Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntoskrnl.exe tcpip.sys BSOD


  • Please log in to reply
1 reply to this topic

#1 medvesajtification

medvesajtification

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 31 January 2016 - 12:21 PM

Hi guys,

 

My Lenovo Y50 laptop running Windows 7 64bit has been getting some BSODs lately during games, related to ntoskrnl.exe tcpip.sys (according to BlueScreen Viewer).

Could you please help me in analyzing the dump file?

I have attached the zip files I created with Sysnative BSOD Dump + System File Collection App and PERFMON System Health Report, as well as BSOD Inspector (https://omgdebugging.com/bsod-inspector/)

 

Additional data:

 

· OS - Windows 7
· x64
· What was original installed OS on system? DOS
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? Full retail
· Age of system (hardware) 1 year
· Age of OS installation - have you re-installed the OS? 1 year

· CPU Intel® Core™ i5-4210H CPU @ 2.90GHz
· Video Card NVIDIA GeForce GTX 860M / Intel® HD Graphics 4600
· MotherBoard - (if NOT a laptop)
· Power Supply - brand & wattage (skip if laptop)

· System Manufacturer Lenovo
· Exact model number (if laptop, check label on bottom) Y50

· Laptop or Desktop? laptop

 

 

Thank you in advance!

 

Attached Files


Edited by medvesajtification, 31 January 2016 - 12:55 PM.


BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:33 AM

Posted 02 February 2016 - 07:59 AM

ntoskrnl.exe (also seen as ntkrnlpa.exe, ntkrnlmp.exe, or ntkrpamp.exe) is the kernel (core) of the Windows operating system.  It is protected by security features and the Windows System File Checker.  As such, if this file was to blame, you'd be experiencing many more problems other than the occasional BSOD.

In most cases this file is blamed because another file (typically a 3rd party driver) has corrupted the memory space that ntoskrnl.exe considers as it's own.  When this happens, ntoskrnl.exe typically finds unknown data (from the 3rd party driver) in it's memory space.  At this point the OS panics and throws a BSOD to prevent damage to the system.

More info here:  https://en.wikipedia.org/wiki/Ntoskrnl.exe

 

 

 

Your UEFI/BIOS (version 9ECN31WW(V1.14)) dates from 2014.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.

 

Lot's of video errors (STOP 0x117) and BAD_DUMPFILE errors in the WER section of the MSINFO32 report.

Please follow these troubleshooting suggestions:  http://www.sysnative.com/forums/bsod-kernel-dump-analysis-debugging-information/35-video-tdr-timeout-0x116-0x117.html#post29532
Also, please monitor your temps with this free utility:  http://www.cpuid.com/softwares/hwmonitor.html

The 2 memory dumps that I ran blamed networking components.  This can be any of the network adapters on your system (used or not used), it can be hardware or software based, or it can be due to other network aware programs on your system

 

Normally we're not concerned with the process that's running when the BSOD occurs - but in this case, it's the same each time.
So we have to wonder if MalwareBytes is involved in the BSOD's.  It may not be the cause, but another program may be interfering with it.

As such, I'd suggest running Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html

 

Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

hamachi.sys                 Thu Feb 19 05:36:41 2009 (499D3639)
LogMeIn Hamachi Virtual network interface driver}https://secure.logmein.com/US/support/hamachi2/
http://www.carrona.org/drivers/driver.php?id=hamachi.sys
 


Analysis:
The following is for informational purposes only.

**************************Sun Jan 31 10:48:33.794 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\013116-18751-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.19110.amd64fre.win7sp1_gdr.151230-0600
System Uptime: 0 days 2:28:49.609
Probably caused by : tcpip.sys ( tcpip!IppInspectBuildHeaders+54d )
BugCheck 3B, {c0000005, fffff88001b27c1d, fffff8800d57e8b0, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88001b27c1d, Address of the instruction which caused the bugcheck
Arg3: fffff8800d57e8b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  X64_0x3B_tcpip!IppInspectBuildHeaders+54d
CPUID:        "Intel® Core™ i5-4210H CPU @ 2.90GHz"
MaxSpeed:     2900
CurrentSpeed: 2893
  BIOS Version                  9ECN31WW(V1.14)
  BIOS Release Date             08/18/2014
  Manufacturer                  LENOVO
  Product Name                  20378
  Baseboard Product             Lenovo Y50-70
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Jan 23 08:12:27.596 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\012316-16380-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.19110.amd64fre.win7sp1_gdr.151230-0600
System Uptime: 0 days 1:54:59.813
Probably caused by : tcpip.sys ( tcpip!IppInspectBuildHeaders+54d )
BugCheck 3B, {c0000005, fffff88001b28c1d, fffff88009da98b0, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88001b28c1d, Address of the instruction which caused the bugcheck
Arg3: fffff88009da98b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  mbamservice.ex
FAILURE_BUCKET_ID:  X64_0x3B_tcpip!IppInspectBuildHeaders+54d
CPUID:        "Intel® Core™ i5-4210H CPU @ 2.90GHz"
MaxSpeed:     2900
CurrentSpeed: 2893
  BIOS Version                  9ECN31WW(V1.14)
  BIOS Release Date             08/18/2014
  Manufacturer                  LENOVO
  Product Name                  20378
  Baseboard Product             Lenovo Y50-70
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``



3rd Party Drivers:
The following is for information purposes only.

**************************Sun Jan 31 10:48:33.794 2016 (UTC - 5:00)**************************
hamachi.sys                 Thu Feb 19 05:36:41 2009 (499D3639)
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
iaStorA.sys                 Fri Aug 16 13:22:01 2013 (520E5FB9)
iaStorF.sys                 Fri Aug 16 13:22:03 2013 (520E5FBB)
TeeDriverx64.sys            Thu Sep  5 14:02:18 2013 (5228C72A)
AcpiVpc.sys                 Mon Sep 23 23:19:01 2013 (524104A5)
RtsPer.sys                  Fri Oct 18 02:09:07 2013 (5260D083)
000.fcl                     Fri Oct 18 03:16:31 2013 (5260E04F)
RTKVHD64.sys                Wed May 14 06:28:52 2014 (53734564)
mwac.sys                    Tue Jun 17 22:06:34 2014 (53A0F42A)
SCDEmu.SYS                  Sun Jun  7 20:59:17 2015 (5574E8E5)
iusb3hub.sys                Mon Jun 15 09:54:03 2015 (557ED8FB)
iusb3xhc.sys                Mon Jun 15 09:54:05 2015 (557ED8FD)
iusb3hcs.sys                Mon Jun 15 09:54:55 2015 (557ED92F)
MBAMSwissArmy.sys           Wed Jul 29 00:26:01 2015 (55B855D9)
igdkmd64.sys                Wed Aug  5 00:53:18 2015 (55C196BE)
mbam.sys                    Tue Aug 11 13:35:19 2015 (55CA3257)
rtsuvc.sys                  Wed Sep 16 07:59:44 2015 (55F959B0)
Rt64win7.sys                Thu Oct  1 06:24:08 2015 (560D09C8)
nvpciflt.sys                Tue Dec  1 08:29:49 2015 (565DA0CD)
nvlddmkm.sys                Tue Dec  1 08:36:40 2015 (565DA268)
Netwsw02.sys                Tue Dec 22 15:12:37 2015 (5679AEB5)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Jan 23 08:12:27.596 2016 (UTC - 5:00)**************************
Rt64win7.sys                Tue Feb 18 06:38:35 2014 (5303463B)
Netwsw02.sys                Wed Jun 18 11:04:13 2014 (53A1AA6D)
http://www.carrona.org/drivers/driver.php?id=hamachi.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=iaStorF.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverx64.sys
http://www.carrona.org/drivers/driver.php?id=AcpiVpc.sys
http://www.carrona.org/drivers/driver.php?id=RtsPer.sys
http://www.carrona.org/drivers/driver.php?id=000.fcl
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=SCDEmu.SYS
http://www.carrona.org/drivers/driver.php?id=iusb3hub.sys
http://www.carrona.org/drivers/driver.php?id=iusb3xhc.sys
http://www.carrona.org/drivers/driver.php?id=iusb3hcs.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=rtsuvc.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=nvpciflt.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=Netwsw02.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
http://www.carrona.org/drivers/driver.php?id=Netwsw02.sys
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users