My computer restarted unexpectedly. Analazyng the minidump file I could find the following information:
Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Mini090213-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*
http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*
http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.130307-0422
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Sep 2 11:23:19.233 2013 (UTC + 1:00)
System Uptime: 0 days 4:16:20.408
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 89a27020, 89a27194, 805d22aa}
Unable to load image SYMEVENT.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
Probably caused by : SYMEVENT.SYS ( SYMEVENT+17259 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 89a27020, Terminating object
Arg3: 89a27194, Process image file name
Arg4: 805d22aa, Explanatory message (ascii)
Debugging Details:
------------------
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
PROCESS_OBJECT: 89a27020
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 50346eff
FAULTING_MODULE: 00000000
PROCESS_NAME: procexp.exe
BUGCHECK_STR: 0xF4_procexp.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from 805d13f3 to 804f9f8f
STACK_TEXT:
a7e6bc7c 805d13f3 000000f4 00000003 89a27020 nt!KeBugCheckEx+0x1b
a7e6bca0 805d2355 805d22aa 89a27020 89a27194 nt!PspCatchCriticalBreak+0x75
a7e6bcd0 abe0f259 89a27268 00000001 89a242d0 nt!NtTerminateProcess+0x7d
WARNING: Stack unwind information not available. Following frames may be wrong.
a7e6bd54 8054172c 0000042c 00000001 0012f87c SYMEVENT+0x17259
a7e6bd54 0000042c 0000042c 00000001 0012f87c nt!KiFastCallEntry+0xfc
0000003b 00000000 00000000 00000000 00000000 0x42c
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+17259
abe0f259 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: SYMEVENT+17259
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
FAILURE_BUCKET_ID: 0xF4_procexp.exe_SYMEVENT+17259
BUCKET_ID: 0xF4_procexp.exe_SYMEVENT+17259
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf4_procexp.exe_symevent+17259
FAILURE_ID_HASH: {a1842316-9fa0-966a-2ffe-d7e4869154b4}
Followup: MachineOwner
It seems that the culprit is Symantec but why? could someone help me to understand better the minidump?
Best Regards and thanks in advance.
