Please upload your msinfo32.nfo file.
To get this: Start Menu -> Type msinfo32 into the Search programs and files box
-> When it opens, go to File, Save -> Save as msinfo32.nfo and save in a place you will remember
-> Let it finish the process of gathering and saving the system info
-> Right click the .nfo file, click send to compressed (zipped) folder
-> Upload the .zip file here.
Please upload your msinfo32.txt file.
To get this: Start Menu -> Type msinfo32 into the Search programs and files box
-> When it opens, go to File, Export -> Save as msinfo32.txt and save in a place you will remember
-> Let it finish the process of gathering and saving the system info
-> Right click the .txt file, click send to compressed (zipped) folder -
> Upload the .zip file here.
Company: Biz Secure Labs Pvt. Ltd. Product: Net Protector AntiVirusVersion: 2011.9.28
Copyright: Copyright © 2011 Biz Secure Labs Pvt. Ltd.
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffffa800ac41000, 2, 0, fffff880011c8685}
*** WARNING: Unable to verify timestamp for WNPPORT64.sys
*** ERROR: Module load completed but symbols could not be loaded for WNPPORT64.sys
Probably caused by : tdx.sys ( tdx!memcpy+1e5 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffa800ac41000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880011c8685, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000370a100
GetUlongFromAddress: unable to read from fffff8000370a1c0
fffffa800ac41000 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
tdx!memcpy+1e5
fffff880`011c8685 8b040a mov eax,dword ptr [rdx+rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: NPPRTFRW.EXE
TRAP_FRAME: fffff8800ca12310 -- (.trap 0xfffff8800ca12310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800b421cb0
rdx=ffffffffff81f34e rsi=0000000000000000 rdi=0000000000000000
rip=fffff880011c8685 rsp=fffff8800ca124a8 rbp=fffffa800ac40fe0
r8=000000000000001c r9=0000000000000000 r10=fffffa800ac40e70
r11=fffffa800b421c98 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
tdx!memcpy+0x1e5:
fffff880`011c8685 8b040a mov eax,dword ptr [rdx+rcx] ds:fffffa80`0ac40ffe=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800034da569 to fffff800034dafc0
STACK_TEXT:
fffff880`0ca121c8 fffff800`034da569 : 00000000`0000000a fffffa80`0ac41000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0ca121d0 fffff800`034d91e0 : fffff8a0`0f9eb690 fffff880`0115740b fffffa80`0a4e41a0 fffffa80`0b5b8400 : nt!KiBugCheckDispatch+0x69
fffff880`0ca12310 fffff880`011c8685 : fffff880`011cc24c fffffa80`09f8ecd0 fffffa80`07bfdb01 fffffa80`0b421c20 : nt!KiPageFault+0x260
fffff880`0ca124a8 fffff880`011cc24c : fffffa80`09f8ecd0 fffffa80`07bfdb01 fffffa80`0b421c20 fffffa80`0b5b8400 : tdx!memcpy+0x1e5
fffff880`0ca124b0 fffff880`011cac0d : fffffa80`0962b900 fffffa80`80000001 fffffa80`0b5b8400 fffffa80`0790eb50 : tdx!TdxConnectConnection+0x2fc
fffff880`0ca125d0 fffff880`0161e23d : fffffa80`0b5b8401 fffffa80`0ac40fe4 fffffa80`045d3264 fffffa80`0b5b8330 : tdx!TdxTdiDispatchInternalDeviceControl+0x39d
fffff880`0ca12650 fffffa80`0b5b8401 : fffffa80`0ac40fe4 fffffa80`045d3264 fffffa80`0b5b8330 00000000`00000001 : WNPPORT64+0x323d
fffff880`0ca12658 fffffa80`0ac40fe4 : fffffa80`045d3264 fffffa80`0b5b8330 00000000`00000001 fffffa80`09cbf6d0 : 0xfffffa80`0b5b8401
fffff880`0ca12660 fffffa80`045d3264 : fffffa80`0b5b8330 00000000`00000001 fffffa80`09cbf6d0 fffffa80`0962b9b0 : 0xfffffa80`0ac40fe4
fffff880`0ca12668 fffffa80`0b5b8330 : 00000000`00000001 fffffa80`09cbf6d0 fffffa80`0962b9b0 00000000`00000000 : 0xfffffa80`045d3264
fffff880`0ca12670 00000000`00000001 : fffffa80`09cbf6d0 fffffa80`0962b9b0 00000000`00000000 00000000`00000100 : 0xfffffa80`0b5b8330
fffff880`0ca12678 fffffa80`09cbf6d0 : fffffa80`0962b9b0 00000000`00000000 00000000`00000100 00000000`00000000 : 0x1
fffff880`0ca12680 fffffa80`0962b9b0 : 00000000`00000000 00000000`00000100 00000000`00000000 fffff880`0ca127b8 : 0xfffffa80`09cbf6d0
fffff880`0ca12688 00000000`00000000 : 00000000`00000100 00000000`00000000 fffff880`0ca127b8 00000000`00000000 : 0xfffffa80`0962b9b0
STACK_COMMAND: kb
FOLLOWUP_IP:
tdx!memcpy+1e5
fffff880`011c8685 8b040a mov eax,dword ptr [rdx+rcx]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tdx!memcpy+1e5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tdx
IMAGE_NAME: tdx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79332
FAILURE_BUCKET_ID: X64_0xD1_tdx!memcpy+1e5
BUCKET_ID: X64_0xD1_tdx!memcpy+1e5
Followup: MachineOwner
---------
2: kd> lmvm tdx
start end module name
fffff880`011c7000 fffff880`011e9000 tdx (pdb symbols) c:\symbols\tdx.pdb\20CE1873F8A84E88BC30480F07DAAF4A2\tdx.pdb
Loaded symbol image file: tdx.sys
Mapped memory image file: c:\symbols\tdx.sys\4CE7933222000\tdx.sys
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Timestamp: Sat Nov 20 15:21:54 2010 (4CE79332)
CheckSum: 000288B2
ImageSize: 00022000
File version: 6.1.7601.17514
Product version: 6.1.7601.17514
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tdx.sys
OriginalFilename: tdx.sys
ProductVersion: 6.1.7601.17514
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
FileDescription: TDI Translation Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
Please remove Net Protector Antivirus for testing purpose. Uninstall using the free version of Revo uninstaller in advance mode to delete registry entries.
Microsoft Security Essentials.
Recommended from a strict BSOD perspective, compatibility & stability compared to other antiviruses/internet security software. It is free and lightweight:-
Warning
Do not start the free trial of Malware Bytes; remember to deselect that option when prompted.
Run a full scan with both (separately) once downloaded, installed and updated.
Perform a System File Check to check the integrity of all protected Windows 7 :
- Click on the start
- Type CMD on Search
- Left click and Run as Administrator
- Type
Full tutorial here:
Disk Check on your hard drive for file system errors and bad sectors on it.
Let us know the results.
Quote