BSOD when streaming to Roku 2 - ntoskrnl and tcpip.sys

Page 1 of 3 123 LastLast

  1. Posts : 21
    Windows 7 64-bit
       #1

    BSOD when streaming to Roku 2 - ntoskrnl and tcpip.sys


    This BSOD only started happening when we started streaming videos from our PC to our Roku 2 using PMS (Plex Media Server). Sometimes, not all the time, we will be 5 minutes into a video and it'll BSOD. The 3 most recent were caused during that time. The first 4 BSOD's in my attachment I believe were from driver issues. Maybe you can verify that as well.

    I've posted in the PLEX forums about it but didn't have any more info other than what bluescreenview provides. I'm guessing it's a conflict with avast AV or other third party software. I searched for an update for the NIC driver since tcpip.sys is mentioned, but there are none since 2009. Any assistance is appreciated!

    My specs:

    Win7 Pro 64-bit Retail
    Asus P5Q Pro
    Intel Q6600 2.4GHz (OC to 3.0) quad-core
    ATi HD3870
    Seasonic 620W PSU
    Western Digital 1.5TB Black HDD
      My Computer


  2. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #2

    tpattgeek said:
    This BSOD only started happening when we started streaming videos from our PC to our Roku 2 using PMS (Plex Media Server). Sometimes, not all the time, we will be 5 minutes into a video and it'll BSOD. The 3 most recent were caused during that time. The first 4 BSOD's in my attachment I believe were from driver issues. Maybe you can verify that as well.

    I've posted in the PLEX forums about it but didn't have any more info other than what bluescreenview provides. I'm guessing it's a conflict with avast AV or other third party software. I searched for an update for the NIC driver since tcpip.sys is mentioned, but there are none since 2009. Any assistance is appreciated!

    My specs:

    Win7 Pro 64-bit Retail
    Asus P5Q Pro
    Intel Q6600 2.4GHz (OC to 3.0) quad-core
    ATi HD3870
    Seasonic 620W PSU
    Western Digital 1.5TB Black HDD
    The blue screen crashes appear to be related to Avast. Please uninstall Avast using the Avast avast! Uninstall Utility and install Microsoft Security Essentials - Free Antivirus for Windows to run in its place with Windows firewall.
      My Computer


  3. Posts : 21
    Windows 7 64-bit
    Thread Starter
       #3

    Can you post the debug window with the process name? Thanks for the help!
      My Computer


  4. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #4

    tpattgeek said:
    Can you post the debug window with the process name? Thanks for the help!
    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\tpattgeek\Windows_NT6_BSOD_jcgriff2\010812-12136-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
    Machine Name:
    Kernel base = 0xfffff800`02a17000 PsLoadedModuleList = 0xfffff800`02c5c670
    Debug session time: Sun Jan  8 18:25:15.549 2012 (UTC - 7:00)
    System Uptime: 0 days 0:40:44.782
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck A, {fffff9800646f988, 2, 0, fffff80002ab24af}
    
    Probably caused by : memory_corruption ( nt!MiResolveProtoPteFault+13f )
    
    Followup: MachineOwner
    ---------
    
    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff9800646f988, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
    	bit 0 : value 0 = read operation, 1 = write operation
    	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80002ab24af, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc6100
     fffff9800646f988 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!MiResolveProtoPteFault+13f
    fffff800`02ab24af 488b00          mov     rax,qword ptr [rax]
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  AvastSvc.exe
    
    TRAP_FRAME:  fffff8800882c650 -- (.trap 0xfffff8800882c650)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff9800646f988 rbx=0000000000000000 rcx=0000000000000004
    rdx=000000000007ac03 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002ab24af rsp=fffff8800882c7e0 rbp=fffff8a000e2ec88
     r8=0000000000000000  r9=0000058000000000 r10=0000000073ddc858
    r11=fffff68000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    nt!MiResolveProtoPteFault+0x13f:
    fffff800`02ab24af 488b00          mov     rax,qword ptr [rax] ds:fffff980`0646f988=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002a931e9 to fffff80002a93c40
    
    STACK_TEXT:  
    fffff880`0882c508 fffff800`02a931e9 : 00000000`0000000a fffff980`0646f988 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0882c510 fffff800`02a91e60 : 00000000`00000157 00000000`00000157 00000000`000001ff 00000000`7ac03121 : nt!KiBugCheckDispatch+0x69
    fffff880`0882c650 fffff800`02ab24af : 80000000`891c6867 fffff680`00001bc0 fffffa80`019b5520 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`0882c7e0 fffff800`02ab1053 : 00000000`0009aa38 00000000`73ddc858 fffff680`0039eee0 fffffa80`06266ec8 : nt!MiResolveProtoPteFault+0x13f
    fffff880`0882c870 fffff800`02aa0f19 : 00000000`73d52400 00000000`73ddc858 fffffa80`064a7e48 00000000`00000000 : nt!MiDispatchFault+0x1c3
    fffff880`0882c980 fffff800`02a91d6e : 00000000`00000008 00000000`73ddc858 fffff880`0882cb01 00000000`0c49f604 : nt!MmAccessFault+0x359
    fffff880`0882cae0 00000000`73ddc858 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
    00000000`0994e7b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ddc858
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!MiResolveProtoPteFault+13f
    fffff800`02ab24af 488b00          mov     rax,qword ptr [rax]
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  nt!MiResolveProtoPteFault+13f
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3
    
    IMAGE_NAME:  memory_corruption
    
    FAILURE_BUCKET_ID:  X64_0xA_nt!MiResolveProtoPteFault+13f
    
    BUCKET_ID:  X64_0xA_nt!MiResolveProtoPteFault+13f
    
    Followup: MachineOwner
    ---------
      My Computer


  5. Posts : 21
    Windows 7 64-bit
    Thread Starter
       #5

    That's from my other zip/thread that I posted about random BSOD's. This one is for tcpip.sys and happens when streaming videos FROM my Windows 7 machine. Did you check the attached file on this thread?
      My Computer


  6. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #6

    tpattgeek said:
    That's from my other zip/thread that I posted about random BSOD's. This one is for tcpip.sys and happens when streaming videos FROM my Windows 7 machine. Did you check the attached file on this thread?
    Nah, I thought it would be more fun to continue that thread here. I think the dmp files got mixed together. I'll re-analyze them. Are you still having issues with it after uninstalling Avast? They still may be related.
      My Computer


  7. Posts : 21
    Windows 7 64-bit
    Thread Starter
       #7

    No no, this is a different machine altogether with different symptoms. I also opened the dmp in windbg and did a !analyze -v but didn't see a process name. Do you have to do something else to see it?
      My Computer


  8. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #8

    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\minidump\051411-17472-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631 Machine Name: Kernel base = 0xfffff800`02e61000 PsLoadedModuleList = 0xfffff800`030a6650 Debug session time: Fri May 13 22:15:17.400 2011 (UTC - 7:00) System Uptime: 0 days 13:21:01.226 Loading Kernel Symbols ............................................................... ................................................................ .......................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 24, {1904fb, fffff88007dfe6e8, fffff88007dfdf40, fffff880012b73bb} Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCleanup+9db ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff88007dfe6e8 Arg3: fffff88007dfdf40 Arg4: fffff880012b73bb Debugging Details: ------------------ EXCEPTION_RECORD: fffff88007dfe6e8 -- (.exr 0xfffff88007dfe6e8) ExceptionAddress: fffff880012b73bb (Ntfs!NtfsCommonCleanup+0x00000000000009db) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff88007dfdf40 -- (.cxr 0xfffff88007dfdf40) rax=ffbff8a00b5ec200 rbx=fffff8a00afe8010 rcx=fffffa80064e4dd0 rdx=00000000000c0042 rsi=fffff8a00afe8140 rdi=fffff88006f5b504 rip=fffff880012b73bb rsp=fffff88007dfe920 rbp=fffff88006f5b980 r8=01cc11f5e9cbca32 r9=0000000000000003 r10=0000000000000000 r11=fffff8a00afe8140 r12=fffffa80064e4dd0 r13=0000000000000000 r14=fffff8a00afe83a8 r15=fffff8a00b3fa010 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 Ntfs!NtfsCommonCleanup+0x9db: fffff880`012b73bb f6404103 test byte ptr [rax+41h],3 ds:002b:ffbff8a0`0b5ec241=?? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: fsx.exe CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003110100 ffffffffffffffff FOLLOWUP_IP: Ntfs!NtfsCommonCleanup+9db fffff880`012b73bb f6404103 test byte ptr [rax+41h],3 FAULTING_IP: Ntfs!NtfsCommonCleanup+9db fffff880`012b73bb f6404103 test byte ptr [rax+41h],3 BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff88001226cc9 to fffff880012b73bb STACK_TEXT: fffff880`07dfe920 fffff880`01226cc9 : fffffa80`03d1ab30 fffffa80`079f3220 fffff880`06f5b690 fffffa80`0771d180 : Ntfs!NtfsCommonCleanup+0x9db fffff880`07dfed30 fffff800`02ed8817 : fffff880`06f5b690 00000000`0000040b 00000000`001c6850 00000000`00207398 : Ntfs!NtfsCommonCleanupCallout+0x19 fffff880`07dfed60 fffff800`02ed87d1 : 00000000`00000000 00000000`00000000 fffff880`07dff000 fffff800`02eed832 : nt!KxSwitchKernelStackCallout+0x27 fffff880`06f5b560 fffff800`02eed832 : fffffa80`066c34d0 00000000`00000002 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue fffff880`06f5b580 fffff880`01226d42 : fffff880`01226cb0 00000000`00000000 fffff880`06f5b900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0x2a2 fffff880`06f5b660 fffff880`012c5a04 : fffff880`06f5b730 fffff880`06f5b730 fffff880`06f5b730 00000000`00000000 : Ntfs!NtfsCommonCleanupOnNewStack+0x42 fffff880`06f5b6d0 fffff880`00c02bcf : fffff880`06f5b730 fffffa80`079f3220 fffffa80`079f35c0 fffffa80`08125b30 : Ntfs!NtfsFsdCleanup+0x144 fffff880`06f5b940 fffff880`00c016df : fffffa80`04a2fde0 00000000`00000000 fffffa80`048e4300 fffffa80`079f3220 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`06f5b9d0 fffff800`031e809f : fffffa80`079f3220 fffffa80`07c206d0 00000000`00000000 fffffa80`064e4dd0 : fltmgr!FltpDispatch+0xcf fffff880`06f5ba30 fffff800`031d7844 : 00000000`00000000 fffffa80`07c206d0 fffff880`00c201b0 fffffa80`07873d10 : nt!IopCloseFile+0x11f fffff880`06f5bac0 fffff800`031d7601 : fffffa80`07c206d0 fffffa80`00000001 fffff8a0`04cc7b60 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4 fffff880`06f5bb40 fffff800`031d7bc4 : 00000000`00001c5c fffffa80`07c206d0 fffff8a0`04cc7b60 00000000`00001c5c : nt!ObpCloseHandleTableEntry+0xb1 fffff880`06f5bbd0 fffff800`02edff93 : fffffa80`0771d180 fffff880`06f5bca0 00000000`7efad000 00000000`000000d3 : nt!ObpCloseHandle+0x94 fffff880`06f5bc20 00000000`7796140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0356e808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7796140a SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: Ntfs!NtfsCommonCleanup+9db FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce792f9 STACK_COMMAND: .cxr 0xfffff88007dfdf40 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonCleanup+9db BUCKET_ID: X64_0x24_Ntfs!NtfsCommonCleanup+9db Followup: MachineOwner ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\minidump\052111-15740-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631 Machine Name: Kernel base = 0xfffff800`02e01000 PsLoadedModuleList = 0xfffff800`03046650 Debug session time: Fri May 20 22:14:58.061 2011 (UTC - 7:00) System Uptime: 0 days 0:00:17.247 Loading Kernel Symbols ............................................................... ................................................................ ............................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {0, 0, 0, 0} Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: 0000000000000000, The exception code that was not handled Arg2: 0000000000000000, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: 0000000000000000, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully. FAULTING_IP: +3131643136653635 00000000`00000000 ?? ??? EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000000 ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0 BUGCHECK_STR: 0x1E_0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 EXCEPTION_RECORD: fffff8800318b328 -- (.exr 0xfffff8800318b328) ExceptionAddress: fffff80002e86f69 (nt!KiDeferredReadyThread+0x0000000000000249) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff TRAP_FRAME: fffff8800318b3d0 -- (.trap 0xfffff8800318b3d0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002e86f69 rsp=fffff8800318b560 rbp=0000000000000002 r8=000000000000000e r9=0000000000000003 r10=fffff80002e01000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!KiDeferredReadyThread+0x249: fffff800`02e86f69 498b8cc2c80f1f00 mov rcx,qword ptr [r10+rax*8+1F0FC8h] ds:ffff:fffff800`02ff1fc8=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002e786be to fffff80002e80cd0 STACK_TEXT: fffff880`0318a408 fffff800`02e786be : fffff880`0318a578 fffff880`0169d30b fffff880`0318ab80 fffff800`02eac890 : nt!KeBugCheck fffff880`0318a410 fffff800`02eac55d : fffff800`03087968 fffff800`02fc4cbc fffff800`02e01000 fffff880`0318b328 : nt!KiKernelCalloutExceptionHandler+0xe fffff880`0318a440 fffff800`02eab335 : fffff800`02fc80fc fffff880`0318a4b8 fffff880`0318b328 fffff800`02e01000 : nt!RtlpExecuteHandlerForException+0xd fffff880`0318a470 fffff800`02ebc3b1 : fffff880`0318b328 fffff880`0318ab80 fffff880`00000000 fffffa80`04acd970 : nt!RtlDispatchException+0x415 fffff880`0318ab50 fffff800`02e80382 : fffff880`0318b328 fffff880`03163180 fffff880`0318b3d0 fffff880`03163180 : nt!KiDispatchException+0x135 fffff880`0318b1f0 fffff800`02e7ec8a : fffff880`031d4180 fffff880`0318b450 fffffa80`04a0bb60 fffff880`03163180 : nt!KiExceptionDispatch+0xc2 fffff880`0318b3d0 fffff800`02e86f69 : fffff800`02ff3e80 fffffa80`0678e060 00000000`00000000 fffffa80`063149a0 : nt!KiGeneralProtectionFault+0x10a fffff880`0318b560 fffff800`02e8c587 : fffffa80`04acda30 fffffa80`04acda78 fffffa80`04acda78 fffffa80`04a0bc00 : nt!KiDeferredReadyThread+0x249 fffff880`0318b5e0 fffff800`02e8c3de : 00000000`0a47c77e fffff880`0318bc58 00000000`00000451 fffff880`03165fa8 : nt!KiProcessExpiredTimerList+0x157 fffff880`0318bc30 fffff800`02e8c1c7 : 00000000`03ad12c2 00000000`00000451 00000000`03ad12e0 00000000`00000051 : nt!KiTimerExpiration+0x1be fffff880`0318bcd0 fffff800`02e78a2a : fffff880`03163180 fffff880`0316dfc0 00000000`00000000 fffff880`043c1480 : nt!KiRetireDpcList+0x277 fffff880`0318bd80 00000000`00000000 : fffff880`0318c000 fffff880`03186000 fffff880`0318bd40 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiKernelCalloutExceptionHandler+e fffff800`02e786be 90 nop SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b FAILURE_BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\minidump\052511-15054-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631 Machine Name: Kernel base = 0xfffff800`02e4d000 PsLoadedModuleList = 0xfffff800`03092650 Debug session time: Wed May 25 14:15:35.954 2011 (UTC - 7:00) System Uptime: 0 days 0:00:15.624 Loading Kernel Symbols ............................................................... ................................................................ ........................ Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff88003940fff, 0, fffff88001b64a83, 0} Could not read faulting driver name Probably caused by : rdyboost.sys ( rdyboost!memcpy+223 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff88003940fff, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff88001b64a83, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fc100 fffff88003940fff FAULTING_IP: rdyboost!memcpy+223 fffff880`01b64a83 8a040a mov al,byte ptr [rdx+rcx] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: System CURRENT_IRQL: 0 TRAP_FRAME: fffff880039468f0 -- (.trap 0xfffff880039468f0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0016b30000000032 rbx=0000000000000000 rcx=fffffa8005d1ecf3 rdx=fffffdfffdc2230c rsi=0000000000000000 rdi=0000000000000000 rip=fffff88001b64a83 rsp=fffff88003946a88 rbp=fffffa8004a01860 r8=001fffffffffa438 r9=0000000000000000 r10=00067d4000000000 r11=fffffa8005d248bc r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc rdyboost!memcpy+0x223: fffff880`01b64a83 8a040a mov al,byte ptr [rdx+rcx] ds:fffff880`03940fff=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002e78a0c to fffff80002eccd00 STACK_TEXT: fffff880`03946788 fffff800`02e78a0c : 00000000`00000050 fffff880`03940fff 00000000`00000000 fffff880`039468f0 : nt!KeBugCheckEx fffff880`03946790 fffff800`02ecae2e : 00000000`00000000 fffff880`03940fff 00000000`00000000 fffffa80`05d248bc : nt! ?? ::FNODOBFM::`string'+0x4621f fffff880`039468f0 fffff880`01b64a83 : fffff880`01b58bb9 00000000`00000000 00000000`000172d3 fffffa80`04ae0130 : nt!KiPageFault+0x16e fffff880`03946a88 fffff880`01b58bb9 : 00000000`00000000 00000000`000172d3 fffffa80`04ae0130 fffffa80`0671c3c4 : rdyboost!memcpy+0x223 fffff880`03946a90 fffff880`01b57499 : 00000000`00000000 fffff880`08156000 00000000`c0000225 00000000`00000005 : rdyboost!B_TREE<_SMD_STORE_KEY,ST_STORE<SMD_TRAITS>::_ST_PAGE_ENTRY,4096,NP_CONTEXT>::BTreeInsertEx+0x2d5 fffff880`03946ae0 fffff880`01b55782 : fffffa80`04ae0118 fffff880`08156000 00000000`00000005 fffffa80`065a62c0 : rdyboost!ST_STORE<SMD_TRAITS>::StDmpSinglePageInsert+0x75 fffff880`03946b60 fffff880`01b54773 : fffffa80`064f9900 fffffa80`061d3ad0 fffffa80`064f9900 fffffa80`04ae0118 : rdyboost!ST_STORE<SMD_TRAITS>::StDmpSinglePageAdd+0x212 fffff880`03946c20 fffff880`01b5462e : fffffa80`064f9900 00000000`00005000 00000000`00000080 fffffa80`04ae00b0 : rdyboost!ST_STORE<SMD_TRAITS>::StDmPageAdd+0xe3 fffff880`03946c80 fffff880`01b5341a : fffffa80`064f9900 00000000`00000080 00000000`00000080 fffffa80`04ae0f88 : rdyboost!ST_STORE<SMD_TRAITS>::StWorkItemProcess+0x23a fffff880`03946ce0 fffff800`0316932e : 00000000`00000000 fffff880`00000000 fffffa80`049dd8c0 fffffa80`039ce040 : rdyboost!SMKM_STORE<SMD_TRAITS>::SmStWorker+0x152 fffff880`03946d40 fffff800`02ebe666 : fffff880`03163180 fffffa80`049dd8c0 fffff880`0316dfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`03946d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: rdyboost!memcpy+223 fffff880`01b64a83 8a040a mov al,byte ptr [rdx+rcx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: rdyboost!memcpy+223 FOLLOWUP_NAME: MachineOwner MODULE_NAME: rdyboost IMAGE_NAME: rdyboost.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7982e FAILURE_BUCKET_ID: X64_0x50_rdyboost!memcpy+223 BUCKET_ID: X64_0x50_rdyboost!memcpy+223 Followup: MachineOwner ---------
    4. Loading Dump File [C:\Users\Mike\Downloads\minidump\052511-14055-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631 Machine Name: Kernel base = 0xfffff800`02e14000 PsLoadedModuleList = 0xfffff800`03059650 Debug session time: Wed May 25 15:08:09.716 2011 (UTC - 7:00) System Uptime: 0 days 0:51:16.386 Loading Kernel Symbols ............................................................... ................................................................ ........................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C2, {7, 109b, 0, fffff8a00b495640} GetPointerFromAddress: unable to read from fffff800030c3100 GetUlongFromAddress: unable to read from fffff80003031a18 GetUlongFromAddress: unable to read from fffff80003031a18 Probably caused by : ntkrnlmp.exe ( nt!ObpCaptureObjectName+216 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_CALLER (c2) The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc. Arguments: Arg1: 0000000000000007, Attempt to free pool which was already freed Arg2: 000000000000109b, (reserved) Arg3: 0000000000000000, Memory contents of the pool block Arg4: fffff8a00b495640, Address of the block of pool being deallocated Debugging Details: ------------------ GetUlongFromAddress: unable to read from fffff80003031a18 GetUlongFromAddress: unable to read from fffff80003031a18 POOL_ADDRESS: fffff8a00b495640 BUGCHECK_STR: 0xc2_7 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: Core Temp.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002fbebe9 to fffff80002e93d00 STACK_TEXT: fffff880`096197f8 fffff800`02fbebe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`00000000 : nt!KeBugCheckEx fffff880`09619800 fffff800`0318f8d7 : 00000000`000000f8 00000000`00000000 00000000`00000000 00000000`a0000003 : nt!ExDeferredFreePool+0x1201 fffff880`096198b0 fffff800`0318ce2b : fffffa80`040a30b0 00000000`0420fad0 fffff8a0`00004801 fffffa80`04c9bdd0 : nt!ObpCaptureObjectName+0x216 fffff880`09619930 fffff800`0318ee9b : fffffa80`040a3010 fffffa80`03a0b8e0 00000000`00000000 00000000`00000000 : nt!ObpCaptureObjectCreateInformation+0x279 fffff880`096199b0 fffff800`031909ec : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`00000001 : nt!ObOpenObjectByName+0xbb fffff880`09619a80 fffff800`0319b608 : 00000000`0420fa98 fffff8a0`c0100080 00000000`0420fae8 00000000`0420faa8 : nt!IopCreateFile+0x2bc fffff880`09619b20 fffff800`02e92f93 : fffff880`09619ca0 fffffa80`0710f5e0 00000000`00000000 00000000`0420fb00 : nt!NtCreateFile+0x78 fffff880`09619bb0 00000000`7743186a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0420fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7743186a STACK_COMMAND: kb FOLLOWUP_IP: nt!ObpCaptureObjectName+216 fffff800`0318f8d7 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!ObpCaptureObjectName+216 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b FAILURE_BUCKET_ID: X64_0xc2_7_nt!ObpCaptureObjectName+216 BUCKET_ID: X64_0xc2_7_nt!ObpCaptureObjectName+216 Followup: MachineOwner ---------
    5. Loading Dump File [C:\Users\Mike\Downloads\minidump\111111-21044-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e0a000 PsLoadedModuleList = 0xfffff800`0304f670 Debug session time: Fri Nov 11 09:32:15.786 2011 (UTC - 7:00) System Uptime: 1 days 11:55:58.066 Loading Kernel Symbols ............................................................... ................................................................ ........................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {8, 2, 0, fffff880018de02b} Probably caused by : tcpip.sys ( tcpip!IppLoopbackTransmit+14b ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000008, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff880018de02b, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b9100 0000000000000008 CURRENT_IRQL: 2 FAULTING_IP: tcpip!IppLoopbackTransmit+14b fffff880`018de02b 488b4308 mov rax,qword ptr [rbx+8] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: Plex Media Ser TRAP_FRAME: fffff8800379cb20 -- (.trap 0xfffff8800379cb20) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa80043c3080 rbx=0000000000000000 rcx=fffff8800379ccd0 rdx=fffff88001723140 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880018de02b rsp=fffff8800379ccb0 rbp=0000000000000000 r8=fffff8800171b720 r9=fffffa8008486590 r10=fffffa8004979d80 r11=fffffa8004679030 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip!IppLoopbackTransmit+0x14b: fffff880`018de02b 488b4308 mov rax,qword ptr [rbx+8] ds:4550:00000000`00000008=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002e861e9 to fffff80002e86c40 STACK_TEXT: fffff880`0379c9d8 fffff800`02e861e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0379c9e0 fffff800`02e84e60 : fffffa80`043c3d00 fffff880`0379cba0 fffff880`01a199a0 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`0379cb20 fffff880`018de02b : fffffa80`0498ee80 fffffa80`0000907e fffff880`000089c8 fffff880`037989c8 : nt!KiPageFault+0x260 fffff880`0379ccb0 fffff800`02e7e757 : fffff880`01a199a0 00000000`00000006 00000000`00000000 00000000`00000000 : tcpip!IppLoopbackTransmit+0x14b fffff880`0379cd60 fffff800`02e7e711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27 fffff880`091ec720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue STACK_COMMAND: kb FOLLOWUP_IP: tcpip!IppLoopbackTransmit+14b fffff880`018de02b 488b4308 mov rax,qword ptr [rbx+8] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: tcpip!IppLoopbackTransmit+14b FOLLOWUP_NAME: MachineOwner MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948 FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b Followup: MachineOwner ---------
    6. Loading Dump File [C:\Users\Mike\Downloads\minidump\121911-17191-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`03064000 PsLoadedModuleList = 0xfffff800`032a9670 Debug session time: Mon Dec 19 13:09:24.393 2011 (UTC - 7:00) System Uptime: 6 days 15:09:07.063 Loading Kernel Symbols ............................................................... ................................................................ ............................................ Loading User Symbols Loading unloaded module list ............ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {10, 2, 0, fffff800030e595d} Probably caused by : ntkrnlmp.exe ( nt!KeWaitForMultipleObjects+794 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000010, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800030e595d, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003313100 0000000000000010 CURRENT_IRQL: 2 FAULTING_IP: nt!KeWaitForMultipleObjects+794 fffff800`030e595d 488b4110 mov rax,qword ptr [rcx+10h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: AvastSvc.exe TRAP_FRAME: fffff88009de0040 -- (.trap 0xfffff88009de0040) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa800468c198 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa800697bcc8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800030e595d rsp=fffff88009de01d0 rbp=fffffa8006f0d060 r8=0020000000000000 r9=fffff88003163180 r10=0000000000000002 r11=fffffa800697bc68 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc nt!KeWaitForMultipleObjects+0x794: fffff800`030e595d 488b4110 mov rax,qword ptr [rcx+10h] ds:3a80:00000000`00000010=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800030e01e9 to fffff800030e0c40 STACK_TEXT: fffff880`09ddfef8 fffff800`030e01e9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`09ddff00 fffff800`030dee60 : 31313436`33633538 64653433`33623662 00000000`00000000 0000053a`2ff0a1c4 : nt!KiBugCheckDispatch+0x69 fffff880`09de0040 fffff800`030e595d : fffffa80`06a83a80 fffffa80`04ada080 000008fe`0000001b 00000014`00000006 : nt!KiPageFault+0x260 fffff880`09de01d0 fffff800`033d777f : 00000000`00000002 fffff880`09de0520 00000000`00000000 00000000`00000006 : nt!KeWaitForMultipleObjects+0x794 fffff880`09de0490 fffff800`034044cd : 00000000`00000001 00000000`00000000 00000000`00000000 fffff800`03109101 : nt!ObpWaitForMultipleObjects+0x294 fffff880`09de0960 fffff800`030dfed3 : fffff880`09de0ca0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWaitForMultipleObjects32+0xec fffff880`09de0bb0 00000000`75052e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`01cdf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75052e09 STACK_COMMAND: kb FOLLOWUP_IP: nt!KeWaitForMultipleObjects+794 fffff800`030e595d 488b4110 mov rax,qword ptr [rcx+10h] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!KeWaitForMultipleObjects+794 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0xA_nt!KeWaitForMultipleObjects+794 BUCKET_ID: X64_0xA_nt!KeWaitForMultipleObjects+794 Followup: MachineOwner ---------
    7. Loading Dump File [C:\Users\Mike\Downloads\minidump\123011-28298-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`03065000 PsLoadedModuleList = 0xfffff800`032aa670 Debug session time: Fri Dec 30 10:31:50.720 2011 (UTC - 7:00) System Uptime: 3 days 21:11:40.015 Loading Kernel Symbols ............................................................... ................................................................ .............................................. Loading User Symbols Loading unloaded module list ................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {8, 2, 0, fffff880018e502b} Probably caused by : tcpip.sys ( tcpip!IppLoopbackTransmit+14b ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000008, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff880018e502b, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003314100 0000000000000008 CURRENT_IRQL: 2 FAULTING_IP: tcpip!IppLoopbackTransmit+14b fffff880`018e502b 488b4308 mov rax,qword ptr [rbx+8] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: Plex Media Ser TRAP_FRAME: fffff8800379cb20 -- (.trap 0xfffff8800379cb20) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa80071d7440 rbx=0000000000000000 rcx=fffff8800379ccd0 rdx=fffff8800179c140 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880018e502b rsp=fffff8800379ccb0 rbp=0000000000000000 r8=fffff88001794720 r9=fffffa80041f5d70 r10=fffffa800497be00 r11=fffffa8003be5450 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip!IppLoopbackTransmit+0x14b: fffff880`018e502b 488b4308 mov rax,qword ptr [rbx+8] ds:00000000`00000008=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800030e11e9 to fffff800030e1c40 STACK_TEXT: fffff880`0379c9d8 fffff800`030e11e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0379c9e0 fffff800`030dfe60 : fffff880`00000002 fffff880`01900d3a 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`0379cb20 fffff880`018e502b : fffffa80`04993900 fffffa80`0000907e fffff880`000073dd fffff880`037973dd : nt!KiPageFault+0x260 fffff880`0379ccb0 fffff800`030d9757 : fffff880`01a209a0 fcfcc789`48fbb606 00000000`00000000 90000007`9fe95341 : tcpip!IppLoopbackTransmit+0x14b fffff880`0379cd60 fffff800`030d9711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27 fffff880`09359720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue STACK_COMMAND: kb FOLLOWUP_IP: tcpip!IppLoopbackTransmit+14b fffff880`018e502b 488b4308 mov rax,qword ptr [rbx+8] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: tcpip!IppLoopbackTransmit+14b FOLLOWUP_NAME: MachineOwner MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948 FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b Followup: MachineOwner ---------
    8. Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\tpattgeek\minidump\011112-18158-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`03067000 PsLoadedModuleList = 0xfffff800`032ac670 Debug session time: Wed Jan 11 18:15:07.891 2012 (UTC - 7:00) System Uptime: 1 days 3:58:26.561 Loading Kernel Symbols ............................................................... ................................................................ ............................................... Loading User Symbols Loading unloaded module list .............................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {8, 2, 0, fffff8800189c02b} Probably caused by : tcpip.sys ( tcpip!IppLoopbackTransmit+14b ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000008, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8800189c02b, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003316100 0000000000000008 CURRENT_IRQL: 2 FAULTING_IP: tcpip!IppLoopbackTransmit+14b fffff880`0189c02b 488b4308 mov rax,qword ptr [rbx+8] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: Plex Media Ser TRAP_FRAME: fffff8800379cb20 -- (.trap 0xfffff8800379cb20) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa800468d6c0 rbx=0000000000000000 rcx=fffff8800379ccd0 rdx=fffffa80064d2821 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800189c02b rsp=fffff8800379ccb0 rbp=0000000000000000 r8=fffffa80064d2820 r9=0000000000000000 r10=fffffa800495de00 r11=fffffa8003fcb850 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip!IppLoopbackTransmit+0x14b: fffff880`0189c02b 488b4308 mov rax,qword ptr [rbx+8] ds:00000000`00000008=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800030e31e9 to fffff800030e3c40 STACK_TEXT: fffff880`0379c9d8 fffff800`030e31e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0379c9e0 fffff800`030e1e60 : 00000002`00600b2d fffff880`08907720 fffffa80`0495fd30 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`0379cb20 fffff880`0189c02b : fffffa80`04974930 fffffa80`0000d9eb fffff880`0000907e fffff880`0379907e : nt!KiPageFault+0x260 fffff880`0379ccb0 fffff800`030db757 : fffff880`019d79a0 01ca043e`75759506 00000000`00000000 005c0073`00200000 : tcpip!IppLoopbackTransmit+0x14b fffff880`0379cd60 fffff800`030db711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27 fffff880`08900720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue STACK_COMMAND: kb FOLLOWUP_IP: tcpip!IppLoopbackTransmit+14b fffff880`0189c02b 488b4308 mov rax,qword ptr [rbx+8] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: tcpip!IppLoopbackTransmit+14b FOLLOWUP_NAME: MachineOwner MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948 FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b Followup: MachineOwner ---------
    That set did include another AVAST related crash. I also note the following problem.

    Code:
    ASACPI	fffff880`0474a000	fffff880`04752000	Sun Mar 27 20:30:36 2005 (42476c4c)	00003c77		ASACPI.sys
    ASACPI.SYS is a known BSOD problem on Windows 7. Update the driver by:
    1. Going to the Asus motherboard support site
    When you reach the website:
    2. Scroll down the page and click Utilities
    3. Hold Ctrl and press f (ctrl+f) to enter the browser's find feature
    4. Search for "ATK0110 driver for WindowsXP/Vista/Win7 32&64-bit" (without quotes)
    5. Download and install the driver.
    6. After installation is complete, verify that it installed correctly.
    a. Click Start Menu
    b. Click My Computer
    c. Go to C:\WIndows\System32\drivers\
    d. Verify that the ASACPI.SYS file is dated 2009 or newer (2010,etc.)

    Thanks to JMH and zigzag3143 for the above information.


    Also, please update the following drivers/software (LogMeIn as well if there is an update). Use
    Installing and updating drivers in 7,
    Driver Reference Table - sysnative.com - MVP,
    and Drivers and Downloads
    as references for driver information and updating steps.
    Code:
    lmimirr	fffff880`047a7000	fffff880`047ae000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
    RaInfo	fffff880`06fee000	fffff880`06ff5000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
    LMIRfsDriver	fffff880`06e00000	fffff880`06e13000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys
    dne64x	fffff880`047ae000	fffff880`047da000	Mon Nov 10 18:01:24 2008 (4918d964)	000359da		dne64x.sys
    hamachi	fffff880`046df000	fffff880`046ea000	Thu Feb 19 03:36:41 2009 (499d3639)	0000a5d7		hamachi.sys
    Last edited by writhziden; 11 Jan 2012 at 22:32. Reason: New blue screen error added
      My Computer


  9. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #9

    tpattgeek said:
    No no, this is a different machine altogether with different symptoms. I also opened the dmp in windbg and did a !analyze -v but didn't see a process name. Do you have to do something else to see it?
    I know, I was joking about continuing the thread here. However, you probably should uninstall Avast on both machines as it is known to cause blue screen crashes...

    The process name is typically in the middle. For your tcpip crashes, the process is the Plex Media Ser which I would guess is what you are using to stream the video.
    Last edited by writhziden; 10 Jan 2012 at 15:15. Reason: Avast information
      My Computer


  10. Posts : 21
    Windows 7 64-bit
    Thread Starter
       #10

    Yes, PLEX is what I'm using to stream the video, but is that what actually caused the crash or is that just listing out all of the processes? I didn't have FSX running at the same time as PLEX, so did PLEX cause the crashes or was it avastsvc for ALL of them?
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:00.
Find Us