Hi Folks,
I have a a HP 6735b laptop which is blue screening intermittently when the wireless LAN is running. This machine blue screens and upon reboot Windows displays the error below:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.4
Locale ID: 2057
Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 97758AC5
BCP3: 8CA68C54
BCP4: 8CA68830
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\051210-54491-01.dmp
C:\Users\XXXXX\AppData\Local\Temp\WER-95316-0.sysdata.xml
I have taken the usual troubleshooting steps including reinstall of SEP (using Clean Wipe), remove and install LAN & wireless drivers, Chkdisk, Memtest, etc but to no avail.
Going through the Connect forums the recommended SEP version for Windows 7 is 11.0.5002.333 which we are currently running. The Symantec KB's point to issues with Symevent.sys & Windows 7 but no mention of the teefer2.sys driver.
I have debugged the dmp files using the Windows driver debugging tools and the output is included below.
I would be grateful for any input on this problem as several other hp laptops are also displaying this problem.
Many Thanks.
Laptop Specs:
-
AMD Turion X2 Ultra Dual Core Mobile ZM-86 2.40 GHz
-
Ram - 3Gb
-
OS - Windows 7 Enterprise (32 bit)
-
A/V - Symantec Endpoint Protection (Unmanaged) 11.0.5002.333
Windows Debugging Output:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\XXXX\Desktop\071310-52010-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0x82c3c000 PsLoadedModuleList = 0x82d84810
Debug session time: Tue Jul 13 15:55:07.034 2010 (UTC + 1:00)
System Uptime: 0 days 6:59:30.016
Loading Kernel Symbols
...............................................................
................................................................
...............................................................
Loading User Symbols
Loading unloaded module list
......................
Unable to load image \SystemRoot\system32\DRIVERS\teefer2.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for teefer2.sys
*** ERROR: Module load completed but symbols could not be loaded for teefer2.sys
ERROR: FindPlugIns 80070005
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, a9407ac5, 8cb9fc54, 8cb9f830}
Probably caused by : teefer2.sys ( teefer2+4ac5 )
Followup: MachineOwner
---------
0: kd> !analyze -v
ERROR: FindPlugIns 80070005
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: a9407ac5, The address that the exception occurred at
Arg3: 8cb9fc54, Exception Record Address
Arg4: 8cb9f830, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
teefer2+4ac5
a9407ac5 8b770c mov esi,dword ptr [edi+0Ch]
EXCEPTION_RECORD: 8cb9fc54 -- (.exr 0xffffffff8cb9fc54)
ExceptionAddress: a9407ac5 (teefer2+0x00004ac5)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 20227271
Attempt to read from address 20227271
CONTEXT: 8cb9f830 -- (.cxr 0xffffffff8cb9f830)
eax=00000000 ebx=00000001 ecx=00000357 edx=a940f042 esi=b4d80520 edi=20227265
eip=a9407ac5 esp=8cb9fd1c ebp=82c08700 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
teefer2+0x4ac5:
a9407ac5 8b770c mov esi,dword ptr [edi+0Ch] ds:0023:20227271=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 20227271
READ_ADDRESS: GetPointerFromAddress: unable to read from 82da4718
Unable to read MiSystemVaType memory at 82d84160
20227271
FOLLOWUP_IP:
teefer2+4ac5
a9407ac5 8b770c mov esi,dword ptr [edi+0Ch]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from a9407c18 to a9407ac5
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
8cb9fd24 a9407c18 00000000 8ac0dc13 86aa1000 teefer2+0x4ac5
00000000 00000000 00000000 00000000 00000000 teefer2+0x4c18
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: teefer2+4ac5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: teefer2
IMAGE_NAME: teefer2.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a0b1eba
STACK_COMMAND: .cxr 0xffffffff8cb9f830 ; kb
FAILURE_BUCKET_ID: 0x7E_teefer2+4ac5
BUCKET_ID: 0x7E_teefer2+4ac5
Followup: MachineOwner
---------