locked
Windows 7 Crashes RRS feed

  • Question

  • I work IT helpdesk for my company, and just had a user call me about constant crashes with his laptop. I pulled the minidump files as well as a sysdata.xml file from his computer. Can anyone help figure out what is wrong with his machine?

    https://onedrive.live.com/redir?resid=E545FD2F048E5977!120&authkey=!AP52uioMevKfbBI&ithint=file%2czip

    Thursday, January 28, 2016 3:33 PM

Answers

  • Easy the ATI video driver (the installed driver is from 2012)

    Completely remove the current driver and install the newest driver available.  For instructions on how to do that Read all about updating drivers by my partner JMH3143 here http://answers.microsoft.com/en-us/windows/wiki/windows_other-hardware/updating-a-driver/a5e6345e-af9b-4099-bef0-8d22254aa1c1?tm=1436753520149

    Please update this driver from 2008

    dne64x.sys    11/10/2008 8:01:24 PM       

    If you continue to crash remove Kaspersky as it often causes problems like this.

    Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\zigza\Desktop\012816-19999-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*E:\symbols*https://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*E:\symbols*https://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.19110.amd64fre.win7sp1_gdr.151230-0600
    Machine Name:
    Kernel base = 0xfffff800`03012000 PsLoadedModuleList = 0xfffff800`03259730
    Debug session time: Thu Jan 28 10:05:07.698 2016 (UTC - 5:00)
    System Uptime: 0 days 0:36:20.804
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ...........................................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 50, {fffff8a00323f003, 0, fffff8800628ba60, 0}
    
    *** WARNING: Unable to verify timestamp for atikmdag.sys
    *** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
    
    Could not read faulting driver name
    Probably caused by : atikmdag.sys ( atikmdag+20fa60 )
    
    Followup:     MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: fffff8a00323f003, memory referenced.
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
    Arg3: fffff8800628ba60, If non-zero, the instruction address which referenced the bad memory
    	address.
    Arg4: 0000000000000000, (reserved)
    
    Debugging Details:
    ------------------
    
    
    Could not read faulting driver name
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  7601.19110.amd64fre.win7sp1_gdr.151230-0600
    
    SYSTEM_MANUFACTURER:  Hewlett-Packard
    
    SYSTEM_PRODUCT_NAME:  HP EliteBook 8560p
    
    SYSTEM_SKU:  H2X42US#ABA
    
    SYSTEM_VERSION:  A0001D02
    
    BIOS_VENDOR:  Hewlett-Packard
    
    BIOS_VERSION:  68SCF Ver. F.22
    
    BIOS_DATE:  12/22/2011
    
    BASEBOARD_MANUFACTURER:  Hewlett-Packard
    
    BASEBOARD_PRODUCT:  1618
    
    BASEBOARD_VERSION:  KBC Version 97.4A
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: fffff8a00323f003
    
    BUGCHECK_P2: 0
    
    BUGCHECK_P3: fffff8800628ba60
    
    BUGCHECK_P4: 0
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032c3100
    Unable to get MmSystemRangeStart
     fffff8a00323f003 
    
    FAULTING_IP: 
    atikmdag+20fa60
    fffff880`0628ba60 8a1c18          mov     bl,byte ptr [rax+rbx]
    
    MM_INTERNAL_CODE:  0
    
    CPU_COUNT: 4
    
    CPU_MHZ: ae9
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 2a
    
    CPU_STEPPING: 7
    
    CPU_MICROCODE: 6,2a,7,0 (F,M,S,R)  SIG: 1A'00000000 (cache) 1A'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    BUGCHECK_STR:  0x50
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    ANALYSIS_SESSION_HOST:  DESKTOP-DT3LSR8
    
    ANALYSIS_SESSION_TIME:  01-28-2016 14:30:01.0671
    
    ANALYSIS_VERSION: 10.0.10586.567 amd64fre
    
    TRAP_FRAME:  fffff88005d313c0 -- (.trap 0xfffff88005d313c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8a00323ef00 rbx=0000000000000000 rcx=fffff8a003f84580
    rdx=0000000000000011 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800628ba60 rsp=fffff88005d31550 rbp=fffff8a0013ffdc0
     r8=0000000000000012  r9=fffff8a00323ef00 r10=fffff880039d8a20
    r11=fffff8800658bb70 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    atikmdag+0x20fa60:
    fffff880`0628ba60 8a1c18          mov     bl,byte ptr [rax+rbx] ds:fffff8a0`0323ef00=??
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80003102187 to fffff80003085c00
    
    STACK_TEXT:  
    fffff880`05d31258 fffff800`03102187 : 00000000`00000050 fffff8a0`0323f003 00000000`00000000 fffff880`05d313c0 : nt!KeBugCheckEx
    fffff880`05d31260 fffff800`03083d2e : 00000000`00000000 fffff8a0`0323f003 fffff8a0`00000700 00000000`00000103 : nt! ?? ::FNODOBFM::`string'+0x417df
    fffff880`05d313c0 fffff880`0628ba60 : fffff8a0`03f84580 00000000`00000100 fffff8a0`0140dd1c 00000000`00000001 : nt!KiPageFault+0x16e
    fffff880`05d31550 fffff8a0`03f84580 : 00000000`00000100 fffff8a0`0140dd1c 00000000`00000001 fffff8a0`0323ef00 : atikmdag+0x20fa60
    fffff880`05d31558 00000000`00000100 : fffff8a0`0140dd1c 00000000`00000001 fffff8a0`0323ef00 fffff880`062688dc : 0xfffff8a0`03f84580
    fffff880`05d31560 fffff8a0`0140dd1c : 00000000`00000001 fffff8a0`0323ef00 fffff880`062688dc fffff8a0`03f84580 : 0x100
    fffff880`05d31568 00000000`00000001 : fffff8a0`0323ef00 fffff880`062688dc fffff8a0`03f84580 00000000`00000100 : 0xfffff8a0`0140dd1c
    fffff880`05d31570 fffff8a0`0323ef00 : fffff880`062688dc fffff8a0`03f84580 00000000`00000100 fffff8a0`0140de1c : 0x1
    fffff880`05d31578 fffff880`062688dc : fffff8a0`03f84580 00000000`00000100 fffff8a0`0140de1c fffff880`061f4a3f : 0xfffff8a0`0323ef00
    fffff880`05d31580 fffff8a0`03f84580 : 00000000`00000100 fffff8a0`0140de1c fffff880`061f4a3f fffff8a0`013b7f80 : atikmdag+0x1ec8dc
    fffff880`05d31588 00000000`00000100 : fffff8a0`0140de1c fffff880`061f4a3f fffff8a0`013b7f80 00000000`00000000 : 0xfffff8a0`03f84580
    fffff880`05d31590 fffff8a0`0140de1c : fffff880`061f4a3f fffff8a0`013b7f80 00000000`00000000 fffff8a0`0323ef00 : 0x100
    fffff880`05d31598 fffff880`061f4a3f : fffff8a0`013b7f80 00000000`00000000 fffff8a0`0323ef00 fffff880`06268d39 : 0xfffff8a0`0140de1c
    fffff880`05d315a0 fffff8a0`013b7f80 : 00000000`00000000 fffff8a0`0323ef00 fffff880`06268d39 fffff8a0`013ffdf0 : atikmdag+0x178a3f
    fffff880`05d315a8 00000000`00000000 : fffff8a0`0323ef00 fffff880`06268d39 fffff8a0`013ffdf0 fffff8a0`013ffdc0 : 0xfffff8a0`013b7f80
    
    
    STACK_COMMAND:  kb
    
    THREAD_SHA1_HASH_MOD_FUNC:  43958f6460e9fe1623ca397bd4e19cc860b4b032
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  746b1b43086e0bed03d2001db361bba9ccdb982b
    
    THREAD_SHA1_HASH_MOD:  269754bc5761e2ad0ae47cda9d5d7b42c73209e7
    
    FOLLOWUP_IP: 
    atikmdag+20fa60
    fffff880`0628ba60 8a1c18          mov     bl,byte ptr [rax+rbx]
    
    FAULT_INSTR_CODE:  48181c8a
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  atikmdag+20fa60
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: atikmdag
    
    IMAGE_NAME:  atikmdag.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4f751e9b
    
    FAILURE_BUCKET_ID:  X64_0x50_atikmdag+20fa60
    
    BUCKET_ID:  X64_0x50_atikmdag+20fa60
    
    PRIMARY_PROBLEM_CLASS:  X64_0x50_atikmdag+20fa60
    
    TARGET_TIME:  2016-01-28T15:05:07.000Z
    
    OSBUILD:  7601
    
    OSSERVICEPACK:  1000
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 7
    
    OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2015-12-30 12:49:16
    
    BUILDDATESTAMP_STR:  151230-0600
    
    BUILDLAB_STR:  win7sp1_gdr
    
    BUILDOSVER_STR:  6.1.7601.19110.amd64fre.win7sp1_gdr.151230-0600
    
    ANALYSIS_SESSION_ELAPSED_TIME: 944
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0x50_atikmdag+20fa60
    
    FAILURE_ID_HASH:  {faf1c0f4-5e83-de22-c832-25052ec98eae}
    
    Followup:     MachineOwner
    ---------
    
    3: kd> lmvm atikmdag
    Browse full module list
    start             end                 module name
    fffff880`0607c000 fffff880`06b3b000   atikmdag T (no symbols)           
        Loaded symbol image file: atikmdag.sys
        Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
        Image name: atikmdag.sys
        Browse all global symbols  functions  data
        Timestamp:        Thu Mar 29 22:46:51 2012 (4F751E9B)
        CheckSum:         00A6A941
        ImageSize:        00ABF000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    


    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Thursday, January 28, 2016 7:32 PM