Blue Screen - Please help analyzing


  1. nil
    Posts : 3
    Windows 7
       New #1

    Blue Screen - Please help analyzing


    Blue Screen - Please help analyzing. Running Windows 7 64bit on brand new desktop computer, no overclocking or modifications.

    WinDBG was run on XP. I installed symbols for Windows 64 and set symbol file path, but somehow WinDbg had problems finding them. I installed Windows_Win7.7600.16385.090713-1255.X64FRE.Symbols.msi

    Find dump file attached.

    Any ideas, e.g. could it be USB device Problems, e.g. mouse or scanner? 1TB hard disk? Graphic card driver?

    Thanks!

    - Fabian

    ----------------------------------------------------------------------
    1: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault). The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
    use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
    use .trap on that value
    Else
    .trap on the appropriate frame will show where the trap was taken
    (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 0000000080050031
    Arg3: 00000000000406f8
    Arg4: fffff80002a7c9df

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************
    *************************************************************************
    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***
    *************************************************************************

    ADDITIONAL_DEBUG_TEXT:
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

    MODULE_NAME: nt

    FAULTING_MODULE: fffff80002a05000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600

    BUGCHECK_STR: 0x7f_8

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from fffff80002a76469 to fffff80002a76f00

    STACK_TEXT:
    fffff880`009efc68 fffff800`02a76469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt+0x71f00
    fffff880`009efc70 00000000`0000007f : 00000000`00000008 00000000`80050031 00000000`000406f8 fffff800`02a7c9df : nt+0x71469
    fffff880`009efc78 00000000`00000008 : 00000000`80050031 00000000`000406f8 fffff800`02a7c9df 00000000`00000000 : 0x7f
    fffff880`009efc80 00000000`80050031 : 00000000`000406f8 fffff800`02a7c9df 00000000`00000000 00000000`00000000 : 0x8
    fffff880`009efc88 00000000`000406f8 : fffff800`02a7c9df 00000000`00000000 00000000`00000000 00000000`00000000 : 0x80050031
    fffff880`009efc90 fffff800`02a7c9df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x406f8
    fffff880`009efc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x779df


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt+71f00
    fffff800`02a76f00 48894c2408 mov qword ptr [rsp+8],rcx

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: nt+71f00

    FOLLOWUP_NAME: MachineOwner

    IMAGE_NAME: ntoskrnl.exe

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
    ---------
      My Computer
    Quote Quote

  3. usasma
    Posts : 5,705
    Win7 x64 + x86
       New #2

    Please fill out your system spec's completely.
    Please upload the information in this post: SF Diagnostic Tool

    The memory dump doesn't provide much in the way of information. With the information that I requested above, we'll be able to figure out the next steps to take.

    Summary of the BSOD:
    Code:
      
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Debug session time: Tue Apr 13 11:09:08.340 2010 (GMT-4)
System Uptime: 0 days 0:17:30.010
BugCheck 7F, {8, 80050031, 406f8, fffff80002a7c9df}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
BUGCHECK_STR:  0x7f_8
PROCESS_NAME:  System
      My Computer
    Quote Quote

  4. nil
    Posts : 3
    Windows 7
    Thread Starter
       New #3

    Providing requested information


    I had some problems attaching the files ("Upload of file failed."), so here's an external link:
    - Requested eventlogs, msinfo32, driverlist, minidumps (small file)
    RapidShare: 1-CLICK Web hosting - Easy Filehosting

    - Bigger memory.dmp with hopefully more infos (big file)
    RapidShare: 1-CLICK Web hosting - Easy Filehosting

    I compiled the information manually (sorry, I was reluctant to install programs from unknown source), so please inform me if something is missing or in wrong format.

    It would be great if you could find something! I ran a basic memory test with windows memory diagnostic, which found no error.

    Many thanks in advance.

    - Fabian
      My Computer
    Quote Quote

  6. Jonathan_King
    Posts : 13,354
    Windows 7 Professional x64
       New #4

    Going from the probably caused line, I see memory corruption and your network drivers. Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder. Boot from the CD, and run at least 5 passes.

    Also, update your network card drivers in Device Manager, or uninstall them and install a fresh copy.

    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\AppData\Local\Temp\Temp1_dumpinfo.zip\dumpinfo\dumps\042010-19671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a57000 PsLoadedModuleList = 0xfffff800`02c94e50
Debug session time: Tue Apr 20 09:15:35.384 2010 (GMT-4)
System Uptime: 0 days 5:06:12.054
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 406f8, fffff80002acd0df}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption

Followup: memory_corruption
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000406f8
Arg4: fffff80002acd0df

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ac6b69 to fffff80002ac7600

STACK_TEXT:  
fffff880`009efc68 fffff800`02ac6b69 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt!KeBugCheckEx
fffff880`009efc70 fffff800`02ac5032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009efdb0 fffff800`02acd0df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`02f16000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SepAccessCheck+0x1cf


STACK_COMMAND:  kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff80002acd805 - nt!SwapContext_PatchXSave+2
    [ 01:21 ]
    fffff80002acd8e8 - nt!SwapContext_PatchXRstor+2 (+0xe3)
    [ 09:29 ]
    fffff80002acdaa5 - nt!EnlightenedSwapContext_PatchXSave+2 (+0x1bd)
    [ 01:21 ]
    fffff80002acdb8a - nt!EnlightenedSwapContext_PatchXRstor+2 (+0xe5)
    [ 09:29 ]
4 errors : !nt (fffff80002acd805-fffff80002acdb8a)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  ONE_BIT_LARGE

FAILURE_BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

Followup: memory_corruption
---------
      My Computer
    Quote Quote

  7. nil
    Posts : 3
    Windows 7
    Thread Starter
       New #5

    New Dumps


    Hi, I ran Memtest86 over night with 23 passes, and no error.

    I also installed new Network drivers (manufactor's instead of Windows default), but the machine keeps crashing.

    I uploaded two recent crashes here:
    RapidShare: 1-CLICK Web hosting - Easy Filehosting
    RapidShare: 1-CLICK Web hosting - Easy Filehosting

    Maybe you can find a pattern, of which component is causing the blue screen?

    I thought that two dumps should be enough for a start, but I can provide more.

    Best regards and thanks

    - Fabian
      My Computer
    Quote Quote

  8. Jonathan_King
    Posts : 13,354
    Windows 7 Professional x64
       New #6

    I'll look through them, give me a minute. In the future, could you please upload the dmps to SF instead of RapidShare?

    https://www.sevenforums.com/tutorials...en-forums.html

    Also, please configure your system to create a minidump. Let us know if you need help.

    Attachment 74660
    Last edited by Jonathan_King; 24 May 2010 at 09:30.
      My Computer
    Quote Quote

  10. Jonathan_King
    Posts : 13,354
    Windows 7 Professional x64
       New #7

    It looks as if ZoneAlarm is causing the issue. Funny, it didn't appear in all the dmps.

    Remove ZA and then run this removal tool: http://download.zonealarm.com/bin/fr...cpes_clean.exe

    Replace it with Microsoft Security Essentials.

    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\AppData\Local\Temp\Temp1_MEMORY.12.05.2010.zip\MEMORY.12.05.2010.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a15000 PsLoadedModuleList = 0xfffff800`02c52e50
Debug session time: Wed May 12 10:10:35.078 2010 (GMT-4)
System Uptime: 0 days 2:42:24.748
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 406f8, fffff80002a8ac91}

*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------
      My Computer
    Quote Quote

 

  Related Discussions
Hello, My laptop will not boot. I end up with an empty black screen or a blue screen with no icons, just a cursor. I get choices for 'normal startup' or ' repair' but not safe mode. Any help appreciated.
I've received this error twice in the last 3 days: Win 7,Blue Screen, Driver-IRQL-Not-Less-Or-Equal Can someone please help analyze these dumps?---SEE attached zip file PC-PC-Fri_07_31_2015_195525_97.zip per Forum instructions. I don't recall what I was doing when the Blue Screen...
While using my laptop, usually when trying to open some "windows" application such as task manager, wireless networks, documents, media player, windows updater etc. my laptop freezes or doesn't allow me to click on anything except the minus button on all my windows and the start button. I'll try to...
Well i had my computer on all day since i woke up @ 8 in the morning gaming and what not. It had finally crashed on me while i was playing dirt 2 a couple of mins ago. I had fixed all my previouse blue screen problems by not using any AMD OverDrive Settings for my Radeon HD 4850. My specs...
Hello, I have an HP Pavilion g series laptop (running win7) that is in a continuous restarting loop. This happened after the computer auto updated (windows update). I do not know what was updated, but now every time the laptop starts up it seems to be in a continuous rebooting loop after the...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:16.
Find Us