need your help guys! another bsod problem...


  1. zuplado
    Posts : 2
    windows 7 home premium
       New #1

    need your help guys! another bsod problem...


    Hi guys.

    im having trouble with my computer. something about tcpip.sys. please please help me... heres the details. thanks.

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7600.2.0.0.768.3
    Locale ID: 13321

    Additional information about the problem:
    BCCode: d1
    BCP1: 0000000000000041
    BCP2: 0000000000000008
    BCP3: 0000000000000001
    BCP4: FFFFFA80052BDF00
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\011811-16723-01.dmp
    C:\Users\Jamie Sophia\AppData\Local\Temp\WER-31325-0.sysdata.xml
      My Computer
    Quote Quote

  3. CarlTR6
    Posts : 11,990
    Windows 7 Ultimate 32 bit
       New #2

    Hi, zuplado; and welcome to the forum. tcpip.sys is a Windows system connectivity driver and is very unlikely to be the real cause. A tcpip.sys error can be caused by a third party antivirus program. I recommend that you uninstall AVG using this removal tool: Tool (64 bit). If you have AVG Identity Protection installed, remove it with this tool: Tool. AVG is a known cause of BSOD's on some Win 7 systems. Download and install Microsoft Security Essentials in its place. One of the dumps indicates AVG was involved in the crash.
    Bugcheck 1E, KMODE_EXCEPTION_NOT_HANDLED. Usual causes: Device driver, hardware, System service, compatibility, Remote control programs, memory, BIOS.

    Bugcheck 50,PAGE_FAULT_IN_NONPAGED_AREA. Usual causes: Defective hardware (particularly memory - but not just RAM), Faulty system service, Antivirus, Device driver, NTFS corruption, BIOS.

    Bugcheck D1 (2X), DRIVER_IRQL_NOT_LESS_OR_EQUAL. Usual causes: Device driver.

    After you uninstall AVG and install MSE, reboot and see how your system does. Please post back and let us know. If you get anohter BSOD, upload it and we will go from there.
    Code:
    Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03604000 PsLoadedModuleList = 0xfffff800`03841e50
Debug session time: Tue Jan 11 02:50:42.894 2011 (GMT-5)
System Uptime: 0 days 0:09:31.814
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc000001d, fffff80004be70a0, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!KipFatalFilter+1b )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc000001d, The exception code that was not handled
Arg2: fffff80004be70a0, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION}  Illegal Instruction  An attempt was made to execute an illegal instruction.

FAULTING_IP: 
+52de952f01b4dab8
fffff800`04be70a0 c87fbe04        enter   0BE7Fh,4

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000000

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x1E

PROCESS_NAME:  System

CURRENT_IRQL:  2

EXCEPTION_RECORD:  fffff80004be7fc8 -- (.exr 0xfffff80004be7fc8)
Cannot read Exception record @ fffff80004be7fc8

TRAP_FRAME:  fffff80004be8070 -- (.trap 0xfffff80004be8070)
Unable to read trap frame at fffff800`04be8070

LAST_CONTROL_TRANSFER:  from fffff80003706b2b to fffff80003675f00

FAILED_INSTRUCTION_ADDRESS: 
+52de952f01b4dab8
fffff800`04be70a0 c87fbe04        enter   0BE7Fh,4

STACK_TEXT:  
fffff800`04be6fe8 fffff800`03706b2b : 00000000`0000001e ffffffff`c000001d fffff800`04be70a0 00000000`00000000 : nt!KeBugCheckEx
fffff800`04be6ff0 fffff800`036c9390 : fffffa80`03f32d70 fffffa80`04030102 fffffa80`054d3ec0 fffff880`1008b907 : nt!KipFatalFilter+0x1b
fffff800`04be7030 fffff800`036a44dc : fffffa80`03cd5000 fffff880`1014759e fffffa80`03cfe290 fffffa80`03cfe290 : nt! ?? ::FNODOBFM::`string'+0x95d
fffff800`04be7070 fffff800`0369bbed : fffff800`037bc470 fffff800`04be9160 00000000`00000000 fffff800`03604000 : nt!_C_specific_handler+0x8c
fffff800`04be70e0 fffff800`036a3250 : fffff800`037bc470 fffff800`04be7158 fffff800`04be7fc8 fffff800`03604000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`04be7110 fffff800`036b01b5 : fffff800`04be7fc8 fffff800`04be7820 fffff800`00000000 00000000`00000005 : nt!RtlDispatchException+0x410
fffff800`04be77f0 fffff800`03675542 : fffff800`04be7fc8 00000000`00000000 fffff800`04be8070 fffffa80`04b6aa88 : nt!KiDispatchException+0x135
fffff800`04be7e90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KipFatalFilter+1b
fffff800`03706b2b cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!KipFatalFilter+1b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_0x1E_BAD_IP_nt!KipFatalFilter+1b

BUCKET_ID:  X64_0x1E_BAD_IP_nt!KipFatalFilter+1b

Followup: MachineOwner
---------

Debug session time: Wed Jan 12 20:28:23.153 2011 (GMT-5)
System Uptime: 0 days 0:17:13.698
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffffffffffffffda, 1, fffff8000367900c, 0}

Unable to load image \SystemRoot\system32\DRIVERS\avgtdia.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for avgtdia.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys

Could not read faulting driver name
Probably caused by : tdx.sys ( tdx!TdxDeactivateTransportAddress+1a6 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffffffffffffda, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff8000367900c, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800038aa0e0
 ffffffffffffffda 

FAULTING_IP: 
nt!ObfDereferenceObject+2c
fffff800`0367900c f0480fc11f      lock xadd qword ptr [rdi],rbx

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880031af390 -- (.trap 0xfffff880031af390)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000000000000a
rdx=fffffa80062e9101 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000367900c rsp=fffff880031af520 rbp=0000000000000001
 r8=fffffa80062e9100  r9=0000000000000260 r10=fffffa80062e9020
r11=fffffa80062e9380 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt!ObfDereferenceObject+0x2c:
fffff800`0367900c f0480fc11f      lock xadd qword ptr [rdi],rbx ds:9080:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800036f31e4 to fffff80003673f00

STACK_TEXT:  
fffff880`031af228 fffff800`036f31e4 : 00000000`00000050 ffffffff`ffffffda 00000000`00000001 fffff880`031af390 : nt!KeBugCheckEx
fffff880`031af230 fffff800`03671fee : 00000000`00000001 ffffffff`ffffffff fffff880`031af600 fffffa80`0504da98 : nt! ?? ::FNODOBFM::`string'+0x42907
fffff880`031af390 fffff800`0367900c : 00000000`00000000 fffffa80`062e9380 00000000`00000001 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`031af520 fffff880`0164ef21 : 00000000`00000001 fffffa80`057fddb0 00000000`00000000 00000000`00000001 : nt!ObfDereferenceObject+0x2c
fffff880`031af580 fffff880`0164f20b : fffffa80`0407eec0 00000000`00000000 fffffa80`0407eec0 00000000`00000000 : tcpip!UdpCleanupEndpointWorkQueueRoutine+0xd1
fffff880`031af5d0 fffff880`0188ead6 : fffffa80`04019ad0 00000000`00000000 fffffa80`04019ad0 fffffa80`04019ad0 : tcpip!UdpCloseEndpoint+0x9b
fffff880`031af650 fffff880`018901d5 : 00000000`00000000 fffffa80`04019ad0 fffffa80`03ccf040 00000000`00000000 : tdx!TdxDeactivateTransportAddress+0x1a6
fffff880`031af710 fffff880`01890949 : 00000000`00000000 fffffa80`06702b60 fffffa80`0504b890 00000000`00000000 : tdx!TdxDeleteTransportAddress+0x25
fffff880`031af740 fffff880`02cf9b56 : fffffa80`052b2e10 fffffa80`03ccf040 00000000`00000000 00000000`00000000 : tdx!TdxTdiDispatchCleanup+0x49
fffff880`031af770 fffffa80`052b2e10 : fffffa80`03ccf040 00000000`00000000 00000000`00000000 fffffa80`052b2e10 : avgtdia+0x4b56
fffff880`031af778 fffffa80`03ccf040 : 00000000`00000000 00000000`00000000 fffffa80`052b2e10 fffff800`0398768f : 0xfffffa80`052b2e10
fffff880`031af780 00000000`00000000 : 00000000`00000000 fffffa80`052b2e10 fffff800`0398768f 00000000`00000000 : 0xfffffa80`03ccf040


STACK_COMMAND:  kb

FOLLOWUP_IP: 
tdx!TdxDeactivateTransportAddress+1a6
fffff880`0188ead6 3d03010000      cmp     eax,103h

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  tdx!TdxDeactivateTransportAddress+1a6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tdx

IMAGE_NAME:  tdx.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc16b

FAILURE_BUCKET_ID:  X64_0x50_tdx!TdxDeactivateTransportAddress+1a6

BUCKET_ID:  X64_0x50_tdx!TdxDeactivateTransportAddress+1a6

Followup: MachineOwner
---------

Debug session time: Tue Jan 18 08:59:42.151 2011 (GMT-5)
System Uptime: 0 days 0:09:12.696
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {41, 8, 1, fffffa80052bdf00}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000041, memory referenced
Arg2: 0000000000000008, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffffa80052bdf00, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800038bb0e0
 0000000000000041 

CURRENT_IRQL:  8

FAULTING_IP: 
+52de952f01e5dbe8
fffffa80`052bdf00 0000            add     byte ptr [rax],al

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff80000b9c860 -- (.trap 0xfffff80000b9c860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000041 rbx=0000000000000000 rcx=0000000000000008
rdx=0000000000000022 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa80052bdf00 rsp=fffff80000b9c9f0 rbp=0000000000000000
 r8=0000000000000029  r9=0000000000000000 r10=000000000000731a
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
fffffa80`052bdf00 0000            add     byte ptr [rax],al ds:0540:00000000`00000041=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003684469 to fffff80003684f00

STACK_TEXT:  
fffff800`00b9c718 fffff800`03684469 : 00000000`0000000a 00000000`00000041 00000000`00000008 00000000`00000001 : nt!KeBugCheckEx
fffff800`00b9c720 fffff800`036830e0 : 00000000`00000000 00000000`00000000 fffffa80`03cd7000 fffff880`102168f8 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c860 fffffa80`052bdf00 : 00000000`00000000 fffffa80`052ff500 fffffa80`0461bc00 fffffa80`050c91a0 : nt!KiPageFault+0x260
fffff800`00b9c9f0 00000000`00000000 : fffffa80`052ff500 fffffa80`0461bc00 fffffa80`050c91a0 00000000`00000000 : 0xfffffa80`052bdf00


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiPageFault+260
fffff800`036830e0 440f20c0        mov     rax,cr8

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiPageFault+260

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_0xD1_nt!KiPageFault+260

BUCKET_ID:  X64_0xD1_nt!KiPageFault+260

Followup: MachineOwner
---------
    Last edited by CarlTR6; 18 Jan 2011 at 14:21.
      My Computer
    Quote Quote

  4. zuplado
    Posts : 2
    windows 7 home premium
    Thread Starter
       New #3

    thank you for your response, i'll uninstall avg immediately and replace it with microsoft security essentials, ill monitor my computer after that.

    thanks again.
      My Computer
    Quote Quote

  6. CarlTR6
    Posts : 11,990
    Windows 7 Ultimate 32 bit
       New #4

    You are welcome. I hope your system will be fixed this easily. :)
      My Computer
    Quote Quote

 

  Related Discussions
IP conflict error – “Another computer on this network has the same IP address as this computer. Contact you network administrator for help resolving this issue. More details are available in the Windows System event log” This is the message I get....any ideas how to resolve this from happening...
ok, I got myself fresh copy of office 2010 proffesional, removed 2010 beta and here is the thing: "]http://img26.imageshack.us/img26/6053/problemzf.jpg Now, i allready removed office, cleaned registry except for one key that I can not remove nor can not change permissions to delete it, Except...
Hi every1, I am new on this forum :D , but i have big problem . while using my computer playing game / or surfing online my comp just stop working , nothing happens. sometimes , but SOMETIMES comes up blue screen and i try to read it but it only lasts for like 2 seconds so its inposibble ,and...
Hi, i joined this forum because i see people are very helpful to each other and i have quite a similar problem to others. I bought Windows 7 Home Premium and my old OP was Vista Home Premium. I did a clean install because i didn't want the crap from before coming along. When i installed it,32...
Well, I've been getting many BSOD's and i found the cause of it. I read the minidump file and netr70.sys is the driver that's causing it. It turns out this is a linksys driver that gets "excited" when downloading two things or more at once(I'm downloading AutoCAD and Revit through Autodesk...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 14:19.
Find Us