Bug Code : 0x0000003b Caused by : ntoskrnl.exe Caused at : ntoskrnl.exe+80640 File ver : 6.1.7601.17514 (win7sp1_rtm.101119-1850) test ram as well as drive but still under testing any one experienced the same issue so i ran a test and found bug in process explorer Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\042411-30264-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols* Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850 Machine Name: Kernel base = 0xfffff800`02a1b000 PsLoadedModuleList = 0xfffff800`02c60e90 Debug session time: Sun Apr 24 15:06:01.590 2011 (UTC + 5:30) System Uptime: 0 days 1:44:48.947 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ...................... Loading User Symbols Loading unloaded module list ........ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002abac3e, fffff88008a85100, 0} Unable to load image \??\C:\Windows\system32\Drivers\PROCEXP110.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for PROCEXP110.SYS *** ERROR: Module load completed but symbols could not be loaded for PROCEXP110.SYS Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002abac3e, Address of the instruction which caused the bugcheck Arg3: fffff88008a85100, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!ExfReleaseRundownProtection+2a fffff800`02abac3e f0488301ff lock add qword ptr [rcx],0FFFFFFFFFFFFFFFFh CONTEXT: fffff88008a85100 -- (.cxr 0xfffff88008a85100) rax=0000000000000001 rbx=fffff88006ef522c rcx=0000000000000000 rdx=fffffffffffffffe rsi=00000000000015a9 rdi=0000000000000000 rip=fffff80002abac3e rsp=fffff88008a85ae0 rbp=fffff88008a867c0 r8=fffffa80086609c8 r9=0000000000000530 r10=fffff80002a1b000 r11=fffff80002e21770 r12=fffff88006ef5224 r13=00000000000015a7 r14=fffff88006ef2000 r15=fffff88008a85d20 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 nt!ExfReleaseRundownProtection+0x2a: fffff800`02abac3e f0488301ff lock add qword ptr [rcx],0FFFFFFFFFFFFFFFFh ds:002b:00000000`00000000=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: procexp64.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002e21795 to fffff80002abac3e STACK_TEXT: fffff880`08a85ae0 fffff800`02e21795 : fffff880`00000000 00000000`00000000 00000000`00001500 fffff880`08a867c0 : nt!ExfReleaseRundownProtection+0x2a fffff880`08a85b10 fffff880`06ef3781 : fffff880`08a867c0 fffff880`06ef522c 00000000`000015a9 00000000`0233ff80 : nt!PsReleaseProcessExitSynchronization+0x25 fffff880`08a85b40 fffff880`08a867c0 : fffff880`06ef522c 00000000`000015a9 00000000`0233ff80 00000000`00000000 : PROCEXP110+0x1781 fffff880`08a85b48 fffff880`06ef522c : 00000000`000015a9 00000000`0233ff80 00000000`00000000 00000000`00000000 : 0xfffff880`08a867c0 fffff880`08a85b50 00000000`000015a9 : 00000000`0233ff80 00000000`00000000 00000000`00000000 fffff900`ffffffff : PROCEXP110+0x322c fffff880`08a85b58 00000000`0233ff80 : 00000000`00000000 00000000`00000000 fffff900`ffffffff 00000004`00000000 : 0x15a9 fffff880`08a85b60 00000000`00000000 : 00000000`00000000 fffff900`ffffffff 00000004`00000000 fffff960`003b6e80 : 0x233ff80 FOLLOWUP_IP: PROCEXP110+1781 fffff880`06ef3781 ?? ??? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: PROCEXP110+1781 FOLLOWUP_NAME: MachineOwner MODULE_NAME: PROCEXP110 IMAGE_NAME: PROCEXP110.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 46cb2323 STACK_COMMAND: .cxr 0xfffff88008a85100 ; kb FAILURE_BUCKET_ID: X64_0x3B_PROCEXP110+1781 BUCKET_ID: X64_0x3B_PROCEXP110+1781 Followup: MachineOwner ---------