Brand new machine, unexpected shutdowns

Status
Not open for further replies.
#1
My new win 7 64-bit machine (HP DM4) has on several occasions shutdown unexpectedly. There seems to be nothing obvious causing it (at least to me) and I am no good at reading the minidump. Can anyone look at my minidump file and suggest a likely cause. File is attached. Thank you!
 


Attachments

Captain Jack

Extraordinary Member
#2
My new win 7 64-bit machine (HP DM4) has on several occasions shutdown unexpectedly. There seems to be nothing obvious causing it (at least to me) and I am no good at reading the minidump. Can anyone look at my minidump file and suggest a likely cause. File is attached. Thank you!
Hello and Welcome !!

First thing i would recommend to do is to remove your Network Driver and reinstall it. Realtek seems like the Rt64win7.sys is a Realtek NIC driver is not loaded properly.

Run some Hardware Diagnostic - Follow this thread for instructions Hardware Diagnostic !!

Also i see a service exception that is usually caused by Internet security i.e. AVIRA i would recommend to uninstall it and make sure you clear the left over entries follow this link for instructions BSOD vs. Internet Security !!

Code:
[FONT=Book Antiqua][COLOR=Navy]Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Thu Jul 15 10:03:47.324 2010 (GMT+6)
System Uptime: 3 days 1:52:57.931
BUGCHECK_STR:  0x7f_8
PROCESS_NAME:  System[/COLOR][/FONT]
Hope this helps,
Captain
 


#3
Based on the fact that the network driver is unloaded in the driver list, I'd say there's a fair chance that ZoneAlarm could be the cause. If Captain's accurate suggestion doesn't alleviate the bsod, I would uninstall this next.
 


#4
This is unbelievable! I just showed you in these prior two threads: http://windows7forums.com/windows-7-support/45522-new-blue-screen-error.html and http://windows7forums.com/windows-7...dows-7-ultimate-please-help-dmp-attached.html that this problem involves a stack overflow condition. The captain insists and even generalizes this to be a problem with all internet security firewalls blocking ports used by windows services. This is not even a 0xc00000005 memory access violation as a the Captain states.

Frankly captain, I would have to say that you do not know what a 0xc00000005 memory access violation is nor a stack overflow and in general do not know what you are talking about.
 


#5
Frankly captain, I would have to say that you do not know what a 0xc00000005 memory access violation is nor a stack overflow and in general do not know what you are talking about.

Webscaper, thank you for your contributions to windows7forums, and you are much welcome to contribute more. : ) Please feel free to state your opinion but refrain from getting a little personal at other users.
 


#6
Webscaper, thank you for your contributions to windows7forums, and you are much welcome to contribute more. : ) Please feel free to state your opinion but refrain from getting a little personal at other users.
It is one thing for non-technical people to attempt to debug dumps which site a nt kernel driver as the culprit( I realize that WinDbg will site a third party driver less than 10% of the time and driver verifier will find a third party driver less than 5% of the time). But, to divulge false information which does not even make sense and can cause people to uninstall their antivirus or firewall for no reason at all should be exposed once and for all for the propaganda that it is.

I could care less whether I am welcome at this forum or any other. I would just like to get the facts straight. If it means pointing out the misfacts of another's post then so be it.

Someone who professes to be specialized in crash dump analysis should not be divulging in that type of banter.
 


Last edited:

Captain Jack

Extraordinary Member
#7
It is one thing for non-technical people to attempt to debug dumps which site a nt kernel driver as the culprit( I realize that WinDbg will site a third party driver less than 10% of the time and driver verifier will find a third party driver less than 5% of the time). But, to divulge false information which does not even make sense and can cause people to uninstall their antivirus or firewall for no reason at all should be exposed once and for all for the propaganda that it is.

I could care less whether I am welcome at this forum or any other. I would just like to get the facts straight. If it means pointing out the misfacts of another's post then so be it.

Someone who professes to be specialized in crash dump analysis should not be divulging in that type of banter.
Well !! I wish you little more knowledgeable in Crash Dump analysis to much such statement. Appreciate your effort ! ;)
 


#8
It is one thing for non-technical people to attempt to debug dumps which site a nt kernel driver as the culprit( I realize that WinDbg will site a third party driver less than 10% of the time and driver verifier will find a third party driver less than 5% of the time). But, to divulge false information which does not even make sense and can cause people to uninstall their antivirus or firewall for no reason at all should be exposed once and for all for the propaganda that it is.

I could care less whether I am welcome at this forum or any other. I would just like to get the facts straight. If it means pointing out the misfacts of another's post then so be it.

Someone who professes to be specialized in crash dump analysis should not be divulging in that type of banter.

Webscaper, you are not authorized to judge others' skills at this forum. Again, you are very much welcome to windows7forums but please do not get personal at others. Please note that violation of this forum rules for whatever reason will result in permanent ban.
 


whoosh

Cooler King
Staff member
Premium Supporter
#9
Webscaper, you are not authorized to judge others' skills at this forum. Again, you are very much welcome to windows7forums but please do not get personal at others. Please note that violation of this forum rules for whatever reason will result in permanent ban.
Well said cybercore . We do not allow personal attacks for obvious reasons .

Rule 2: Conduct: While we welcome critiques and criticism of issues, programs, software, we do not tolerate personal attacks, flame baiting, hate speech, racism, sexism, or other anti-social behavior.

That is better the other was posted in haste as I rushed out on an errand of mercy !
 


#10
Wow guys, didn't mean to stir up a storm. Can I work on the assumption that the issue is likely to be the Rt64win7.sys driver?

Maybe I can prevail on you once more and check out a newer dump to be sure? The machine force-restarted about 30 minutes ago and the dump for it is attached. Don't worry, I'm not going to keep spamming you all with dumps (!) but I just thought maybe a verification would be helpful ... to see if it's the same problem.
 


Attachments

Captain Jack

Extraordinary Member
#11
Wow guys, didn't mean to stir up a storm. Can I work on the assumption that the issue is likely to be the Rt64win7.sys driver?

Maybe I can prevail on you once more and check out a newer dump to be sure? The machine force-restarted about 30 minutes ago and the dump for it is attached. Don't worry, I'm not going to keep spamming you all with dumps (!) but I just thought maybe a verification would be helpful ... to see if it's the same problem.
As Far i seen it's the same issue with Realtek. And yes it's also possible Avira AntiVir also cause it.

Code:
*** WARNING: Unable to verify timestamp for avgntflt.sys
*** ERROR: Module load completed but symbols could not be loaded for avgntflt.sys
Good Luck,
Captain
 


#12
Thank you very much. Whe I ran System Information I see the RealTek driver is currently stopped / not loaded, not a good sign. I do not see the Ethernet adapter at all in Device Manager (should that happen?) and I must admit I'm not sure which breed of adapter it is, in order to update the driver correctly.
 


Captain Jack

Extraordinary Member
#13
Do you have external Ethernet card or is it comes with the Motherboard ?? If it comes with Motherboard post us the model number we will help you finding it. ;)

- Captain
 


#14
It's an internal ethernet card (in a laptop) and this is all the information I can find on it (from the System Information > Software Environment > System Drivers dialog)

rtl8167 Realtek 8167 NT Driver c:\windows\system32\drivers\rt64win7.sys Kernel Driver No Manual Stopped OK Normal No No
 


#15
Your problem is Zone alarm. It competes with netio.sys(the telecommunications driver) for stack space and an overflow occurs in the telecommuications stack. Listen to these so-called gurus with no computer background and you will be here for a month or more and never will figure out what the problem is. Just take a look at some of the threads with bsod listed in the title in this forum and you will see what I mean.

Uninstall Zone Alarm with the removal tool http://download.zonealarm.com/bin/free/support/cpes_clean.exe and get on with it!

Edit:

Most of the dumps that come through here are impossible to resolve. The so-called gurus put on a horse and pony show directing you to update drivers and whatnot in an effort to acquire an image of crash dump specialists/analysts and impress the less knowledgeable. They have sort of a fraternity(the less you know the more accepted you are) and bounce around among forums. I would put their success rate at around 10%.
 


Last edited:

Captain Jack

Extraordinary Member
#16
It's an internal ethernet card (in a laptop) and this is all the information I can find on it (from the System Information > Software Environment > System Drivers dialog)

rtl8167 Realtek 8167 NT Driver c:\windows\system32\drivers\rt64win7.sys Kernel Driver No Manual Stopped OK Normal No No
Open an elevated (Run as administrator) Command Prompt and type "msinfo32 /nfo C:\Users\Public\Desktop\TEST.NFO" (without the quotes) and press Enter. Then navigate to the C:\Users\Public\Desktop directory to retrieve the TEST.NFO file Zip it and attach it here.

Good Luck,
Captain
 


#17
Thanks, but I found the driver and reinstalled it in the end. Still getting the restart problem though. Maybe that driver issue was a distraction. Maybe I should uninstall Avira/Zonealarm as test?
 


#18
First off, any disrespect towards Captain's skills are highly uncalled for. I've personally witnessed him fix a multitude of problems across a number of different forums.

As my previous post has said, it is possible that ZoneAlarm is the culprit here but far from fact. I would uninstall it after saving the backup for settings within the program, in case you'd like to reinstall it anytime.

Avira, as stated by Captain, has a chance to be the culprit. There is nothing specifically tying this to be a ZoneAlarm problem besides the network driver being unloaded in the dumps. To blame ZA, there usually calls for a little more than that, like netio.sys errors or vsdatant.sys errors which we are not seeing. Avira should be removed also at this time.

It is important to install the latest network driver. Open the device manager. Extend the network section. Look at the exact Realtek lan you have, then search for it on the left side of this link. Example : 8111c

Realtek

If you don't find it there, then visit your motherboard website for the latest lan driver to install.

Good luck.
 


#19
As Far i seen it's the same issue with Realtek. And yes it's also possible Avira AntiVir also cause it.

Code:
*** WARNING: Unable to verify timestamp for avgntflt.sys
*** ERROR: Module load completed but symbols could not be loaded for avgntflt.sys
Good Luck,
Captain
What version of Windbg are you using Captain because there are no warning messages for avgntflt.sys in my version of Windbg which is 6.12. You must be using an older version.

Here is the analysis I got which is the signature for Zone Alarm causing problems in the
telecommunication stack.

Code:
Microsoft (R) [COLOR=Red]Windows Debugger Version 6.12.0002.633 AMD64[/COLOR]
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Webscaper\AppData\Local\Temp\Rar$DI00.985\071510-31933-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02c03000 PsLoadedModuleList = 0xfffff800`02e40e50
Debug session time: Thu Jul 15 13:35:01.945 2010 (UTC - 4:00)
System Uptime: 0 days 1:47:12.553
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050033, 6f8, fffff80002c3be58}

Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050033
Arg3: 00000000000006f8
Arg4: fffff80002c3be58

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002c72b69 to fffff80002c73600

STACK_TEXT:  
fffff800`00ba4d28 fffff800`02c72b69 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
fffff800`00ba4d30 fffff800`02c71032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`00ba4e70 fffff800`02c3be58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`077e1be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x58


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiDoubleFaultAbort+b2
fffff800`02c71032 90              nop

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiDoubleFaultAbort+b2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

FAILURE_BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2

BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2

Followup: MachineOwner
---------
 


Last edited:
#20
That warning message just means that the symbol table for the module could not be found on the Microsoft symbol server. Probably because you are using an outdated version of Windbg. It does not mean that the driver is causing a problem. It is an Avira minifilter driver and is not causing a problem.
 


Last edited:
Status
Not open for further replies.
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.