New
#1
Windows 7 Random bsod caused by tcpip.sys
As the title says.
As the title says.
It appears to be a conflict between Malwarebytes Web Access Control and Norton Internet Security that is causing the network issue there.
Update malwarebytes to the latest version (not the virus definition only). Uninstall Norton and all Symentec products using Norton Removal tool. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Free up the startup. Windows does not need any other program to auto start with it, but the auto start programs often conflicts and causes various problems including BSODs.
- Click on the Start button
- Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
- Select the “Startup” tab.
- Deselect all items other than the antivirus.
- Apply > OK
- Accept then restart.
Let us know for any further BSOD.
We need to observe the situation, coz a lot of other unwanted programs are installed there.
_______________________________________
Code:BugCheck 19, {20, fffffa800a5f10e0, fffffa800a5f1100, 4020003} *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a ) Followup: MachineOwner ---------Code:fffff880`0bd9e7d8 fffff880`07130fd0Unable to load image SYMNETS.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for SYMNETS.SYS *** ERROR: Module load completed but symbols could not be loaded for SYMNETS.SYS SYMNETS+0x79fd0
Same error while surfing the net and starting windows.
OK, uninstall Malwarebytes as a test. I think you use Malwarebytes pro?
It will be just a test.
And, disable the rest startup entries ... the Asrock bloatwares. They should not be installed at the first place.
______________________________________________
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {20, fffffa800c657bd0, fffffa800c657bf0, 402000c} *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000020, a pool block header size is corrupt. Arg2: fffffa800c657bd0, The pool entry we were looking for within the page. Arg3: fffffa800c657bf0, The next pool entry. Arg4: 000000000402000c, (reserved) Debugging Details: ------------------ BUGCHECK_STR: 0x19_20 POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310e100 GetUlongFromAddress: unable to read from fffff8000310e1c0 fffffa800c657bd0 Nonpaged pool CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: mbamservice.ex CURRENT_IRQL: 0 ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre LAST_CONTROL_TRANSFER: from fffff80003009cae to fffff80002ed6c00 STACK_TEXT: fffff880`155fe258 fffff800`03009cae : 00000000`00000019 00000000`00000020 fffffa80`0c657bd0 fffffa80`0c657bf0 : nt!KeBugCheckEx fffff880`155fe260 fffff880`01b290bd : 00000000`00000008 00000000`00000004 00000000`676e7049 fffffa80`0a71cc4a : nt!ExDeferredFreePool+0x12da fffff880`155fe310 fffff880`0180a04a : 00000000`00000000 fffff880`018060c3 00000000`00000000 fffffa80`0af038a0 : tcpip!IppInspectBuildHeaders+0x65d fffff880`155fe5f0 fffff880`14b7412d : 00000000`00000000 00000000`00000014 00000000`00000000 fffffa80`098ab380 : fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x20a fffff880`155fe690 00000000`00000000 : 00000000`00000014 00000000`00000000 fffffa80`098ab380 fffffa80`098ab394 : mwac+0x612d STACK_COMMAND: kb FOLLOWUP_IP: fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a fffff880`0180a04a 85c0 test eax,eax SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a FOLLOWUP_NAME: MachineOwner MODULE_NAME: fwpkclnt IMAGE_NAME: fwpkclnt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 50e4f5c8 IMAGE_VERSION: 6.1.7601.18042 FAILURE_BUCKET_ID: X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a BUCKET_ID: X64_0x19_20_fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+20a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x19_20_fwpkclnt!fwpsconstructipheaderfortransportpacket0+20a FAILURE_ID_HASH: {863e217f-0693-d7a3-6d21-a4c5a3f57698} Followup: MachineOwner ---------