My computer restarted unexpectedly. Analazyng the minidump file I could find the following information:
Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Mini090213-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.130307-0422
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Sep 2 11:23:19.233 2013 (UTC + 1:00)
System Uptime: 0 days 4:16:20.408
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 89a27020, 89a27194, 805d22aa}
Unable to load image SYMEVENT.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
Probably caused by : SYMEVENT.SYS ( SYMEVENT+17259 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 89a27020, Terminating object
Arg3: 89a27194, Process image file name
Arg4: 805d22aa, Explanatory message (ascii)
Debugging Details:
------------------
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
PROCESS_OBJECT: 89a27020
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 50346eff
FAULTING_MODULE: 00000000
PROCESS_NAME: procexp.exe
BUGCHECK_STR: 0xF4_procexp.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from 805d13f3 to 804f9f8f
STACK_TEXT:
a7e6bc7c 805d13f3 000000f4 00000003 89a27020 nt!KeBugCheckEx+0x1b
a7e6bca0 805d2355 805d22aa 89a27020 89a27194 nt!PspCatchCriticalBreak+0x75
a7e6bcd0 abe0f259 89a27268 00000001 89a242d0 nt!NtTerminateProcess+0x7d
WARNING: Stack unwind information not available. Following frames may be wrong.
a7e6bd54 8054172c 0000042c 00000001 0012f87c SYMEVENT+0x17259
a7e6bd54 0000042c 0000042c 00000001 0012f87c nt!KiFastCallEntry+0xfc
0000003b 00000000 00000000 00000000 00000000 0x42c
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+17259
abe0f259 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: SYMEVENT+17259
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
FAILURE_BUCKET_ID: 0xF4_procexp.exe_SYMEVENT+17259
BUCKET_ID: 0xF4_procexp.exe_SYMEVENT+17259
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf4_procexp.exe_symevent+17259
FAILURE_ID_HASH: {a1842316-9fa0-966a-2ffe-d7e4869154b4}
Followup: MachineOwner
It seems that the culprit is Symantec but why? could someone help me to understand better the minidump?
Best Regards and thanks in advance.
Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Mini090213-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.130307-0422
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Sep 2 11:23:19.233 2013 (UTC + 1:00)
System Uptime: 0 days 4:16:20.408
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, 89a27020, 89a27194, 805d22aa}
Unable to load image SYMEVENT.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
Probably caused by : SYMEVENT.SYS ( SYMEVENT+17259 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 89a27020, Terminating object
Arg3: 89a27194, Process image file name
Arg4: 805d22aa, Explanatory message (ascii)
Debugging Details:
------------------
----- ETW minidump data unavailable-----
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
PROCESS_OBJECT: 89a27020
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 50346eff
FAULTING_MODULE: 00000000
PROCESS_NAME: procexp.exe
BUGCHECK_STR: 0xF4_procexp.exe
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
LAST_CONTROL_TRANSFER: from 805d13f3 to 804f9f8f
STACK_TEXT:
a7e6bc7c 805d13f3 000000f4 00000003 89a27020 nt!KeBugCheckEx+0x1b
a7e6bca0 805d2355 805d22aa 89a27020 89a27194 nt!PspCatchCriticalBreak+0x75
a7e6bcd0 abe0f259 89a27268 00000001 89a242d0 nt!NtTerminateProcess+0x7d
WARNING: Stack unwind information not available. Following frames may be wrong.
a7e6bd54 8054172c 0000042c 00000001 0012f87c SYMEVENT+0x17259
a7e6bd54 0000042c 0000042c 00000001 0012f87c nt!KiFastCallEntry+0xfc
0000003b 00000000 00000000 00000000 00000000 0x42c
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+17259
abe0f259 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: SYMEVENT+17259
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
FAILURE_BUCKET_ID: 0xF4_procexp.exe_SYMEVENT+17259
BUCKET_ID: 0xF4_procexp.exe_SYMEVENT+17259
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf4_procexp.exe_symevent+17259
FAILURE_ID_HASH: {a1842316-9fa0-966a-2ffe-d7e4869154b4}
Followup: MachineOwner
It seems that the culprit is Symantec but why? could someone help me to understand better the minidump?
Best Regards and thanks in advance.
