Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD tcpip.sys & ntoskrnl.exe


  • Please log in to reply

#16
guitar_freak8894

guitar_freak8894

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ok so both options make no change. But when I go by the second option "Browse My Computer etc." I have two options:

1. Atheros AR9285 Wireless Network Adapter (Atheros Communications Inc.)
2. Atheros AR9285 Wireless Network Adapter (Microsoft)

When I choose the first option it doesn't change anything, but when I choose the Microsoft option the version changes to 2.0.0.74

Maybe the Microsoft version is a different driver and is up to date or is this some sore of factory version? I'm just throwing ideas out there to see if I can help really :).

Also in the past few weeks I've only had 2 freezes and 1 BSOD (to which I attached the minidump just in case), which is a good improvement compared to when I first posted, where I was getting freezes and BSODs daily.

Attached Files


  • 1

Advertisements


#17
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,087 posts
Are you using ZoneAlarm? That last mini dump had fwpkclnt.sys as the failing module. Google indicates this is usually a ZoneAlarm problem.
  • 0

#18
guitar_freak8894

guitar_freak8894

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
No I've never heard of Zone Alarm before. I even checked my list of programs in the Control Panel but no Zone Alarm shows up. That's strange that the Minidump shows something new now.
  • 0

#19
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,087 posts
FWPKCLNT.SYS is part of Windows, but ZoneAlarm seems to cause BSODs in it for some reason. Since you don't have ZA, try running System File Checker as follows:

Open a Elevated Command Prompt.
Type sfc /scannow and press Enter.
Let it run to completion.

To see what it did, look at the cbs.log file.

notepad C:\Windows\Logs\CBS\cbs.log

Press Ctrl+F and search for [SR]. Scroll down from there to see what happened. Hard to decipher but the lines with

0: Move File: Source =

in them are repair transactions I think. Most are to correct problems in the winsxs directory from what I see in my computer.

Good info on deciphering it here: How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program generates in Windows Vista (same for Windows 7).

Edit: When I ran it on my Win 7 Pro system it looked like this:

sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,531 posts
  • MVP
This is Ron. Ztruker has asked me to work with you directly so as to speed up the process.

Let's do the SFC a bit differently:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.

After you do the above, continue in the Command window with:

sigverif

(Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.))

Submit your reply now before going on.

Close the Command Window.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and then Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

I'm also going to send you a PM with some scans I want you to run. I'm not supposed to use them in this forum so please copy and paste them into a reply to my PM. Do not post them.

Ron
  • 0

#21
guitar_freak8894

guitar_freak8894

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ok when I type the command "copy cbs.log cbs.old" and go to continue it says "overwrite cbs.old? (Yes/No/All):" what should i type here because if I try to enter the next command the same question pops up.
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,531 posts
  • MVP
Sounds like you already have a cbs.old. Since you really don't need the log you can say Yes and Overwrite the old one.
  • 0

#23
guitar_freak8894

guitar_freak8894

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
well I started on Ztruker's steps until I refreshed the page and saw yours so I closed the cmd window and restarted to stop any processes. It wouldnt let me start your steps because Ztruker's "sfc /scannow" was still running even with the window closed so I restarted. That must be why I already have a "cbs.old".


EDIT: Another thing is the last line "findstr /c:"[SR]" cbs.log > junk.txt". When I type this and press enter nothing happens. I don't get a junk.txt or can find one in "C:",which is where I guess it would be. I might point out though that when "sfc /scannow" is finished it says "Windows Resource Protection did not find any integrity violations".

Edited by guitar_freak8894, 18 July 2011 - 06:42 PM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,531 posts
  • MVP
The file would be in the same location as the cbs.log but since your SFC finished happily we don't need it - so much ado about nothing.

We really are not supposed to work on a system that is being helped on another forum plus until your malware is removed there is no point in continuing. Your bleeping computer helper is on the right track. The four files he had you try to replace with Avenger are definitely malware.

Come back when he says you are clean and we will go on from there.

Ron
  • 0

#25
dellaseren

dellaseren

    New Member

  • Member
  • Pip
  • 9 posts
Hiya,

Sorry if this is of no use to you, but I had BSOD tcpip.sys, and I just removed Spyware Doctor and the problem stopped. If you don't have SD installed, could it be a clash of similar programs? Sorry I'm not techy so I don't really know the answer, but maybe it's a clue?!

Hope you sort it out!! Good luck!!
  • 0

Advertisements


#26
guitar_freak8894

guitar_freak8894

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
well I do have SD and McAfee. I planned on getting rid of McAfee and upgrading SD with a firewall as soon as McAfee's subscription ran out.
  • 0

#27
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,087 posts
Worth trying. Uninstall SD and McAfee. Install Microsoft Security Essentials and if you don't mind paying, Malware Bytes Anti Malware Pro ($24.95). That's the combo I use and I've been very happy with it.
  • 0

#28
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,087 posts
Please hold off doing anything here until you finish your malware thread at BleepingComputer.com.
  • 0

#29
guitar_freak8894

guitar_freak8894

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Just attaching 5 minidumps so I dont forget to do it another time. The malware problem is fixed now, just cleaning up the programs and logs and such. I'm getting a lot more frequent freezes and a few BSODs now. One example of BSOD is when I logged into windows just as I started my laptop, before it finished the "welcome" loading screen, I got a BSOD.

Attached Files


Edited by guitar_freak8894, 02 August 2011 - 07:18 AM.

  • 0

#30
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,087 posts
They all indicate fwpkclnt.sys is failing with a 0X000000D1 error code. Again, this is the Windows Firewall.

Did you ever try uninstalling Spyware Doctor to see if that resolvers the problem. You said you were going to uninstall McAfee, did you do that?

For testing purposes, and perhaps as a long term fix, please install both of the above. Install Microsoft Security Essentials and see if the BSODs go away.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP