Windows 7 Windows 2008 R2 BSOD help please!

[renoux]

Hi. I need help with a BSOD.
It is on a Windows 2008 R2 Standard server.
I have started receiving the BSOD one month apart for the last 3 months. I am unable to confirm if the error is hardware or software related and would be very happy if someone can confirm what exactly I need to be looking for. Minidump as follows:
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See OSR Online - The Home Page for Windows Driver Developers for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7601.24117.amd64fre.win7sp1_ldr_escrow.180422-1430
Machine Name:
Kernel base = 0xfffff800`01e0e000 PsLoadedModuleList = 0xfffff800`0204dc90
Debug session time: Thu May 17 22:04:16.551 2018 (UTC - 4:00)
System Uptime: 9 days 0:29:23.409
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000005, Generic Error
Arg2: fffffa800d46d028, Address of the WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

BUGCHECK_STR: 0x124_GenuineIntel

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER

PROCESS_NAME: System

CURRENT_IRQL: f

STACK_TEXT:
fffff880`01f00d38 fffff800`024039ef : 00000000`00000124 00000000`00000005 fffffa80`0d46d028 00000000`00000000 : nt!KeBugCheckEx
fffff880`01f00d40 fffff800`01fa5c8f : 00000000`00000001 fffffa80`0d470000 00000000`00000000 00000000`00000000 : hal!HalBugCheckSystem+0x1e3
fffff880`01f00d80 fffff800`023fd716 : fffffa80`00002140 fffffa80`0d27fbf0 fffff880`01f00e70 fffff800`0241a490 : nt!WheaReportHwError+0x26f
fffff880`01f00de0 fffff800`01f282f4 : fffff880`01f00fb0 00000000`00000001 00000000`00000001 00000000`00000000 : hal!HalHandleNMI+0x66
fffff880`01f00e10 fffff800`01ebcb02 : fffff880`01ef2180 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiProcessNMI+0x184
fffff880`01f00e70 fffff800`01ebc8df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxNmiInterrupt+0x82
fffff880`01f00fb0 fffff800`0240e762 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiNmiInterrupt+0x45f
fffff880`01f21b68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalProcessorIdle+0x2


STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: GenuineIntel

IMAGE_NAME: GenuineIntel

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_MEMORY__UNKNOWN

BUCKET_ID: X64_0x124_GenuineIntel_MEMORY__UNKNOWN

Followup: MachineOwner
---------

Thank you. Any help would be appreciated!

p.s Please see minidump attached

 

[Neemobeer]

So I ran the following
!errrec fffffa800d478028 which gives the whea record
===============================================================================
Common Platform Error Record @ fffffa800d478028
-------------------------------------------------------------------------------
Record Id : 01d34ef1f14bf444
Severity : Fatal (1)
Length : 273
Creator : Microsoft
Notify Type : Generic
Timestamp : 10/30/2017 1:31:34 (UTC)
Flags : 0x00000000

===============================================================================
Section 0 : Memory
-------------------------------------------------------------------------------
Descriptor @ fffffa800d4780a8
Section @ fffffa800d4780f0
Offset : 200
Length : 73
Flags : 0x00000001 Primary
Severity : Fatal

Error Status : 0x0000000000000400
Node : 0x0000
Card : 0x0000
Module : 0x0000
Device : 0x0000

From that I checked the content of memory at the descriptor
db fffffa800d4780a8-100 fffffa800d4780a8+100 (blurp from the output)

Interesting bits from the following
fffffa80`0d478028 43 50 45 52 10 02 ff ff-ff ff 01 00 01 00 00 00 CPER............
fffffa80`0d478038 02 00 00 00 11 01 00 00-22 1f 01 00 1e 0a 11 14 ........".......
fffffa80`0d478048 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffffa80`0d478058 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffffa80`0d478068 bd c4 07 cf 89 b7 18 4e-b3 c4 1f 73 2c b5 71 31 .......N...s,.q1
fffffa80`0d478078 67 a4 62 3e 40 ab 9a 40-a6 98 f3 62 d4 64 b3 8f g.b>@[email protected]..
fffffa80`0d478088 44 f4 4b f1 f1 4e d3 01-00 00 00 00 45 52 00 00 D.K..N......ER..
fffffa80`0d478098 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffffa80`0d4780a8 c8 00 00 00 49 00 00 00-01 02 00 00 01 00 00 00 ....I...........
fffffa80`0d4780b8 14 11 bc a5 64 6f de 4e-b8 63 3e 83 ed 7c 83 b1 ....do.N.c>..|..
fffffa80`0d4780c8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffffa80`0d4780d8 01 00 00 00 53 6c 6f 74-20 33 38 00 00 00 00 00 ....Slot 38.....
fffffa80`0d4780e8 00 00 00 00 00 00 00 00-b9 00 00 00 00 00 00 00 ................
fffffa80`0d4780f8 00 04 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffffa80`0d478108 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

CPER is a record format for ACPI Specifications | Unified Extensible Firmware Interface Forum
So Slot 38 would identify a device. I'm not quite sure how to determine the device name from the slot # yet.

 

[kemical]

I missed the above when running the command but did see Avast running on 2 out of the 4 dumps around the time of bsod. Might be worth removing to see if it helps