New
#1
fwpkclnt.sys and NETIO BSOD
I get these constantly. Its becoming an annoyance
I get these constantly. Its becoming an annoyance
Your reports consistently show that Malwarebytes is the problem. Uninstall, reboot and let us know what happens. Netio et al, may not be the actual cause. They are Microsoft drivers and not usually the problem. I think that it may be Malwarebytes.
I have bolded where Malwarebytes is indicated on your report. All reports were consistent.
Code:Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\richa\AppData\Local\Temp\Temp1_SAMSON-PC-Tue_03_29_2016_182634_83.zip\031216-32994-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.19160.amd64fre.win7sp1_gdr.160211-0600 Machine Name: Kernel base = 0xfffff800`03414000 PsLoadedModuleList = 0xfffff800`0365b730 Debug session time: Sat Mar 12 23:58:47.836 2016 (UTC - 4:00) System Uptime: 1 days 5:01:59.178 Loading Kernel Symbols ............................................................... ................................................................ ....................................... Loading User Symbols Loading unloaded module list .................................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 0, fffff88001c9556b} *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys *** WARNING: Unable to verify timestamp for win32k.sys *** ERROR: Module load completed but symbols could not be loaded for win32k.sys Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+86 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88001c9556b, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036c5100 GetUlongFromAddress: unable to read from fffff800036c51c0 0000000000000000 Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: tcpip! ?? ::FNODOBFM::`string'+57b4 fffff880`01c9556b 488b01 mov rax,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: mbamservice.ex ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre TRAP_FRAME: fffff88027255fa0 -- (.trap 0xfffff88027255fa0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa800dbd2b50 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa800dbd2b51 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88001c9556b rsp=fffff88027256130 rbp=0000000000000000 r8=fffffa800dbd2b50 r9=00000000000000d0 r10=fffff880009efe80 r11=fffffa800b1f0a50 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc tcpip! ?? ::FNODOBFM::`string'+0x57b4: fffff880`01c9556b 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80003487629 to fffff80003488080 STACK_TEXT: fffff880`27255e58 fffff800`03487629 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`27255e60 fffff800`034862a0 : fffff880`27256190 038dcd3e`049f89f9 00000000`00000004 fffffa80`0b1f0860 : nt!KiBugCheckDispatch+0x69 fffff880`27255fa0 fffff880`01c9556b : fffffa80`0b1f0860 fffff880`07546002 00000000`206c644d fffffa80`074c52a0 : nt!KiPageFault+0x260 fffff880`27256130 fffff880`01b39316 : fffffa80`0b1f0860 00000000`27256220 00000000`00000001 00000000`00000006 : tcpip! ?? ::FNODOBFM::`string'+0x57b4 fffff880`27256180 fffff880`01b38a72 : 00000000`00000000 fffffa80`0ecbe720 00000000`00000000 fffffa80`075c9080 : NETIO!NetioDereferenceNetBufferList+0x86 fffff880`272561b0 fffff880`01c4a4c6 : 00000000`00000000 fffffa80`0a3a5001 fffff880`27256220 fffffa80`08044d00 : NETIO!NetioDereferenceNetBufferListChain+0x332 fffff880`27256280 fffff880`01cc5517 : fffffa80`0ecbe720 fffff880`01d6e9a0 fffff880`01d6e9a0 00000000`00000000 : tcpip!IppCompleteAndFreePacketList+0xc6 fffff880`272562b0 fffff880`01d376a2 : fffffa80`0b23a010 00000000`00000000 fffffa80`0ccf3701 fffffa80`0ccf3724 : tcpip! ?? ::FNODOBFM::`string'+0x40fb4 fffff880`272564b0 fffff880`01188b16 : fffffa80`0f49a502 fffffa80`0f49a5b0 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xf2 fffff880`272564f0 fffff880`075431b0 : fffffa80`0b9638b0 00000000`00000008 00000000`00000000 fffffa80`0ccf3710 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256 fffff880`272565a0 fffffa80`0b9638b0 : 00000000`00000008 00000000`00000000 fffffa80`0ccf3710 fffffa80`0ccf0002 : mwac+0x61b0 fffff880`272565a8 00000000`00000008 : 00000000`00000000 fffffa80`0ccf3710 fffffa80`0ccf0002 fffffa80`00000001 : 0xfffffa80`0b9638b0 fffff880`272565b0 00000000`00000000 : fffffa80`0ccf3710 fffffa80`0ccf0002 fffffa80`00000001 00000000`0000000e : 0x8 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!NetioDereferenceNetBufferList+86 fffff880`01b39316 4885ff test rdi,rdi SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+86 FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 5294760d IMAGE_VERSION: 6.1.7601.18327 FAILURE_BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0xd1_netio!netiodereferencenetbufferlist+86 FAILURE_ID_HASH: {b03a5328-38ca-1e4a-8e26-dcd45efb9256} Followup: MachineOwner ---------
I see that you are using 2 anti virus programs.
One is Bitdefender 2016 and the other is malwarebytes.
It is not recommended to run more than 1 anti virus program.
If you want more information about this you can find it here : is it bad to run multiple antivirus programs? - Anti-Virus, Anti-Malware, and Privacy Software
I would suggest sticking to one of the two.