Tech Support Forum banner
Status
Not open for further replies.

[SOLVED] Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

4K views 12 replies 3 participants last post by  Patrick 
#1 · (Edited)
For the past 2 months I have received an increased growth in frequent BSOD relating to tcpip.sys. I have received over 50 BOSD in on week and approximately 10 in one day. It makes my life especially frustrating because of the delay in my school online homework, server hosting, and personal entertainment. I mainly receive BSOD on tcpip.sys address 86cD45AC base at 86c1b000. I have check many of my drivers for outdated and have attempted to fix corrupted registry keys. I do not have any experience in such things. I need urgent assistance. I'm not sure if it's a program, registry key, virus, or some other error.

Thanks in advance. :smile:

Other Info About problem below and The logs/analysis included below:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: CCCCCDD8
BCP2: 00000000
BCP3: 86CD65AC
BCP4: 00000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

PC Specs(I have an old system)------
OS: Windows 7 Professional 32 bit
Processor: Intel core Quad Q6600 2.4 GHz
GPU: Geforce 9400 GT
RAM: 3GB
Hard Drive: Hitachi HDT735050VLA360 ATA9 (I believe this is it)
Network Adapter: Netgear RangeMax Wireless USB 2.0 WPN11(Although using FIOS Verizon Router)

Anti-Virus/Malware Software------
-McAfee
-Microsoft Security Essentials
-Spybot Free Edition
-Malwarebytes Anti-Malware

Note: I sometimes turn off Real Time Scanning/ Add an exception for gaming reasons

PC Speed Boosters------
Auslogics BoostSpeed 7
System Mechanic 14 (Don't use often)
 

Attachments

See less See more
#2 · (Edited)
Re: Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

Hi,

I don't even need to take a look at the crash dumps, respectfully.

-McAfee
-Microsoft Security Essentials
-Spybot Free Edition
-Malwarebytes Anti-Malware
You have 2 antivirus suites running, and 2 anti-malware/spyware programs. There are definitely some huge kernel interceptor conflicts going on that are causing massive NETBIOS problems.

Trash McAfee and Spybot and keep MSE and Malwarebytes.

Auslogics BoostSpeed 7
System Mechanic 14 (Don't use often)
Uninstall both. PC 'boosters' are unnecessary bloatware that don't do any real-world improvements whatsoever.

If you'd like to continue to do things such as automatically cleaning TEMP, history, cache, etc... use CCleaner (but don't registry clean).

Regards,

Patrick
 
#4 ·
Re: Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

Hi,

I don't even need to take a look at the crash dumps, respectfully.

You have 2 antivirus suites running, and 2 anti-malware/spyware programs. There are definitely some huge kernel interceptor conflicts going on that are causing massive NETBIOS problems.

Trash McAfee and Spybot and keep MSE and Malwarebytes.

Uninstall both. PC 'boosters' are unnecessary bloatware that don't do any real-world improvements whatsoever.

If you'd like to continue to do things such as automatically cleaning TEMP, history, cache, etc... use CCleaner (but don't registry clean).

Regards,

Patrick
I wouldn't necessarily jump to conclusions.... Just please analyze at least the dump file that I debugged. The text document. I need specific results. I don't want to leave my software out especially the paid ones.
 
#3 ·
Re: Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

Hi. . .

In addition to the multiple A/Vs installed, your Netgear RangeMax Wireless USB 2.0 driver is a likely BSOD contributor due to its age and the fact that Microsoft networking drivers netio.sys and tcpip.sys are among the "probably caused by" per Windbg -
Code:
[FONT=Lucida Console]WPN111v.sys  [COLOR=#676767]Tue[/COLOR] Jul 29 [COLOR=#676767]08:45:18[/COLOR] 2008 [COLOR=#676767](488F10DE)[/COLOR][/FONT]
http://sysnative.com/drivers/driver.php?id=WPN111v.sys

tcpip.sys and netio.sys are not the cause and are listed (blamed) merely as a default.

Update Netgear driver - see if v3.0 will install - http://downloadcenter.netgear.com/en/product/WPN111#searchResults

Select "WPN111 Software Version 3.0 (Supports Win 7)". Create a Windows System Restore point first -

http://www.sysnative.com/forums/win...-point-windows-8-1-8-7-and-windows-vista.html

Regards. . .

jcgriff2

`
 
#5 ·
Re: Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

Hi. . .

In addition to the multiple A/Vs installed, your Netgear RangeMax Wireless USB 2.0 driver is a likely BSOD contributor due to its age and the fact that Microsoft networking drivers netio.sys and tcpip.sys are among the "probably caused by" per Windbg -
Code:
[FONT=Lucida Console]WPN111v.sys  [COLOR=#676767]Tue[/COLOR] Jul 29 [COLOR=#676767]08:45:18[/COLOR] 2008 [COLOR=#676767](488F10DE)[/COLOR][/FONT]
http://sysnative.com/drivers/driver.php?id=WPN111v.sys

tcpip.sys and netio.sys are not the cause and are listed (blamed) merely as a default.

Update Netgear driver - see if v3.0 will install - NETGEAR Support | Downloads | WPN111

Select "WPN111 Software Version 3.0 (Supports Win 7)". Create a Windows System Restore point first -

Windows System Restore - Create a Restore Point (Windows 8.1, 8, 7 & Vista) - Sysnative Forums

Regards. . .

jcgriff2

`
You actually might be on to something.. I've had have crashes relating to WPN111v.sys , but my only problem is that I have problems with installing v3.0 When I try to uninstall the 2.0 it doesn't really uninstall and leaves the 3.0 to say that I still have to uninstall it.
 
#6 ·
Re: Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

I'm actually starting to look at the debugged dump file myself and what caught my eye was : mbam.ex I searched it up and it looks like Malwarebytes Anti-Malware. Seems nearly impossible. What could it really be?
 
#7 · (Edited)
Re: Frequent BSOD[50+ and counting) on Internet Related Programs (tcpip.sys)

I wouldn't necessarily jump to conclusions
With all due respect, this isn't a jump to a conclusion. If you have two antiviruses installed, they are both trying to do the same thing which is causing a conflict.

Picture the following:

- Man walks up to gate and there's a security officer.

- Security officer requests he needs to inspect the box the man is holding before he allows the man through the gate.

- As the man is getting ready to hand the box to the first security officer, a second security officer comes barging inappropriately through the gate.

- The man shows the box to the original (and first) security officer. At this point, the second security officer then says 'Please also show me the box'.

- The man has an extremely confused look on his face, mainly because he just had his box checked by the first security guard and it was deemed safe to pass through the gate with the man.

Replace security guard #1 with McAfee, security guard #2 with MSE, and the box with a network packet being checked for integrity and validity.

---------------------------

However, because I may as well at this point:

PAGE_FAULT_IN_NONPAGED_AREA (50)

This indicates that invalid system memory has been referenced.

First of all, the dump is verifier enabled:

Code:
Verify Flags Level 0x00000fbb

  STANDARD FLAGS:
    [X] (0x00000000) Automatic Checks
    [X] (0x00000001) Special pool
    [X] (0x00000002) Force IRQL checking
    [X] (0x00000008) Pool tracking
    [X] (0x00000010) I/O verification
    [X] (0x00000020) Deadlock detection
    [X] (0x00000080) DMA checking
    [X] (0x00000100) Security checks
    [X] (0x00000800) Miscellaneous checks

  ADDITIONAL FLAGS:
    [ ] (0x00000004) Randomized low resources simulation
    [X] (0x00000200) Force pending I/O requests
    [X] (0x00000400) IRP logging

    [X] Indicates flag is enabled
With that said, we should have a pretty elaborate stack:

Code:
2: kd> k
ChildEBP RetAddr  
afd5f9f8 8343aa38 nt!MmAccessFault+0xbd
afd5f9f8 86cd65ac nt!KiTrap0E+0xdc
afd5fa88 86b52a0f tcpip!AlepFreeCloneConnectRedirectLayerData+0x15
afd5faa0 86b5297b NETIO!ClassifyContextCleanupRoutine+0x62
afd5faac 86b52bc9 NETIO!WfpObjectDereference+0x1e
afd5fabc 86d6fa84 NETIO!FeReleaseClassifyHandle+0x2c
afd5facc a1b26749 fwpkclnt!FwpsReleaseClassifyHandle0+0x18
afd5fae4 a1b26fc1 mwac+0x5749
afd5fafc a1b24c0a mwac+0x5fc1
afd5fb14 a1b23ec3 mwac+0x3c0a
afd5fb70 a1b23b20 mwac+0x2ec3
afd5fb90 a1b24b18 mwac+0x2b20
afd5fbac a1b29266 mwac+0x3b18
afd5fbcc a1b28255 mwac+0x8266
afd5fbdc 837286c3 mwac+0x7255
afd5fc00 83430fe1 nt!IovCallDriver+0x258
afd5fc14 83606bbc nt!IofCallDriver+0x1b
afd5fc34 83608f9f nt!IopSynchronousServiceTail+0x1f8
afd5fcd0 8360ff71 nt!IopXxxControlFile+0x6aa
afd5fd04 83437856 nt!NtDeviceIoControlFile+0x2a
afd5fd04 773370f4 nt!KiSystemServicePostCall
2615fa1c 00000000 0x773370f4
Malwarebytes' Web Access Control (MWAC) driver is calling various network routines and functions here such as the Network I/O Subsystem's FeReleaseClassifyHandle function, etc. We go right off the rails and access invalid memory at - tcpip!AlepFreeCloneConnectRedirectLayerData+0x15.

Malwarebytes itself is likely not the problem, and again, it's dealing with the security guard situation I mentioned above. It's trying to do network work, and either McAfee or MSE are getting in its way.

As I said, it comes down to using either McAfee or MSE (not both). Personally, as I also said, I'd uninstall McAfee and keep MSE. I've seen too many problems stem from McAfee.

-- Also, I'd like to make note that McAfee should have automatically disabled MSE upon its installation unless you yourself re-enabled it. It's disabled for a reason, and that's because situations like this will start to happen.

A direct quote from a MSFT employee if my word is not enough:

“Can Microsoft Security Essentials co-exist with other antivirus software like McAfee or Norton? Or do I have to uninstall my current McAfee Suite?”


Yes, you should uninstall McAfee Suite before installing Microsoft Security Essentials.
Regards,

Patrick
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top