Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please, help! BSOD because of tcpip.sys


  • Please log in to reply

#1
Andrey Tagaew

Andrey Tagaew

    New Member

  • Member
  • Pip
  • 3 posts
Hi guys!

I have really frustrating situation going with my computer.
Almost every day my computer is going down with BSOD that saying that something is wrong with my Tcpip.sys.

Googled for solutions for days, scanned for viruses with different programs, installed firewall, but nothing, nothing came out.

Please, help!

Below is detailed decoded error dump :
------------------------------------------------------------------------

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Work\Temp\BSOD\log1\Mini042310-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019
Machine Name:
Kernel base = 0xfffff800`02c4b000 PsLoadedModuleList = 0xfffff800`02e0fdd0
Debug session time: Fri Apr 23 19:49:21.353 2010 (UTC + 3:00)
System Uptime: 0 days 1:29:35.213
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {40, 2, 0, fffffa600117650b}

Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Probably caused by : tcpip.sys ( tcpip+11550b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffa600117650b, address which referenced memory

Debugging Details:
------------------


USER_LCID_STR: ENU

OS_SKU: 3

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002e72080
0000000000000040

CURRENT_IRQL: 2

FAULTING_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: csrss.exe

TRAP_FRAME: fffffa6001922c80 -- (.trap 0xfffffa6001922c80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0
rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0
r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f
r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip+0x11550b:
fffffa60`0117650b ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002ca526e to fffff80002ca54d0

STACK_TEXT:
fffffa60`01922b38 fffff800`02ca526e : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffa60`01922b40 fffff800`02ca414b : 00000000`00000000 00000000`00000000 0b81007a`80101080 fffffa80`0d1f55e0 : nt!KiBugCheckDispatch+0x6e
fffffa60`01922c80 fffffa60`0117650b : 00000000`00000002 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 : nt!KiPageFault+0x20b
fffffa60`01922e10 00000000`00000002 : 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 : tcpip+0x11550b
fffffa60`01922e18 00000000`00000001 : fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 : 0x2
fffffa60`01922e20 fffffa80`06cb9c10 : fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 : 0x1
fffffa60`01922e28 fffffa80`0b038bb0 : 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 : 0xfffffa80`06cb9c10
fffffa60`01922e30 00000000`00000002 : fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 : 0xfffffa80`0b038bb0
fffffa60`01922e38 fffff800`02d5fd02 : fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 fffff800`02c13750 : 0x2
fffffa60`01922e40 00000000`00000070 : 00000000`00000002 00000000`00000000 00000002`00000001 fffffa80`051975e8 : nt!EtwpLogKernelEvent+0x202
fffffa60`01922ee0 00000000`00000002 : 00000000`00000000 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 : 0x70
fffffa60`01922ee8 00000000`00000000 : 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 00000000`00000200 : 0x2


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: tcpip+11550b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2c05

FAILURE_BUCKET_ID: X64_0xD1_tcpip+11550b

BUCKET_ID: X64_0xD1_tcpip+11550b

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffa600117650b, address which referenced memory

Debugging Details:
------------------


USER_LCID_STR: ENU

OS_SKU: 3

READ_ADDRESS: 0000000000000040

CURRENT_IRQL: 2

FAULTING_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: csrss.exe

TRAP_FRAME: fffffa6001922c80 -- (.trap 0xfffffa6001922c80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0
rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0
r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f
r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip+0x11550b:
fffffa60`0117650b ?? ???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002ca526e to fffff80002ca54d0

STACK_TEXT:
fffffa60`01922b38 fffff800`02ca526e : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffa60`01922b40 fffff800`02ca414b : 00000000`00000000 00000000`00000000 0b81007a`80101080 fffffa80`0d1f55e0 : nt!KiBugCheckDispatch+0x6e
fffffa60`01922c80 fffffa60`0117650b : 00000000`00000002 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 : nt!KiPageFault+0x20b
fffffa60`01922e10 00000000`00000002 : 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 : tcpip+0x11550b
fffffa60`01922e18 00000000`00000001 : fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 : 0x2
fffffa60`01922e20 fffffa80`06cb9c10 : fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 : 0x1
fffffa60`01922e28 fffffa80`0b038bb0 : 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 : 0xfffffa80`06cb9c10
fffffa60`01922e30 00000000`00000002 : fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 : 0xfffffa80`0b038bb0
fffffa60`01922e38 fffff800`02d5fd02 : fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 fffff800`02c13750 : 0x2
fffffa60`01922e40 00000000`00000070 : 00000000`00000002 00000000`00000000 00000002`00000001 fffffa80`051975e8 : nt!EtwpLogKernelEvent+0x202
fffffa60`01922ee0 00000000`00000002 : 00000000`00000000 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 : 0x70
fffffa60`01922ee8 00000000`00000000 : 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 00000000`00000200 : 0x2


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip+11550b
fffffa60`0117650b ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: tcpip+11550b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2c05

FAILURE_BUCKET_ID: X64_0xD1_tcpip+11550b

BUCKET_ID: X64_0xD1_tcpip+11550b

Followup: MachineOwner
---------

1: kd> lmvm tcpip
start end module name
fffffa60`01061000 fffffa60`011d7000 tcpip T (no symbols)
Loaded symbol image file: tcpip.sys
Image path: \SystemRoot\System32\drivers\tcpip.sys
Image name: tcpip.sys
Timestamp: Thu Feb 18 14:01:09 2010 (4B7D2C05)
CheckSum: 0015E59F
ImageSize: 00176000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> .trap 0xfffffa6001922c80
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0
rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0
r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f
r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip+0x11550b:
fffffa60`0117650b ?? ???
  • 0

Advertisements


#2
kristain

kristain

    Banned

  • Banned
  • PipPip
  • 67 posts
tcpip.sys blue screen can be caused by a lot of reasons, but an invalid and corrupted registry entry is one of the most common causes for this problem.
  • 0

#3
Andrey Tagaew

Andrey Tagaew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for the suggestion.

Can you suggest the best way of how to check my registry and clean it up.

I'm using CCleaner. Is it enough ?
  • 0

#4
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Leave registry alone. Playing with registry is not recommended: http://miekiemoes.bl...weaking_13.html

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    tcpip.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#5
Andrey Tagaew

Andrey Tagaew

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for your help, Man.

I found the solution.

It seems it was my firewall application.

I've been using Outpost Firewall Pro for year without any problems, but now it seems that this program is the reason of BSOD

Last weekend, I turned it off and switched back to the windows default one.

During the week there was not any problems at all
  • 0

#6
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Very well :)
Thanks for posting back :)
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP