My new win 7 64-bit machine (HP DM4) has on several occasions shutdown unexpectedly. There seems to be nothing obvious causing it (at least to me) and I am no good at reading the minidump. Can anyone look at my minidump file and suggest a likely cause. File is attached. Thank you!
[FONT=Book Antiqua][COLOR=Navy]Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Thu Jul 15 10:03:47.324 2010 (GMT+6)
System Uptime: 3 days 1:52:57.931
BUGCHECK_STR: 0x7f_8
PROCESS_NAME: System[/COLOR][/FONT]
Frankly captain, I would have to say that you do not know what a 0xc00000005 memory access violation is nor a stack overflow and in general do not know what you are talking about.
Webscaper, thank you for your contributions to windows7forums, and you are much welcome to contribute more. : ) Please feel free to state your opinion but refrain from getting a little personal at other users.
It is one thing for non-technical people to attempt to debug dumps which site a nt kernel driver as the culprit( I realize that WinDbg will site a third party driver less than 10% of the time and driver verifier will find a third party driver less than 5% of the time). But, to divulge false information which does not even make sense and can cause people to uninstall their antivirus or firewall for no reason at all should be exposed once and for all for the propaganda that it is.
I could care less whether I am welcome at this forum or any other. I would just like to get the facts straight. If it means pointing out the misfacts of another's post then so be it.
Someone who professes to be specialized in crash dump analysis should not be divulging in that type of banter.
It is one thing for non-technical people to attempt to debug dumps which site a nt kernel driver as the culprit( I realize that WinDbg will site a third party driver less than 10% of the time and driver verifier will find a third party driver less than 5% of the time). But, to divulge false information which does not even make sense and can cause people to uninstall their antivirus or firewall for no reason at all should be exposed once and for all for the propaganda that it is.
I could care less whether I am welcome at this forum or any other. I would just like to get the facts straight. If it means pointing out the misfacts of another's post then so be it.
Someone who professes to be specialized in crash dump analysis should not be divulging in that type of banter.
Webscaper, you are not authorized to judge others' skills at this forum. Again, you are very much welcome to windows7forums but please do not get personal at others. Please note that violation of this forum rules for whatever reason will result in permanent ban.
Wow guys, didn't mean to stir up a storm. Can I work on the assumption that the issue is likely to be the Rt64win7.sys driver?
Maybe I can prevail on you once more and check out a newer dump to be sure? The machine force-restarted about 30 minutes ago and the dump for it is attached. Don't worry, I'm not going to keep spamming you all with dumps (!) but I just thought maybe a verification would be helpful ... to see if it's the same problem.
*** WARNING: Unable to verify timestamp for avgntflt.sys
*** ERROR: Module load completed but symbols could not be loaded for avgntflt.sys
It's an internal ethernet card (in a laptop) and this is all the information I can find on it (from the System Information > Software Environment > System Drivers dialog)
rtl8167 Realtek 8167 NT Driver c:\windows\system32\drivers\rt64win7.sys Kernel Driver No Manual Stopped OK Normal No No
As Far i seen it's the same issue with Realtek. And yes it's also possible Avira AntiVir also cause it.
Good Luck,Code:*** WARNING: Unable to verify timestamp for avgntflt.sys *** ERROR: Module load completed but symbols could not be loaded for avgntflt.sys
Captain
Microsoft (R) [COLOR=Red]Windows Debugger Version 6.12.0002.633 AMD64[/COLOR]
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Webscaper\AppData\Local\Temp\Rar$DI00.985\071510-31933-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02c03000 PsLoadedModuleList = 0xfffff800`02e40e50
Debug session time: Thu Jul 15 13:35:01.945 2010 (UTC - 4:00)
System Uptime: 0 days 1:47:12.553
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050033, 6f8, fffff80002c3be58}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050033
Arg3: 00000000000006f8
Arg4: fffff80002c3be58
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002c72b69 to fffff80002c73600
STACK_TEXT:
fffff800`00ba4d28 fffff800`02c72b69 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
fffff800`00ba4d30 fffff800`02c71032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`00ba4e70 fffff800`02c3be58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`077e1be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x58
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`02c71032 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------