Sign in with
Sign up | Sign in
Your question

Please, help! BSOD because of tcpip.sys

Last response: in Windows Vista
Share
Anonymous
April 24, 2010 5:03:11 PM

Hi guys!

I have really frustrating situation going with my computer.
Almost every day my computer is going down with BSOD that saying that something is wrong with my Tcpip.sys.

Googled for solutions for days, scanned for viruses with different programs, installed firewall, but nothing, nothing came out.

Please, help!

Below is detailed decoded error dump :
------------------------------------------------------------------------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Work\Temp\BSOD\log1\Mini042310-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019
Machine Name:
Kernel base = 0xfffff800`02c4b000 PsLoadedModuleList = 0xfffff800`02e0fdd0
Debug session time: Fri Apr 23 19:49:21.353 2010 (UTC + 3:00)
System Uptime: 0 days 1:29:35.213
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {40, 2, 0, fffffa600117650b}

Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Probably caused by : tcpip.sys ( tcpip+11550b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffa600117650b, address which referenced memory

Debugging Details:
------------------


USER_LCID_STR: ENU

OS_SKU: 3

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002e72080
0000000000000040

CURRENT_IRQL: 2

FAULTING_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: csrss.exe

TRAP_FRAME: fffffa6001922c80 -- (.trap 0xfffffa6001922c80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0
rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0
r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f
r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip+0x11550b:
fffffa60`0117650b ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002ca526e to fffff80002ca54d0

STACK_TEXT:
fffffa60`01922b38 fffff800`02ca526e : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffa60`01922b40 fffff800`02ca414b : 00000000`00000000 00000000`00000000 0b81007a`80101080 fffffa80`0d1f55e0 : nt!KiBugCheckDispatch+0x6e
fffffa60`01922c80 fffffa60`0117650b : 00000000`00000002 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 : nt!KiPageFault+0x20b
fffffa60`01922e10 00000000`00000002 : 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 : tcpip+0x11550b
fffffa60`01922e18 00000000`00000001 : fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 : 0x2
fffffa60`01922e20 fffffa80`06cb9c10 : fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 : 0x1
fffffa60`01922e28 fffffa80`0b038bb0 : 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 : 0xfffffa80`06cb9c10
fffffa60`01922e30 00000000`00000002 : fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 : 0xfffffa80`0b038bb0
fffffa60`01922e38 fffff800`02d5fd02 : fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 fffff800`02c13750 : 0x2
fffffa60`01922e40 00000000`00000070 : 00000000`00000002 00000000`00000000 00000002`00000001 fffffa80`051975e8 : nt!EtwpLogKernelEvent+0x202
fffffa60`01922ee0 00000000`00000002 : 00000000`00000000 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 : 0x70
fffffa60`01922ee8 00000000`00000000 : 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 00000000`00000200 : 0x2


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: tcpip+11550b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2c05

FAILURE_BUCKET_ID: X64_0xD1_tcpip+11550b

BUCKET_ID: X64_0xD1_tcpip+11550b

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffa600117650b, address which referenced memory

Debugging Details:
------------------


USER_LCID_STR: ENU

OS_SKU: 3

READ_ADDRESS: 0000000000000040

CURRENT_IRQL: 2

FAULTING_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: csrss.exe

TRAP_FRAME: fffffa6001922c80 -- (.trap 0xfffffa6001922c80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0
rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0
r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f
r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip+0x11550b:
fffffa60`0117650b ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002ca526e to fffff80002ca54d0

STACK_TEXT:
fffffa60`01922b38 fffff800`02ca526e : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffa60`01922b40 fffff800`02ca414b : 00000000`00000000 00000000`00000000 0b81007a`80101080 fffffa80`0d1f55e0 : nt!KiBugCheckDispatch+0x6e
fffffa60`01922c80 fffffa60`0117650b : 00000000`00000002 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 : nt!KiPageFault+0x20b
fffffa60`01922e10 00000000`00000002 : 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 : tcpip+0x11550b
fffffa60`01922e18 00000000`00000001 : fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 : 0x2
fffffa60`01922e20 fffffa80`06cb9c10 : fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 : 0x1
fffffa60`01922e28 fffffa80`0b038bb0 : 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 : 0xfffffa80`06cb9c10
fffffa60`01922e30 00000000`00000002 : fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 : 0xfffffa80`0b038bb0
fffffa60`01922e38 fffff800`02d5fd02 : fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 fffff800`02c13750 : 0x2
fffffa60`01922e40 00000000`00000070 : 00000000`00000002 00000000`00000000 00000002`00000001 fffffa80`051975e8 : nt!EtwpLogKernelEvent+0x202
fffffa60`01922ee0 00000000`00000002 : 00000000`00000000 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 : 0x70
fffffa60`01922ee8 00000000`00000000 : 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 00000000`00000200 : 0x2


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: tcpip+11550b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2c05

FAILURE_BUCKET_ID: X64_0xD1_tcpip+11550b

BUCKET_ID: X64_0xD1_tcpip+11550b

Followup: MachineOwner
---------

1: kd> lmvm tcpip
start end module name
fffffa60`01061000 fffffa60`011d7000 tcpip T (no symbols)
Loaded symbol image file: tcpip.sys
Image path: \SystemRoot\System32\drivers\tcpip.sys
Image name: tcpip.sys
Timestamp: Thu Feb 18 14:01:09 2010 (4B7D2C05)
CheckSum: 0015E59F
ImageSize: 00176000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> .trap 0xfffffa6001922c80
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0
rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0
r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f
r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip+0x11550b:
fffffa60`0117650b ?? ???

More about : bsod tcpip sys

April 24, 2010 7:50:33 PM

My feeling is that (if your sure that it isn't malware) it is likely a RAM problem or Hard Disk issue.

You should try these 2 procedures:
1. Perform error-checking with a full surface scan
2. Download and test using this Microsoft Memory Tester: http://oca.microsoft.com/en/windiag.asp

Let us know how you make out.

Also, if you want to try another malware scan to be extra sure, then this is a great process to perform:

Restart your computer in 'Safe Mode with Networking Support'.
(To do this: Power on your computer and start tapping the F8 key at the top of your keyboard rapidly until the Windows Start Menu appears. Then select the Safe Mode with Networking Support menu option and press the Enter key)

Open your web browser and go to www.malwarebytes.org

Download their free malwarebytes program from their main page

Install the program on your computer and run it.

Update the Malwarebytes program and do a full scan.
(You may be asked to restart. Do so, but use F8 key to return to Safe Mode)
Anonymous
May 3, 2010 8:02:25 PM

Thank you for your help, Man.

I found the solution.

It seems it was my firewall application.

I've been using Outpost Firewall Pro for year without any problems, but now it seems that this program is the reason of BSOD

Last weekend, I turned it off and switched back to the windows default one.

During the week there was not any problems at all
May 3, 2010 8:06:32 PM

Glad to hear you got it figured out.

Cheers!
!