x26
fffff880`13121ec0 fffff880`01322b44 : fffffa80`23b2aa00 00000000`00000000 00000000`00000000 00000000`00000402 : fltmgr! ?? ::FNODOBFM::`string'+0x3035
fffff880`13121f40 fffff880`04070bb5 : fffffa80`20e939b0 fffffa80`207707a0 00000000`00000000 fffffa80`19364108 : fltmgr!FltGetFileNameInformation+0x184
fffff880`13121fd0 fffff880`01336035 : fffffa80`207707a0 fffff880`0133590e fffffa80`207707a0 00000000`0000016c : luafv!LuafvGenerateFileName+0x6d
fffff880`13122000 fffff880`01335ead : 00000000`00000000 fffffa80`19364108 fffffa80`207707a0 00000000`00000000 : fltmgr!FltpCallOpenedFileNameHandler+0x75
fffff880`13122040 fffff880`01321b9d : c00000bb`24b19800 00000000`00000000 fffffa80`1cad2b00 fffffa80`1cad2020 : fltmgr!FltpCreateFileNameInformation+0x17d
fffff880`131220a0 fffff880`0131bbf6 : fffffa80`19127300 fffffa80`1cad2010 fffffa80`19364108 fffff8a0`294fe6c0 : fltmgr!HandleStreamListNotSupported+0x15d
fffff880`131220e0 fffff880`01322b44 : 00000000`00000000 00000000`00000000 fffffa80`1cad2010 00000000`00000402 : fltmgr! ?? ::FNODOBFM::`string'+0x30f3
fffff880`13122160 fffff880`14d031ed : fffffa80`207707a0 fffff8a0`0a401830 00000000`00000006 fffffa80`2107a270 : fltmgr!FltGetFileNameInformation+0x184
fffff880`131221f0 fffffa80`207707a0 : fffff8a0`0a401830 00000000`00000006 fffffa80`2107a270 fffffa80`00000000 : SRTSP64+0x8a1ed
fffff880`131221f8 fffff8a0`0a401830 : 00000000`00000006 fffffa80`2107a270 fffffa80`00000000 fffff880`14c7a029 : 0xfffffa80`207707a0
fffff880`13122200 00000000`00000006 : fffffa80`2107a270 fffffa80`00000000 fffff880`14c7a029 fffffa80`2107a270 : 0xfffff8a0`0a401830
fffff880`13122208 fffffa80`2107a270 : fffffa80`00000000 fffff880`14c7a029 fffffa80`2107a270 00000000`00000000 : 0x6
fffff880`13122210 fffffa80`00000000 : fffff880`14c7a029 fffffa80`2107a270 00000000`00000000 00000000`00000006 : 0xfffffa80`2107a270
fffff880`13122218 fffff880`14c7a029 : fffffa80`2107a270 00000000`00000000 00000000`00000006 fffff880`14d046de : 0xfffffa80`00000000
fffff880`13122220 fffffa80`2107a270 : 00000000`00000000 00000000`00000006 fffff880`14d046de fffffa80`21aacbe0 : SRTSP64+0x1029
fffff880`13122228 00000000`00000000 : 00000000`00000006 fffff880`14d046de fffffa80`21aacbe0 fffff880`14c9af0d : 0xfffffa80`2107a270
FOLLOWUP_IP:
luafv!LuafvGenerateFileName+6d
fffff880`04070bb5 eb13 jmp luafv!LuafvGenerateFileName+0x82 (fffff880`04070bca)
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: luafv!LuafvGenerateFileName+6d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: luafv
IMAGE_NAME: luafv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc295
STACK_COMMAND: .cxr 0xfffff880131214d0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_luafv!LuafvGenerateFileName+6d
BUCKET_ID: X64_0x3B_luafv!LuafvGenerateFileName+6d
Followup: MachineOwner
---------