Malware installed?

[Dale]

I did a quick google search on stream.sys and saw that it's a microsoft driver and saw several mentions of webcams.  This system doesn't have one and never has.

I'd like to understand more about stream.sys.

[guestolo]

Actually, I would like to see more minidump files ONLY, not the other stuff you uploaded
Having more than one can help to determine if one driver is the cause of the file

You will know if you have a dump file by the extension>>.dmp

[Dale]

[quote name=\'guestolo\' post=\'462078\' date=\'May 2 2009, 08:07 PM\']Actually, I would like to see more minidump files ONLY, not the other stuff you uploaded
Having more than one can help to determine if one driver is the cause of the file

You will know if you have a dump file by the extension>>.dmp[/quote]
Did the last file I uploaded, a zip file, not have 8 minidumps in it?  I'll upload them again just in case.

[guestolo]

Sorry, I didn't even see the link to the dump files
7 of 8 of those dumps were the same information, that's a good indication of Driver fault with relation to Stream.sys

Here's some of the info

Code: [Select]

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {f7689372, 6, 8, f7689372}

Probably caused by : STREAM.SYS ( STREAM!StreamClassInterrupt+2c )

Followup: MachineOwner
---------

1: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f7689372, memory referenced
Arg2: 00000006, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: f7689372, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  f7689372

CURRENT_IRQL:  6

FAULTING_IP:
+2c
f7689372 ??  ???

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Idle

LAST_CONTROL_TRANSFER:  from 00000000 to f7689372

FAILED_INSTRUCTION_ADDRESS:
+2c
f7689372 ??  ???

SYMBOL_ON_RAW_STACK:  1

STACK_ADDR_RAW_STACK_SYMBOL: fffffffff78b2c80

STACK_COMMAND:  dds F78B2C80-0x20; kb

STACK_TEXT:  
f78b2c60  f76894e4
f78b2c64  00000000
f78b2c68  f78b2c77
f78b2c6c  8a426688
f78b2c70  8a0dadcc
f78b2c74  00000006
f78b2c78  f78b2c8c
f78b2c7c  f769acba STREAM!StreamClassInterrupt+0x2c
f78b2c80  8a4268cc
f78b2c84  8a0dadcc
f78b2c88  8a0dadc4
f78b2c8c  00000000
f78b2c90  805454dc nt!KiChainedDispatch2ndLvl+0x44
f78b2c94  8a0dadc8
f78b2c98  8a4265d0
f78b2c9c  804ffb90 nt!KiIpiServiceRoutine+0x80
f78b2ca0  f7679162 intelppm!AcpiC1Idle+0x12
f78b2ca4  f7717c50
f78b2ca8  8054547c nt!KiChainedDispatch+0x1c
f78b2cac  00000000
f78b2cb0  f78b2cc0
f78b2cb4  80545489 nt!KiChainedDispatch+0x29
f78b2cb8  89e1e902
f78b2cbc  00000174
f78b2cc0  f78b2d50
f78b2cc4  f7679162 intelppm!AcpiC1Idle+0x12
f78b2cc8  badb0d00
f78b2ccc  0000097a
f78b2cd0  00000001
f78b2cd4  8a38df98
f78b2cd8  00000028
f78b2cdc  a9b0c2e8


FOLLOWUP_IP:
STREAM!StreamClassInterrupt+2c
f769acba 8ad8 mov bl,al

SYMBOL_NAME:  STREAM!StreamClassInterrupt+2c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: STREAM

IMAGE_NAME:  STREAM.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  480254ba

FAILURE_BUCKET_ID:  0xD1_CODE_AV_BAD_IP_STREAM!StreamClassInterrupt+2c

BUCKET_ID:  0xD1_CODE_AV_BAD_IP_STREAM!StreamClassInterrupt+2c
I'll dig around and see what comes up

P.S. One was related to SageTV.exe

[Dale]

[quote name=\'guestolo\' post=\'462094\' date=\'May 3 2009, 11:01 AM\']I'll dig around and see what comes up[/quote]
Thanks!  FYI the system hasn't crashed since the JRE change I did late Wednesday night..  Coincidence?

I plan to stress it some today to see if it holds up while it's busier.

[guestolo]

I notice from this link
http://www.sagetv.com/troubleshooting.html#1

SageTv is recommending removing All earlier versions of Java and install the Latest
But your method or reverting to an older version seems to be helping
Because earlier versions of Java are not as Secure as the latest

I'm wondering if Removing All older versions and installing the Latest would help?
I like to use a tool called JavaRA to ensure all older versions are removed
Reboot the machine  then install the latest

I also notice the following from Sage

If you are experiencing random crashes, lockups or freezes in either SageTV or SageTV Recorder:
Be sure you have the latest drivers installed for your TV Tuner/Capture card. You may also want to try upgrading your video card drivers and updating your motherboard's BIOS to the latest version.

Do you have the latest Video drivers installed?

[Dale]

[quote name=\'guestolo\' post=\'462105\' date=\'May 3 2009, 12:43 PM\']I notice from this link
http://www.sagetv.com/troubleshooting.html#1

SageTv is recommending removing All earlier versions of Java and install the Latest
But your method or reverting to an older version seems to be helping
Because earlier versions of Java are not as Secure as the latest

I'm wondering if Removing All older versions and installing the Latest would help?
I like to use a tool called JavaRA to ensure all older versions are removed
Reboot the machine  then install the latest

I also notice the following from Sage

Do you have the latest Video drivers installed?[/quote]
I had followed the instructions for reverting to the older level of Java.  :-)

I look for JavaRA and see what it sayes but I was pretty careful about shutting down Sage.  Uninstalling Java and then installing the new version, with approrpiate reboots inbetween.  I may try 1.4 to see if it makes a diiference.

I will check on the video drivers too, but they were the latest as of 2 weeks ago.  When I built the system, I started with the latest drivers as opposed to what was on the dsik that came with the card.

FYI, the system appears to have crashed several times while I was out.  Before I left, I set the system to record 3 diferent shows simultaneously, and when I got back, the system was at the screen where you select a user, which means it restarted at least once.  I looked for new dumps and found several.

I uploaded them: http://www.savefile.com/files/2091556

Note the drivers for the tuner cards I'm using, are also the latest.

I'll see if ASUS has updated the video drivers and let you know if they have.

Dale

[Dale]

Well then, I'm two updates behind.  The one I\d installed was from Feb 2009 and there were two updates posted in mid and late April.  I will update the driver!

[guestolo]

All dumps put blame on Stream.sys

Can you do the following:
Right click on MyComputer>>Left click PROPERTIES>>ADVANCED>>SETTINGS (Under Startup and Recovery)
Under SYSTEM FAILURE, Untick Automatically Restart
Ok out of there

Next time, instead of restarting, it may Blue screen with an error message
Post that error message back , it may include an additional filename that may help

[Dale]

[quote name=\'guestolo\' post=\'462114\' date=\'May 3 2009, 05:20 PM\']All dumps put blame on Stream.sys

Can you do the following:
Right click on MyComputer>>Left click PROPERTIES>>ADVANCED>>SETTINGS (Under Startup and Recovery)
Under SYSTEM FAILURE, Untick Automatically Restart
Ok out of there

Next time, instead of restarting, it may Blue screen with an error message
Post that error message back , it may include an additional filename that may help[/quote]
Well, I missed the error message.  ;(  I did get the file name - zuluvcap.sys  Address f762937c base at f7627000

I had updated the video driver earlier today and went back to JRE 1.4 - I know later is supposed to be better but my previous experience says otherwise. After doing so the system ran fine while recording three shows at once, and showing one too with no problems.  It went for 4+ hours with no issues whatsoever.

Then boom.

I imagine it will happen again.  I'll get the error message then.

Dump uploaded: http://www.savefile.com/files/2091814

[guestolo]

Do you have a Fusion HDTV Capture card installed on this system?
That seems to be what's causing the problems

[Dale]

[quote name=\'guestolo\' post=\'462127\' date=\'May 3 2009, 10:05 PM\']Do you have a Fusion HDTV Capture card installed on this system?
That seems to be what's causing the problems[/quote]
You're good!  I do.  3 of them.  All PCI cards "salvaged" from my last system.  In fact I picked the mother board I got based on the fact it had three usable PCI slots - other mother boards had 3 PCI slots but once you added a graphics card only you couldn't use them all.

Anything I can do (short of replacing them)?  I'm pretty sure I have the latest drivers for the cards - Fusion HDTV 5 RT Lite if I remember correctly - installed (even if the drivers were pretty old).

[Dale]

I googled zuluvcap.sys and found several mentions of issues like the ones I'm having now:

http://www.xpmediacentre.com.au/community/...luvcap-sys.html
http://archive2.avsforum.com/avs-vb/archiv...p/t-635784.html
http://www.epinions.com/reviews/Video_Capt...vico_HDTV5USB_1
http://forums.gbpvr.com/showthread.php?t=33561

Didn't see any solutions though.  :-(

[guestolo]

You could try the latest software for the cards, see if it's any help
But I see lots of ppls. having problems with their software
concerning BSOD's

Here's a link
http://www.fusionhdtv.co.kr/eng/Products/RTLite.aspx
Software Download link near the bottom
Take note of the Warning of removing old software before installation

Also seen a couple of users, don't have links, that have pinned it down to bad Memory
I don't think that's your problem, but it may not hurt to run MemTest on this computer to ensure the sticks are OK
Have you run Memtest before?
It's quite simple, Download the compiled zip file>>Unzip just burn the ISO to disk as image file and boot up with the CD or floppy and it will run automatically
http://www.memtest.org/#downiso

[Dale]

[quote name=\'guestolo\' post=\'462145\' date=\'May 4 2009, 09:27 AM\']You could try the latest software for the cards, see if it's any help
But I see lots of ppls. having problems with their software
concerning BSOD's

Here's a link
http://www.fusionhdtv.co.kr/eng/Products/RTLite.aspx
Software Download link near the bottom
Take note of the Warning of removing old software before installation

Also seen a couple of users, don't have links, that have pinned it down to bad Memory
I don't think that's your problem, but it may not hurt to run MemTest on this computer to ensure the sticks are OK
Have you run Memtest before?
It's quite simple, Download the compiled zip file>>Unzip just burn the ISO to disk as image file and boot up with the CD or floppy and it will run automatically
http://www.memtest.org/#downiso[/quote]
The error message is DRIVER_IRQL_NOT_LESS_OR_EQUAL

I am already running their latest software it turns out - 3.68

Assuming I don't have a memory issue - and I'll check and see, but probably not tonight, what else can I do?

Sage says this board is supported.  Think this is something they can fix via their software if I get them a trace?

Thanks for your assistance so far.  It seems worse case I'd just need to invest in some other HDTV capture cards.  I just hope I pick something better than the Fusion cards if I have to go that route - which get great reception but evidently have faulty driver software.

Dale

[Dale]

Just an update.  I downloaded the RAM test software but rather than try it, I purchased 3 VBOX 3650 USB tuners Thursday night and got them set up Saturday.  They receive signals as good as the Fusion cards, and so far, they have not crashed my system.  I let it record 3 channels simultaneously for almost 5 hours, while playing back something too, and there were no problems at all.  Something I could not replicate with the Fusion cards being used.

Thank you so much for helping me track down the root cause of my system crashing!

[guestolo]

Thanks for letting me know Dale, everything was starting to point to the Fusion's as the root of the problem