TechSpot

BSOD, Win 7 x64, tcpip.sys

By matob
Feb 28, 2011
Post New Reply
  1. Hi,

    at first I didnt know wheter to start a new topic, but I think that my problem could be somewhat specific.

    Almost every day I get a BSOD relating to tcpip.sys and ntoskrnl.exe. Drivers are updated, also windows is patched with newest updates. It is strange, because there are other people experiencing the same problem, who are connected to the same router as I am. Could the router somehow be the problem?

    I am attaching 8 minidump files.
    Thanks for your help.

    Attached Files:

  2. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    Did you build this system or did you purchase it like a Dell, HP, etc.?
  3. matob

    matob TS Rookie Topic Starter

    I am so silly... I didn´t specify the model..
    It is a notebook Lenovo Y560.
    I´ve purchased it as it is. No changes.
  4. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    Okay, all minidumps point to tcpip.sys as the cause of your system crashes. This is a Windows OS driver that deals with networking/internet.

    Go to Lenovo's website and find your exact laptop model and update your wireless card drivers again to the latest offerings. If you already have then...

    Lenovo is an excellent company that makes great laptops. They have good tech support as well (at least from my own experiences). If you continue to have issues contact them since this appears your system is still under warranty.

    By the way, what security software are you running?

    Please keep us updated.
  5. matob

    matob TS Rookie Topic Starter

    All drivers are updated. Besides, the other laptop (asus) is having exactly the same problem. It also has updated drivers.

    I am running comodo internet security, the other laptop has comodo firewall + avira antivir.

    I´ve read about some BSODs relating to comodo firewall which would explain it, but the version of the firewall is far older than mine. Therefore the solution offered is no longer available (different firewall kernel drivers and so on)

    Oh, I forgot to mention that it happens only while connected to college wifi. I´ve never experienced this BSOD at any other location, so doesn´t my roommate with asus.

    I am quite experienced pc user, but cannot figure out this one on my own :)
  6. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    Then the issue has to be with the college WiFi. I would see if others are having the same issue. It could be a security setting. Have you contacted the on campus tech? Or is your on campus tech like a lot of on campus tech centers: manned by people who are want-to-bes? :D
  7. matob

    matob TS Rookie Topic Starter

    It is exactly like that :) Speaking to them was not particurlary helpfull, they´ve said that nobody experiences the problems (at least nobody had told them).
    It seems to me that the problem is limited to win7 x64 and maybe comodo. Im going to try to change firewall. Any suggestions? I was very pleased with comodo :(

    .... I have an idea... what do you say about switching to comodo x86? what actually is the difference? I suppose there could be some kind of incompatibility or bug in the x64 version.
    There is also the option of returning to windows firewall (I´ve heard that integrated firewall in win7 applies itself quite well.. but I dont know...)
  8. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    Comodo is good. It would be a shame to have to change out your firewall because of this one issue. What firewall are they using for their WiFi?

    Anyway, you might want to try Online Armor free version. I use the paid on my main system, and run the free version on our second family PC and two laptops. It will work with both versions of Windows 7. It will pop-up in the beginning even after doing its learning mode but it is just learning with you.

    Windows 7 firewall (unlike the horrendously poor XP firewall) is actually quite good for inbound traffic. There is a number of how-tos on the 'net on how to tweak it for greater security and outbound traffic. I have it on in my wife's new Lenovo Edge laptop and so far it works well.
  9. matob

    matob TS Rookie Topic Starter

    So far, I am a BSOD-free guy :)
    I am running only win7 firewall, since I think that the n.1 threat to computer is a careless user. All the time I had comodo installed, there was no attack whatsoever so I suddenly feel I do not really need it. Am I making a mistake? :)
  10. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    What other security software are you running in real time protection?
  11. matob

    matob TS Rookie Topic Starter

    Avira personal. I ve been using it for maybe 5 years, just recently I switched to comodo security suite. I think Avira is one of the best antiviruses and (what is almost imaginable nowadays) it is free. Basicly the worst I can get is autorun.inf - type malware and viruses, transfered by flash drives. Avira prooved to be effective in eliminating this threat.
     
  12. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    Many of us like the layered approach to security. Differing products as opposed to one security suit.

    I believe if you ran Windows 7 firewall, Microsoft Security Essentials, and Avira you should do quite fine. Avast is another excellent antivirus.
  13. matob

    matob TS Rookie Topic Starter

    I believe it is not very good for the system to run two antivir programs... And you forgot about windows defender.. although I dont know if it is capable of some serious protection...
  14. matob

    matob TS Rookie Topic Starter

    Well, so far still without a BSOD, however I had to put the Comodo back on. This is because viruses appeared in my system... 9 or 12 detections. So now I wait for another tcpip.sys crash and then I will try another firewalls... :/
  15. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    My bad. I didn't mean to list two antivirus.

    Did you use the Windows 7 firewall?
  16. matob

    matob TS Rookie Topic Starter

    Yes, only Avira, Win7 defender and Win7 firewall.
    2 days after uninstalling the Comodo, detections started to pop up..
  17. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    That is strange! What were these detections?
  18. matob

    matob TS Rookie Topic Starter

    Type: File
    Source: C:\Windows\SysWOW64\mssip327.exe
    Status: Infected
    Quarantine object: 03b0584a.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Is the TR/VB.Downloader.Gen Trojan
    Date/Time: 3. 3. 2011, 13:27

    Type: File
    Source: C:\Program Files (x86)\update_kernel.exe
    Status: Infected
    Quarantine object: 49492d0d.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Contains virus patterns of Adware ADWARE/Agent.EZula.lkn
    Date/Time: 3. 3. 2011, 13:27

    Type: File
    Source: C:\Program Files (x86)\Drivers_pack_v3.25.63.exe
    Status: Infected
    Quarantine object: 504f078b.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Contains virus patterns of Adware ADWARE/AdRotator.A.1777
    Date/Time: 3. 3. 2011, 13:25

    Type: File
    Source: C:\Windows\SysWOW64\configb.exe
    Status: Infected
    Quarantine object: 21c4c6c1.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Is the TR/VB.Downloader.Gen Trojan
    Date/Time: 3. 3. 2011, 12:03

    Type: File
    Source: C:\Windows\SysWOW64\dhcpcsvc6F.exe
    Status: Infected
    Quarantine object: 0278a42d.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Is the TR/VB.Downloader.Gen Trojan
    Date/Time: 3. 3. 2011, 12:02

    Type: File
    Source: C:\Windows\SysWOW64\winshfhcq.exe
    Status: Infected
    Quarantine object: 48bfd16f.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Is the TR/VB.Downloader.Gen Trojan
    Date/Time: 3. 3. 2011, 12:02

    Type: File
    Source: C:\Windows\SysWOW64\Msdtce.exe
    Status: Infected
    Quarantine object: 4933d1e1.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.45
    Detection: Is the TR/VB.Downloader.Gen Trojan
    Date/Time: 3. 3. 2011, 11:41

    Type: File
    Source: C:\Program Files (x86)\win64checkKBDK.exe
    Status: Infected
    Quarantine object: 120d4cb4.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.64
    Detection: Is the TR/Agent.65.XS.1 Trojan
    Date/Time: 4. 3. 2011, 13:54

    Type: File
    Source: C:\Users\Martin\AppData\Local\Temp\svchost.exe
    Status: Infected
    Quarantine object: 21a3528c.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.64
    Detection: Is the TR/Agent.93395 Trojan
    Date/Time: 4. 3. 2011, 13:54

    Type: File
    Source: C:\Users\Martin\AppData\Roaming\Intel Corporation\mswinvcl87\tb.dll
    Status: Infected
    Quarantine object: 50026a8c.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.64
    Detection: Is the TR/Agent.44.EL Trojan
    Date/Time: 4. 3. 2011, 13:54

    Type: File
    Source: C:\Users\Martin\AppData\Local\Temp\Microsoft.NET4.6 SP5.exe
    Status: Infected
    Quarantine object: 5eb860fe.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.64
    Detection: Is the TR/Dldr.Agent.fxuc Trojan
    Date/Time: 4. 3. 2011, 13:54

    Type: File
    Source: C:\Users\Martin\AppData\Roaming\Intel Corporation\flvwinms88\tb.dll
    Status: Infected
    Quarantine object: 025d3064.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.64
    Detection: Is the TR/Agent.44.EL Trojan
    Date/Time: 4. 3. 2011, 13:54

    Type: File
    Source: C:\Program Files (x86)\Common Files\microsoft shared\Web Components\messenger.exe
    Status: Infected
    Quarantine object: 48e87495.qua
    Restored: NO
    Uploaded to Avira: YES
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.178
    Virus definition file: 7.11.04.64
    Detection: Is the TR/Agent.93395 Trojan
    Date/Time: 4. 3. 2011, 12:44
  19. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    I would give Avast a chance. If they still have it ESET, makers of NOD32, has a free and safe online scanner. Let it run. Then uninstall Avira and try Avast.
  20. matob

    matob TS Rookie Topic Starter

    Well, I´ve tried the ESET online scanner and it seems that Avira cleaned all the threats. In the case of tcpip.sys BSOD I will try another firewall.
  21. Route44

    Route44 TechSpot Ambassador Posts: 12,142   +31

    I am wondering if it could be your wireless card.
  22. matob

    matob TS Rookie Topic Starter

    I thought that too at first, but it wouldnt explain the other laptop. It is completely different.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.