Blue Screen - Please help analyzing

N

nil

New member
Local time
1:56 AM
Messages
3
Blue Screen - Please help analyzing. Running Windows 7 64bit on brand new desktop computer, no overclocking or modifications.

WinDBG was run on XP. I installed symbols for Windows 64 and set symbol file path, but somehow WinDbg had problems finding them. I installed Windows_Win7.7600.16385.090713-1255.X64FRE.Symbols.msi

Find dump file attached.

Any ideas, e.g. could it be USB device Problems, e.g. mouse or scanner? 1TB hard disk? Graphic card driver?

Thanks!

- Fabian

----------------------------------------------------------------------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000406f8
Arg4: fffff80002a7c9df

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: nt

FAULTING_MODULE: fffff80002a05000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600

BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80002a76469 to fffff80002a76f00

STACK_TEXT:
fffff880`009efc68 fffff800`02a76469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt+0x71f00
fffff880`009efc70 00000000`0000007f : 00000000`00000008 00000000`80050031 00000000`000406f8 fffff800`02a7c9df : nt+0x71469
fffff880`009efc78 00000000`00000008 : 00000000`80050031 00000000`000406f8 fffff800`02a7c9df 00000000`00000000 : 0x7f
fffff880`009efc80 00000000`80050031 : 00000000`000406f8 fffff800`02a7c9df 00000000`00000000 00000000`00000000 : 0x8
fffff880`009efc88 00000000`000406f8 : fffff800`02a7c9df 00000000`00000000 00000000`00000000 00000000`00000000 : 0x80050031
fffff880`009efc90 fffff800`02a7c9df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x406f8
fffff880`009efc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x779df


STACK_COMMAND: kb

FOLLOWUP_IP:
nt+71f00
fffff800`02a76f00 48894c2408 mov qword ptr [rsp+8],rcx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt+71f00

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntoskrnl.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------
 

My Computer

OS
Windows 7
Please fill out your system spec's completely.
Please upload the information in this post: http://www.sevenforums.com/crash-lockup-debug-how/66913-sf-diagnostic-tool.html

The memory dump doesn't provide much in the way of information. With the information that I requested above, we'll be able to figure out the next steps to take.

Summary of the BSOD:
Code: 
[font=lucida console]  
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Debug session time: Tue Apr 13 11:09:08.340 2010 (GMT-4)
System Uptime: 0 days 0:17:30.010
BugCheck 7F, {8, 80050031, 406f8, fffff80002a7c9df}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
BUGCHECK_STR:  0x7f_8
PROCESS_NAME:  System
[/font]
 

My Computer

Computer Manufacturer/Model Number
Home built (x64), Lenovo x61s Tablet, Samsung Netbook
OS
Win7 x64 + x86
CPU
Intel i7 920, other Intel chips, and the Atom in the netbook
Motherboard
Asus P6T Deluxe
Memory
12 gB; 4 gB Lenovo; 1 gB Samsung netbook
Graphics Card(s)
ATI 4870
Sound Card
Yes, I have one of these
Monitor(s) Displays
32" Sharp Aquos TV
Screen Resolution
800x600 - I have vision issues
Hard Drives
4 - 150 gB Velociraptors in RAID 5
Promise controller
PSU
1000 watt (can't recall the brand)
Case
Antec 300
Cooling
Big honking cooler that was rated highly at Toms Hardware
Keyboard
Microsoft Natural
Mouse
Logitech Trackman
Internet Speed
Cable
Other Info
GeekSquad UPS
CyberPower UPS
DLink DNS-323 NAS (2 tB)
Netgear wireless router as an access point
Netgear wired router FSV-318
Home network consists of
4 desktop computers (2 Vista, 2 Win7)
1 netbook (Win7)
4 laptop computers (XP, 2-Vista, Win7)
Wii and XBox 360
Providing requested information

I had some problems attaching the files ("Upload of file failed."), so here's an external link:
- Requested eventlogs, msinfo32, driverlist, minidumps (small file)
RapidShare: 1-CLICK Web hosting - Easy Filehosting

- Bigger memory.dmp with hopefully more infos (big file)
RapidShare: 1-CLICK Web hosting - Easy Filehosting

I compiled the information manually (sorry, I was reluctant to install programs from unknown source), so please inform me if something is missing or in wrong format.

It would be great if you could find something! I ran a basic memory test with windows memory diagnostic, which found no error.

Many thanks in advance.

- Fabian
 

My Computer

OS
Windows 7
Going from the probably caused line, I see memory corruption and your network drivers. Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder. Boot from the CD, and run at least 5 passes.

Also, update your network card drivers in Device Manager, or uninstall them and install a fresh copy.

Code: 
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\AppData\Local\Temp\Temp1_dumpinfo.zip\dumpinfo\dumps\042010-19671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a57000 PsLoadedModuleList = 0xfffff800`02c94e50
Debug session time: Tue Apr 20 09:15:35.384 2010 (GMT-4)
System Uptime: 0 days 5:06:12.054
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 406f8, fffff80002acd0df}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption

Followup: memory_corruption
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000406f8
Arg4: fffff80002acd0df

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ac6b69 to fffff80002ac7600

STACK_TEXT:  
fffff880`009efc68 fffff800`02ac6b69 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt!KeBugCheckEx
fffff880`009efc70 fffff800`02ac5032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009efdb0 fffff800`02acd0df : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`02f16000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SepAccessCheck+0x1cf


STACK_COMMAND:  kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff80002acd805 - nt!SwapContext_PatchXSave+2
    [ 01:21 ]
    fffff80002acd8e8 - nt!SwapContext_PatchXRstor+2 (+0xe3)
    [ 09:29 ]
    fffff80002acdaa5 - nt!EnlightenedSwapContext_PatchXSave+2 (+0x1bd)
    [ 01:21 ]
    fffff80002acdb8a - nt!EnlightenedSwapContext_PatchXRstor+2 (+0xe5)
    [ 09:29 ]
4 errors : !nt (fffff80002acd805-fffff80002acdb8a)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  ONE_BIT_LARGE

FAILURE_BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

Followup: memory_corruption
---------
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
New Dumps

Hi, I ran Memtest86 over night with 23 passes, and no error.

I also installed new Network drivers (manufactor's instead of Windows default), but the machine keeps crashing.

I uploaded two recent crashes here:
RapidShare: 1-CLICK Web hosting - Easy Filehosting
RapidShare: 1-CLICK Web hosting - Easy Filehosting

Maybe you can find a pattern, of which component is causing the blue screen?

I thought that two dumps should be enough for a start, but I can provide more.

Best regards and thanks

- Fabian
 

My Computer

OS
Windows 7
Last edited:

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
It looks as if ZoneAlarm is causing the issue. Funny, it didn't appear in all the dmps.

Remove ZA and then run this removal tool: http://download.zonealarm.com/bin/free/support/cpes_clean.exe

Replace it with Microsoft Security Essentials.

Code: 
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\AppData\Local\Temp\Temp1_MEMORY.12.05.2010.zip\MEMORY.12.05.2010.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a15000 PsLoadedModuleList = 0xfffff800`02c52e50
Debug session time: Wed May 12 10:10:35.078 2010 (GMT-4)
System Uptime: 0 days 2:42:24.748
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols

Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 406f8, fffff80002a8ac91}

*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 Professional x64
CPU
Intel i7 2600K OC'd @ 4620 MHz
Motherboard
Asus P8Z68-V Pro
Memory
16GB GSkill Sniper 2133 Mhz (4x4GB)
Graphics Card(s)
EVGA GeForce GTX 480 SuperClocked+
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
2x Acer S273HLbmii 27"
Screen Resolution
2 x 1920x1080
Hard Drives
64GB Crucial M4 SSD

Storage: Hitachi 1TB 5400RPM, Samsung 1.5TB 5400RPM
PSU
Corsair HW Series 750w (modular)
Case
Cooler Master HAF 932 Advanced Blue Edition
Cooling
CM Hyper 212+ CPU cooler, 3x 230mm + 1x 140mm case fans
Keyboard
Logitech MK320 (wireless)
Mouse
Logitech MK320 (wireless)
Internet Speed
30 Mb/s : 2 Mb/s
You must log in or register to reply here.
Back
Top