Hi guys! I have really frustrating situation going with my computer. Almost every day my computer is going down with BSOD that saying that something is wrong with my Tcpip.sys. Googled for solutions for days, scanned for viruses with different programs, installed firewall, but nothing, nothing came out. Please, help! Below is detailed decoded error dump : ------------------------------------------------------------------------ Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Work\Temp\BSOD\log1\Mini042310-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019 Machine Name: Kernel base = 0xfffff800`02c4b000 PsLoadedModuleList = 0xfffff800`02e0fdd0 Debug session time: Fri Apr 23 19:49:21.353 2010 (UTC + 3:00) System Uptime: 0 days 1:29:35.213 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {40, 2, 0, fffffa600117650b} Unable to load image \SystemRoot\System32\drivers\tcpip.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for tcpip.sys *** ERROR: Module load completed but symbols could not be loaded for tcpip.sys Probably caused by : tcpip.sys ( tcpip+11550b ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000040, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffffa600117650b, address which referenced memory Debugging Details: ------------------ USER_LCID_STR: ENU OS_SKU: 3 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002e72080 0000000000000040 CURRENT_IRQL: 2 FAULTING_IP: tcpip+11550b fffffa60`0117650b ?? ??? CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: csrss.exe TRAP_FRAME: fffffa6001922c80 -- (.trap 0xfffffa6001922c80) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0 rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0 r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip+0x11550b: fffffa60`0117650b ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ca526e to fffff80002ca54d0 STACK_TEXT: fffffa60`01922b38 fffff800`02ca526e : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffffa60`01922b40 fffff800`02ca414b : 00000000`00000000 00000000`00000000 0b81007a`80101080 fffffa80`0d1f55e0 : nt!KiBugCheckDispatch+0x6e fffffa60`01922c80 fffffa60`0117650b : 00000000`00000002 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 : nt!KiPageFault+0x20b fffffa60`01922e10 00000000`00000002 : 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 : tcpip+0x11550b fffffa60`01922e18 00000000`00000001 : fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 : 0x2 fffffa60`01922e20 fffffa80`06cb9c10 : fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 : 0x1 fffffa60`01922e28 fffffa80`0b038bb0 : 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 : 0xfffffa80`06cb9c10 fffffa60`01922e30 00000000`00000002 : fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 : 0xfffffa80`0b038bb0 fffffa60`01922e38 fffff800`02d5fd02 : fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 fffff800`02c13750 : 0x2 fffffa60`01922e40 00000000`00000070 : 00000000`00000002 00000000`00000000 00000002`00000001 fffffa80`051975e8 : nt!EtwpLogKernelEvent+0x202 fffffa60`01922ee0 00000000`00000002 : 00000000`00000000 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 : 0x70 fffffa60`01922ee8 00000000`00000000 : 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 00000000`00000200 : 0x2 STACK_COMMAND: kb FOLLOWUP_IP: tcpip+11550b fffffa60`0117650b ?? ??? SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: tcpip+11550b FOLLOWUP_NAME: MachineOwner MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2c05 FAILURE_BUCKET_ID: X64_0xD1_tcpip+11550b BUCKET_ID: X64_0xD1_tcpip+11550b Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000040, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffffa600117650b, address which referenced memory Debugging Details: ------------------ USER_LCID_STR: ENU OS_SKU: 3 READ_ADDRESS: 0000000000000040 CURRENT_IRQL: 2 FAULTING_IP: tcpip+11550b fffffa60`0117650b ?? ??? CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: csrss.exe TRAP_FRAME: fffffa6001922c80 -- (.trap 0xfffffa6001922c80) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0 rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0 r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip+0x11550b: fffffa60`0117650b ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ca526e to fffff80002ca54d0 STACK_TEXT: fffffa60`01922b38 fffff800`02ca526e : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffffa60`01922b40 fffff800`02ca414b : 00000000`00000000 00000000`00000000 0b81007a`80101080 fffffa80`0d1f55e0 : nt!KiBugCheckDispatch+0x6e fffffa60`01922c80 fffffa60`0117650b : 00000000`00000002 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 : nt!KiPageFault+0x20b fffffa60`01922e10 00000000`00000002 : 00000000`00000001 fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 : tcpip+0x11550b fffffa60`01922e18 00000000`00000001 : fffffa80`06cb9c10 fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 : 0x2 fffffa60`01922e20 fffffa80`06cb9c10 : fffffa80`0b038bb0 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 : 0x1 fffffa60`01922e28 fffffa80`0b038bb0 : 00000000`00000002 fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 : 0xfffffa80`06cb9c10 fffffa60`01922e30 00000000`00000002 : fffff800`02d5fd02 fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 : 0xfffffa80`0b038bb0 fffffa60`01922e38 fffff800`02d5fd02 : fffffa80`03f60000 00000000`00000020 fffffa60`01922e78 fffff800`02c13750 : 0x2 fffffa60`01922e40 00000000`00000070 : 00000000`00000002 00000000`00000000 00000002`00000001 fffffa80`051975e8 : nt!EtwpLogKernelEvent+0x202 fffffa60`01922ee0 00000000`00000002 : 00000000`00000000 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 : 0x70 fffffa60`01922ee8 00000000`00000000 : 00000002`00000001 fffffa80`051975e8 fffffa60`01922f70 00000000`00000200 : 0x2 STACK_COMMAND: kb FOLLOWUP_IP: tcpip+11550b fffffa60`0117650b ?? ??? SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: tcpip+11550b FOLLOWUP_NAME: MachineOwner MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d2c05 FAILURE_BUCKET_ID: X64_0xD1_tcpip+11550b BUCKET_ID: X64_0xD1_tcpip+11550b Followup: MachineOwner --------- 1: kd> lmvm tcpip start end module name fffffa60`01061000 fffffa60`011d7000 tcpip T (no symbols) Loaded symbol image file: tcpip.sys Image path: \SystemRoot\System32\drivers\tcpip.sys Image name: tcpip.sys Timestamp: Thu Feb 18 14:01:09 2010 (4B7D2C05) CheckSum: 0015E59F ImageSize: 00176000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 1: kd> .trap 0xfffffa6001922c80 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800d1f55e0 rdx=fffffa80051a4000 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa600117650b rsp=fffffa6001922e10 rbp=fffffa800d1f55e0 r8=fffffa800d1f58a8 r9=0000000000000001 r10=000000000000003f r11=00000000000833c0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip+0x11550b: fffffa60`0117650b ?? ??? AT

I found the solution. It seems it was my firewall application. I've been using Outpost Firewall Pro for year without any problems, but now it seems that this program is the reason of BSOD Last weekend, I turned it off and switched back to the windows default one. During the week there was not any problems at allAT