Brand new machine, unexpected shutdowns

Discussion in 'Windows 7 Help and Support' started by Mr Spangle, Jul 15, 2010.

Thread Status:
Not open for further replies.
  1. Mr Spangle

    Mr Spangle New Member

    Joined:
    Jul 15, 2010
    Messages:
    16
    Likes Received:
    0
    My new win 7 64-bit machine (HP DM4) has on several occasions shutdown unexpectedly. There seems to be nothing obvious causing it (at least to me) and I am no good at reading the minidump. Can anyone look at my minidump file and suggest a likely cause. File is attached. Thank you!
     

    Attached Files:

  2. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Hello and Welcome !!

    First thing i would recommend to do is to remove your Network Driver and reinstall it. Realtek seems like the Rt64win7.sys is a Realtek NIC driver is not loaded properly.

    Run some Hardware Diagnostic - Follow this thread for instructions Hardware Diagnostic !!

    Also i see a service exception that is usually caused by Internet security i.e. AVIRA i would recommend to uninstall it and make sure you clear the left over entries follow this link for instructions BSOD vs. Internet Security !!

    Code:
    [FONT=Book Antiqua][COLOR=Navy]Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
    Debug session time: Thu Jul 15 10:03:47.324 2010 (GMT+6)
    System Uptime: 3 days 1:52:57.931
    BUGCHECK_STR:  0x7f_8
    PROCESS_NAME:  System[/COLOR][/FONT]
    Hope this helps,
    Captain
     
    cybercore and (deleted member) like this.
  3. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Based on the fact that the network driver is unloaded in the driver list, I'd say there's a fair chance that ZoneAlarm could be the cause. If Captain's accurate suggestion doesn't alleviate the bsod, I would uninstall this next.
     
    cybercore and (deleted member) like this.
  4. webscaper

    webscaper Senior Member

    Joined:
    May 21, 2010
    Messages:
    189
    Likes Received:
    14
    This is unbelievable! I just showed you in these prior two threads: http://windows7forums.com/windows-7-support/45522-new-blue-screen-error.html and http://windows7forums.com/windows-7-support/45558-bsod-windows-7-ultimate-please-help-dmp-attached.html that this problem involves a stack overflow condition. The captain insists and even generalizes this to be a problem with all internet security firewalls blocking ports used by windows services. This is not even a 0xc00000005 memory access violation as a the Captain states.

    Frankly captain, I would have to say that you do not know what a 0xc00000005 memory access violation is nor a stack overflow and in general do not know what you are talking about.
     
  5. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321

    Webscaper, thank you for your contributions to windows7forums, and you are much welcome to contribute more. : ) Please feel free to state your opinion but refrain from getting a little personal at other users.
     
  6. webscaper

    webscaper Senior Member

    Joined:
    May 21, 2010
    Messages:
    189
    Likes Received:
    14
    It is one thing for non-technical people to attempt to debug dumps which site a nt kernel driver as the culprit( I realize that WinDbg will site a third party driver less than 10% of the time and driver verifier will find a third party driver less than 5% of the time). But, to divulge false information which does not even make sense and can cause people to uninstall their antivirus or firewall for no reason at all should be exposed once and for all for the propaganda that it is.

    I could care less whether I am welcome at this forum or any other. I would just like to get the facts straight. If it means pointing out the misfacts of another's post then so be it.

    Someone who professes to be specialized in crash dump analysis should not be divulging in that type of banter.
     
    #6 webscaper, Jul 15, 2010
    Last edited: Jul 15, 2010
  7. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Well !! I wish you little more knowledgeable in Crash Dump analysis to much such statement. Appreciate your effort ! ;)
     
  8. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321

    Webscaper, you are not authorized to judge others' skills at this forum. Again, you are very much welcome to windows7forums but please do not get personal at others. Please note that violation of this forum rules for whatever reason will result in permanent ban.
     
  9. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,698
    Likes Received:
    379
    Well said cybercore . We do not allow personal attacks for obvious reasons .

    Rule 2: Conduct: While we welcome critiques and criticism of issues, programs, software, we do not tolerate personal attacks, flame baiting, hate speech, racism, sexism, or other anti-social behavior.

    That is better the other was posted in haste as I rushed out on an errand of mercy !
     
  10. Mr Spangle

    Mr Spangle New Member

    Joined:
    Jul 15, 2010
    Messages:
    16
    Likes Received:
    0
    Wow guys, didn't mean to stir up a storm. Can I work on the assumption that the issue is likely to be the Rt64win7.sys driver?

    Maybe I can prevail on you once more and check out a newer dump to be sure? The machine force-restarted about 30 minutes ago and the dump for it is attached. Don't worry, I'm not going to keep spamming you all with dumps (!) but I just thought maybe a verification would be helpful ... to see if it's the same problem.
     

    Attached Files:

  11. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    As Far i seen it's the same issue with Realtek. And yes it's also possible Avira AntiVir also cause it.

    Code:
    *** WARNING: Unable to verify timestamp for avgntflt.sys
    *** ERROR: Module load completed but symbols could not be loaded for avgntflt.sys
    Good Luck,
    Captain
     
  12. Mr Spangle

    Mr Spangle New Member

    Joined:
    Jul 15, 2010
    Messages:
    16
    Likes Received:
    0
    Thank you very much. Whe I ran System Information I see the RealTek driver is currently stopped / not loaded, not a good sign. I do not see the Ethernet adapter at all in Device Manager (should that happen?) and I must admit I'm not sure which breed of adapter it is, in order to update the driver correctly.
     
  13. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Do you have external Ethernet card or is it comes with the Motherboard ?? If it comes with Motherboard post us the model number we will help you finding it. ;)

    - Captain
     
  14. Mr Spangle

    Mr Spangle New Member

    Joined:
    Jul 15, 2010
    Messages:
    16
    Likes Received:
    0
    It's an internal ethernet card (in a laptop) and this is all the information I can find on it (from the System Information > Software Environment > System Drivers dialog)

    rtl8167 Realtek 8167 NT Driver c:\windows\system32\drivers\rt64win7.sys Kernel Driver No Manual Stopped OK Normal No No
     
  15. webscaper

    webscaper Senior Member

    Joined:
    May 21, 2010
    Messages:
    189
    Likes Received:
    14
    Your problem is Zone alarm. It competes with netio.sys(the telecommunications driver) for stack space and an overflow occurs in the telecommuications stack. Listen to these so-called gurus with no computer background and you will be here for a month or more and never will figure out what the problem is. Just take a look at some of the threads with bsod listed in the title in this forum and you will see what I mean.

    Uninstall Zone Alarm with the removal tool http://download.zonealarm.com/bin/free/support/cpes_clean.exe and get on with it!

    Edit:

    Most of the dumps that come through here are impossible to resolve. The so-called gurus put on a horse and pony show directing you to update drivers and whatnot in an effort to acquire an image of crash dump specialists/analysts and impress the less knowledgeable. They have sort of a fraternity(the less you know the more accepted you are) and bounce around among forums. I would put their success rate at around 10%.
     
    #15 webscaper, Jul 15, 2010
    Last edited: Jul 15, 2010
    1 person likes this.
  16. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Open an elevated (Run as administrator) Command Prompt and type "msinfo32 /nfo C:\Users\Public\Desktop\TEST.NFO" (without the quotes) and press Enter. Then navigate to the C:\Users\Public\Desktop directory to retrieve the TEST.NFO file Zip it and attach it here.

    Good Luck,
    Captain
     
  17. Mr Spangle

    Mr Spangle New Member

    Joined:
    Jul 15, 2010
    Messages:
    16
    Likes Received:
    0
    Thanks, but I found the driver and reinstalled it in the end. Still getting the restart problem though. Maybe that driver issue was a distraction. Maybe I should uninstall Avira/Zonealarm as test?
     
  18. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    First off, any disrespect towards Captain's skills are highly uncalled for. I've personally witnessed him fix a multitude of problems across a number of different forums.

    As my previous post has said, it is possible that ZoneAlarm is the culprit here but far from fact. I would uninstall it after saving the backup for settings within the program, in case you'd like to reinstall it anytime.

    Avira, as stated by Captain, has a chance to be the culprit. There is nothing specifically tying this to be a ZoneAlarm problem besides the network driver being unloaded in the dumps. To blame ZA, there usually calls for a little more than that, like netio.sys errors or vsdatant.sys errors which we are not seeing. Avira should be removed also at this time.

    It is important to install the latest network driver. Open the device manager. Extend the network section. Look at the exact Realtek lan you have, then search for it on the left side of this link. Example : 8111c

    Realtek

    If you don't find it there, then visit your motherboard website for the latest lan driver to install.

    Good luck.
     
  19. webscaper

    webscaper Senior Member

    Joined:
    May 21, 2010
    Messages:
    189
    Likes Received:
    14
    What version of Windbg are you using Captain because there are no warning messages for avgntflt.sys in my version of Windbg which is 6.12. You must be using an older version.

    Here is the analysis I got which is the signature for Zone Alarm causing problems in the
    telecommunication stack.

    Code:
    Microsoft (R) [COLOR=Red]Windows Debugger Version 6.12.0002.633 AMD64[/COLOR]
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Webscaper\AppData\Local\Temp\Rar$DI00.985\071510-31933-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0xfffff800`02c03000 PsLoadedModuleList = 0xfffff800`02e40e50
    Debug session time: Thu Jul 15 13:35:01.945 2010 (UTC - 4:00)
    System Uptime: 0 days 1:47:12.553
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 7F, {8, 80050033, 6f8, fffff80002c3be58}
    
    Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 0000000080050033
    Arg3: 00000000000006f8
    Arg4: fffff80002c3be58
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x7f_8
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    LAST_CONTROL_TRANSFER:  from fffff80002c72b69 to fffff80002c73600
    
    STACK_TEXT:  
    fffff800`00ba4d28 fffff800`02c72b69 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
    fffff800`00ba4d30 fffff800`02c71032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff800`00ba4e70 fffff800`02c3be58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
    fffff880`077e1be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x58
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b2
    fffff800`02c71032 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b2
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb
    
    FAILURE_BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2
    
    BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2
    
    Followup: MachineOwner
    ---------
    
    
     
    #19 webscaper, Jul 15, 2010
    Last edited: Jul 15, 2010
  20. webscaper

    webscaper Senior Member

    Joined:
    May 21, 2010
    Messages:
    189
    Likes Received:
    14
    That warning message just means that the symbol table for the module could not be found on the Microsoft symbol server. Probably because you are using an outdated version of Windbg. It does not mean that the driver is causing a problem. It is an Avira minifilter driver and is not causing a problem.
     
    #20 webscaper, Jul 15, 2010
    Last edited: Jul 15, 2010
Thread Status:
Not open for further replies.

Share This Page

Loading...