Win7 BSoD

Windows 7 Home Premium 64-bit
Intel Core i5 2410M CPU @ 2.30 GHz
6GB RAM
AMD Radeon HD 6470m
Mobile Intel HD Graphics

Any help would be greatly appreciated

 

I'd check the status of tcpip.sys. The majority of these logs say it is the driver that caused the BSOD.

 

Thanks so much for the reply
How exactly would I check the status of tcpip.sys? I've located it but I have no idea what to do with it.

 

How long have you had McAfee firewall installed and does this coincide with BSOD occurences?

 

McAfee came installed in my computer so it's been there for about 5 months now. I doubt the firewall has anything to do with it ,though. I ran a test with the firewall off and still got a BSoD.

 

C:\Windows\system32\DRIVERS\tcpip.sys

Try uploading it to Virustotal
Link us to the VirusTotal page of the results.

 

Note: Due to syswow64 redirection, you'll need to copy C:\Windows\system32\DRIVERS\tcpip.sys to somewhere like your Downloads directory before uploading.

 

tcpip.sys is taking a lifetime to upload to Virustotal despite being only 1.8 MB. Is this normal?

 

That website often has a lot of traffic. I'm mostly concerned about the MD5 hash so try this:

http://img707.imageshack.us/img707/6703/generalxpicon.gif Download SystemLook from one of the links below and save it to your desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

• Double-click SystemLook.exe to run it.
• Copy and Paste the content of the following code box into the main text-field:

Code:

:filefind
tcpip.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan and a file entitled SystemLook.txt will be created on your desktop.
• Attach that file to your next message. (How to attach)

 

Ok Virustotal is refusing to co-operate so I'll just upload a copy of tcpip.sys itself

 

Ok here's the SystemLook log

 

It's a legit copy.

Code:

C:\Users\Danny\Downloads\tcpip.sys	--a---- 1923952 bytes	[02:20 09/12/2011]	[16:29 29/09/2011] FC62769E7BFF2896035AEED399108162

Did you download tcpip.sys before? Just curious as to why there is a copy in that folder.

 

Nope. I just copied it to my Downloads folder so it would be easier to upload.

 

Thanks for clarifying. I'm not sure why you're getting BSODs yet. I will have to think about it some more.

 

I just realised in the dumps that PctWfpFilter64.sys is showing, which I assume is part of PC Tools Firewall Plus, so there's quite likely a conflict occurring between PC Tools and McAfee.

 

That would make sense, but would there be a relation between that and tcpip.sys?

 

The stack traces show the connection to tcpip.sys

Code:

120711-44725-01.dmp
STACK 

: nt!KeBugCheckEx
: nt!KiBugCheckDispatch+0x69
: nt!KiPageFault+0x260
: tcpip!IppSendDatagramsCommon+0x834
: tcpip!IppInspectInjectTlSend+0x1b9
: fwpkclnt!FwppInjectTransportSendAsync+0x41f
: fwpkclnt!FwpsInjectTransportSendAsync0+0x63  <- Microsoft FWP/IPSec Kernel-Mode API
: PctWfpFilter64+0x108f2                       <- PCTools Firewall
: 0xfffff880`04b3da80
: 0xfffff880`04b3d9e0
: 0xfffffa80`0debd500


113011-28251-01.dmp
STACK

: nt!KeBugCheckEx
: nt!KiBugCheckDispatch+0x69
: nt!KiPageFault+0x260
: tcpip!IppSendDatagramsCommon+0x834
: tcpip!IppInspectInjectTlSend+0x1b9
: fwpkclnt!FwppInjectTransportSendAsync+0x41f
: fwpkclnt!FwpsInjectTransportSendAsync0+0x63  <- Microsoft FWP/IPSec Kernel-Mode API
: mfewfpk+0xa3f9                               <- McAfee Firewall
: 0xfffffa80`05a23490
: 0x1
: 0xfffffa80`00000000
: 0x30
: 0xfffffa80`05a23590
: 0x2
: 0x1
: 0xfffffa80`0d7bf4f0
: mfewfpk+0x9360                                <- McAfee
: 0xfffffa80`05a23490
: 0x1`00060000
: 0xfffff880`035cbb08
: 0xfffff880`035cbb08

 

Yep this appears to be it. I disabled PCTools and now the BSoDs are gone. Thanks so much