New
#11
These appear to have been caused by PkIcpt.sys which is a part of GData antivirus. If you are running that you need to remove it and replace it with Microsoft Security Essentals.
Other antivirus and firewalls use PKT as well, like zone alarm
Let us know if that doesnt fix the problem
Ken
Analysis
drivers needing upgradeCode:Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\K\Desktop\New folder\090410-18267-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available WARNING: Whitespace at end of path element Symbol search path is: SRV*C:\symbols;*http://msdl.microsoft.com/download/symbols ;srv*e:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`03215000 PsLoadedModuleList = 0xfffff800`03452e50 Debug session time: Sat Sep 4 14:43:32.547 2010 (GMT-4) System Uptime: 0 days 3:52:41.139 Loading Kernel Symbols ............................................................... ................................................................ .................................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 0, fffff88003c9146c} *** ERROR: Module load completed but symbols could not be loaded for tcpip.sys Unable to load image \??\C:\windows\system32\drivers\PktIcpt.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for PktIcpt.sys *** ERROR: Module load completed but symbols could not be loaded for PktIcpt.sys Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+86 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88003c9146c, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034bd0e0 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: tcpip+8d46c fffff880`03c9146c 488b01 mov rax,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff880033a1560 -- (.trap 0xfffff880033a1560) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa800a7ae5e0 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa800a7ae5e1 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88003c9146c rsp=fffff880033a16f0 rbp=0000000000000000 r8=fffffa800a7ae5e0 r9=00000000000000d0 r10=fffff80003400b80 r11=fffffa8008cb4310 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc tcpip+0x8d46c: fffff880`03c9146c 488b01 mov rax,qword ptr [rcx] ds:07ff:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80003284ca9 to fffff80003285740 STACK_TEXT: fffff880`033a1418 fffff800`03284ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`033a1420 fffff800`03283920 : 00000000`00000000 fffffa80`09b2db10 00000000`00000000 00000000`e42d50d8 : nt!KiBugCheckDispatch+0x69 fffff880`033a1560 fffff880`03c9146c : fffffa80`09b2db10 fffff880`051ceb37 00000000`206c644d fffffa80`0891d5e0 : nt!KiPageFault+0x260 fffff880`033a16f0 fffff880`016046a6 : fffffa80`09b2db10 00000000`00000006 00000000`00000000 00000000`00000006 : tcpip+0x8d46c fffff880`033a1740 fffff880`0160235d : 00000000`00000000 fffffa80`0a3ac0f0 00000000`00000000 fffff880`03c629b5 : NETIO!NetioDereferenceNetBufferList+0x86 fffff880`033a1770 fffff880`03c6307f : 00000000`00000006 00000000`00000000 fffff880`03d71bc8 fffffa80`09b2db10 : NETIO!NetioDereferenceNetBufferListChain+0x2dd fffff880`033a17f0 fffff880`03c61d40 : 00000000`00000000 fffffa80`06bc6000 fffff880`03d6d9a0 00000000`0a7ae501 : tcpip+0x5f07f fffff880`033a18d0 fffff880`03d2f712 : fffffa80`08543120 00000000`00000000 fffffa80`0a7ae501 fffff880`00000001 : tcpip+0x5dd40 fffff880`033a1ad0 fffff880`04209afa : fffffa80`0473ac02 fffffa80`0473ac80 00000000`00000002 00000000`00000000 : tcpip+0x12b712 fffff880`033a1b10 fffff880`051cb58d : fffffa80`08f22510 fffffa80`0a7ae5e0 fffffa80`0a9ddf00 00000000`00000000 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256 fffff880`033a1bc0 fffffa80`08f22510 : fffffa80`0a7ae5e0 fffffa80`0a9ddf00 00000000`00000000 fffffa80`0a7a0002 : PktIcpt+0x258d fffff880`033a1bc8 fffffa80`0a7ae5e0 : fffffa80`0a9ddf00 00000000`00000000 fffffa80`0a7a0002 fffffa80`00000001 : 0xfffffa80`08f22510 fffff880`033a1bd0 fffffa80`0a9ddf00 : 00000000`00000000 fffffa80`0a7a0002 fffffa80`00000001 fffff880`0000000c : 0xfffffa80`0a7ae5e0 fffff880`033a1bd8 00000000`00000000 : fffffa80`0a7a0002 fffffa80`00000001 fffff880`0000000c fffff880`00000000 : 0xfffffa80`0a9ddf00 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!NetioDereferenceNetBufferList+86 fffff880`016046a6 4885ff test rdi,rdi SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+86 FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a FAILURE_BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 Followup: MachineOwner ---------
Code:pcouffin.sys fffff880`10085000 fffff880`10099380 0x00014380 0x457584a2 12/5/2006 10:39:30 ElbyCDFL.sys fffff880`04e00000 fffff880`04e0e000 0x0000e000 0x4581c093 12/14/2006 17:22:27 regi.sys fffff880`03e71000 fffff880`03e79000 0x00008000 0x462393ee 4/16/2007 11:19:10 tifsfilt.sys fffff880`06b87000 fffff880`06b9e000 0x00017000 0x46d56889 8/29/2007 08:37:29 seehcri.sys fffff880`04bee000 fffff880`04bfa000 0x0000c000 0x478488bf 1/9/2008 04:41:35 spldr.sys fffff880`01b80000 fffff880`01b88000 0x00008000 0x4a0858bb 5/11/2009 12:56:27 amdxata.sys fffff880`0131a000 fffff880`01325000 0x0000b000 0x4a12f2eb 5/19/2009 13:56:59 tosrfec.sys fffff880`04e5e000 fffff880`04e67000 0x00009000 0x4a237c2d 6/1/2009 02:58:53 dvb7700all.sys fffff880`06a10000 fffff880`06b00000 0x000f0000 0x4a309157 6/11/2009 01:08:39 TVALZFL.sys fffff880`04e57000 fffff880`04e5e000 0x00007000 0x4a3b62f8 6/19/2009 06:05:44 pgeffect.sys fffff880`06b4f000 fffff880`06b55e80 0x00006e80 0x4a3f481b 6/22/2009 05:00:11 tos_sps64.sys fffff880`01953000 fffff880`019cd000 0x0007a000 0x4a41ba1d 6/24/2009 01:31:09 thpdrv.sys fffff880`019cf000 fffff880`019db000 0x0000c000 0x4a4820d0 6/28/2009 22:02:56 Thpevm.SYS fffff880`019cd000 fffff880`019cef80 0x00001f80 0x4a487829 6/29/2009 04:15:37 rimspe64.sys fffff880`04a00000 fffff880`04a19000 0x00019000 0x4a4bf749 7/1/2009 19:54:49 rixdpe64.sys fffff880`10d84000 fffff880`10dda000 0x00056000 0x4a4f2e74 7/4/2009 06:27:00