BSOD possibly from TCPIP

Hi all

I am hoping you can help with a BSOD that I am getting. I never have got my windbg symbols to work correctly but my minidumps seem to point to an issue with TCPIP.SYS.

Previously it seemed to BSOD when browsing, but this latest one was happened right after I said
"no thanks" to a VUZE premium upgrade

I thought I had found a fix using the command line below, but I am still getting them.

"netsh interface teredo set state disabled "

Please find attached the debug info from your applicationMIKESTUART30-PC-24_10_2015_103446_48.zip

Hi mikestuart30,

Welcome to the 10blog.

The tcpip.sys driver is a Windows driver related to the network.
This means, either the network drivers or a driver that tries to connect with the internet is causing problems.
The Malwarebytes Web Access Control driver is where it all starts

Code:

STACK_TEXT:   ffffd000`2add9068 fffff800`fb6f1fe8 : 00000000`00000019 00000000`00000020 ffffe001`7cad4880 ffffe001`7cad48a0 : nt!KeBugCheckEx ffffd000`2add9070 fffff801`96aa7b52 : 00000000`00000000 ffffe001`790748f0 00000000`00000000 ffffe001`7d3db1b4 : nt!ExFreePool+0x320 ffffd000`2add9150 fffff801`96aa8872 : 00000000`00000000 00000000`00000000 00000000`00000011 fffff801`96b09310 : tcpip!IppCleanupSendState+0x1a ffffd000`2add9180 fffff801`96bc595d : ffffe001`77d7c610 00000000`00000001 00000000`00000000 00000000`00000000 : tcpip!IppInspectBuildHeaders+0x412 ffffd000`2add9460 fffff801`9c436135 : 00000000`00000008 ffffd000`00000014 ffffe001`7d3db1a0 ffffe001`7d3db1c4 : fwpkclnt!FwpsConstructIpHeaderForTransportPacket0+0x1dd ffffd000`2add9520 00000000`00000008 : ffffd000`00000014 ffffe001`7d3db1a0 ffffe001`7d3db1c4 ffffe001`7d3db1b4 : mwac+0x6135 ffffd000`2add9528 ffffd000`00000014 : ffffe001`7d3db1a0 ffffe001`7d3db1c4 ffffe001`7d3db1b4 ffffe001`00000011 : 0x8 ffffd000`2add9530 ffffe001`7d3db1a0 : ffffe001`7d3db1c4 ffffe001`7d3db1b4 ffffe001`00000011 00000000`00000000 : 0xffffd000`00000014 ffffd000`2add9538 ffffe001`7d3db1c4 : ffffe001`7d3db1b4 ffffe001`00000011 00000000`00000000 00000000`00000000 : 0xffffe001`7d3db1a0 ffffd000`2add9540 ffffe001`7d3db1b4 : ffffe001`00000011 00000000`00000000 00000000`00000000 ffffe001`00000000 : 0xffffe001`7d3db1c4 ffffd000`2add9548 ffffe001`00000011 : 00000000`00000000 00000000`00000000 ffffe001`00000000 ffffe001`00000000 : 0xffffe001`7d3db1b4 ffffd000`2add9550 00000000`00000000 : 00000000`00000000 ffffe001`00000000 ffffe001`00000000 00000000`00000000 : 0xffffe001`00000011

Running the lmvm command on mwac, reveals more information about this driver.
As we can see, this driver is dating 2014, this is likely the culprit.
It is recommended to keep software up to date, please check Malwarebytes for software updates or install the newest version

Code:

3: kd> lmvm mwac start             end                 module name fffff801`326a0000 fffff801`326b3000   mwac     T (no symbols)                Loaded symbol image file: mwac.sys     Image path: ??C:WINDOWSsystem32driversmwac.sys     Image name: mwac.sys     Timestamp:        Wed Jun 18 04:07:00 2014(53A0F444)     CheckSum:         00015076     ImageSize:        00013000     Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Old drivers, recommended to update them

Code:

tap0901        Thu Nov 24 19:50:27 2011      tap0901.sys     // TAP-Win32 Adapter V9 GEARAspiWDM        Thu May 03 21:56:17 2012  GEARAspiWDM.sys     // Gear driver, used with iTunes netr28ux        Fri Jun 06 04:14:29 2014      netr28ux.sys     // ASUS USB network adapter mwac        Wed Jun 18 04:07:00 2014  mwac.sys      // Malwarebytes mbae64        Mon Sep 08 20:27:15 2014  mbae64.sys     // Malwarebytes iwdbus        Sat Oct 04 02:31:12 2014      iwdbus.sys     // Intel driver

Update links:
TAP-Win32 Adapter V9
Update iTunes
ASUS USB, check manufacturer for updates
Intel

For configuring Windbg correctly, see the Windbg - Install & Configuretutorial.