fwpkclnt.sys and NETIO BSOD

S

SamsonX

New member
Local time
1:45 AM
Messages
8
I get these constantly. Its becoming an annoyance
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
custom build
OS
Windows 7 Home Premium 64 bit
CPU
i5 2500k @ 4.5hz
Motherboard
Z77 Extreme 4
Memory
8gb Rigjaw
Graphics Card(s)
2 way SLI GTX 980 Ti Hybrid 6gb Vram
Monitor(s) Displays
27" 1440p 144hz G Sync D
Hard Drives
WD blue 500gb, 1000gb
PSU
EVGA G2 1000w Gold
Case
Haf 912 Mid Tower
Cooling
H55 Cosair
Keyboard
Hp
Mouse
M150 Logitech
Antivirus
Bitdefender Total Security 2016
Browser
Firefox, chrome
Your reports consistently show that Malwarebytes is the problem. Uninstall, reboot and let us know what happens. Netio et al, may not be the actual cause. They are Microsoft drivers and not usually the problem. I think that it may be Malwarebytes.
I have bolded where Malwarebytes is indicated on your report. All reports were consistent.


Code: 
 Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\richa\AppData\Local\Temp\Temp1_SAMSON-PC-Tue_03_29_2016_182634_83.zip\031216-32994-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.19160.amd64fre.win7sp1_gdr.160211-0600
Machine Name:
Kernel base = 0xfffff800`03414000 PsLoadedModuleList = 0xfffff800`0365b730
Debug session time: Sat Mar 12 23:58:47.836 2016 (UTC - 4:00)
System Uptime: 1 days 5:01:59.178
Loading Kernel Symbols
...............................................................
................................................................
.......................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 0, fffff88001c9556b}

*** WARNING: Unable to verify timestamp for [SIZE="4"]mwac.sys[/SIZE]
*** ERROR: Module load completed but symbols could not be loaded for mwac.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+86 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88001c9556b, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036c5100
GetUlongFromAddress: unable to read from fffff800036c51c0
 0000000000000000 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
tcpip! ?? ::FNODOBFM::`string'+57b4
fffff880`01c9556b 488b01          mov     rax,qword ptr [rcx]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  mbamservice.ex

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

TRAP_FRAME:  fffff88027255fa0 -- (.trap 0xfffff88027255fa0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800dbd2b50 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800dbd2b51 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001c9556b rsp=fffff88027256130 rbp=0000000000000000
 r8=fffffa800dbd2b50  r9=00000000000000d0 r10=fffff880009efe80
r11=fffffa800b1f0a50 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
tcpip! ?? ::FNODOBFM::`string'+0x57b4:
fffff880`01c9556b 488b01          mov     rax,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003487629 to fffff80003488080

STACK_TEXT:  
fffff880`27255e58 fffff800`03487629 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`27255e60 fffff800`034862a0 : fffff880`27256190 038dcd3e`049f89f9 00000000`00000004 fffffa80`0b1f0860 : nt!KiBugCheckDispatch+0x69
fffff880`27255fa0 fffff880`01c9556b : fffffa80`0b1f0860 fffff880`07546002 00000000`206c644d fffffa80`074c52a0 : nt!KiPageFault+0x260
fffff880`27256130 fffff880`01b39316 : fffffa80`0b1f0860 00000000`27256220 00000000`00000001 00000000`00000006 : tcpip! ?? ::FNODOBFM::`string'+0x57b4
fffff880`27256180 fffff880`01b38a72 : 00000000`00000000 fffffa80`0ecbe720 00000000`00000000 fffffa80`075c9080 : NETIO!NetioDereferenceNetBufferList+0x86
fffff880`272561b0 fffff880`01c4a4c6 : 00000000`00000000 fffffa80`0a3a5001 fffff880`27256220 fffffa80`08044d00 : NETIO!NetioDereferenceNetBufferListChain+0x332
fffff880`27256280 fffff880`01cc5517 : fffffa80`0ecbe720 fffff880`01d6e9a0 fffff880`01d6e9a0 00000000`00000000 : tcpip!IppCompleteAndFreePacketList+0xc6
fffff880`272562b0 fffff880`01d376a2 : fffffa80`0b23a010 00000000`00000000 fffffa80`0ccf3701 fffffa80`0ccf3724 : tcpip! ?? ::FNODOBFM::`string'+0x40fb4
fffff880`272564b0 fffff880`01188b16 : fffffa80`0f49a502 fffffa80`0f49a5b0 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xf2
fffff880`272564f0 fffff880`075431b0 : fffffa80`0b9638b0 00000000`00000008 00000000`00000000 fffffa80`0ccf3710 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
fffff880`272565a0 fffffa80`0b9638b0 : 00000000`00000008 00000000`00000000 fffffa80`0ccf3710 fffffa80`0ccf0002 : mwac+0x61b0
fffff880`272565a8 00000000`00000008 : 00000000`00000000 fffffa80`0ccf3710 fffffa80`0ccf0002 fffffa80`00000001 : 0xfffffa80`0b9638b0
fffff880`272565b0 00000000`00000000 : fffffa80`0ccf3710 fffffa80`0ccf0002 fffffa80`00000001 00000000`0000000e : 0x8


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!NetioDereferenceNetBufferList+86
fffff880`01b39316 4885ff          test    rdi,rdi

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  NETIO!NetioDereferenceNetBufferList+86

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  5294760d

IMAGE_VERSION:  6.1.7601.18327

FAILURE_BUCKET_ID:  X64_0xD1_NETIO!NetioDereferenceNetBufferList+86

BUCKET_ID:  X64_0xD1_NETIO!NetioDereferenceNetBufferList+86

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xd1_netio!netiodereferencenetbufferlist+86

FAILURE_ID_HASH:  {b03a5328-38ca-1e4a-8e26-dcd45efb9256}

Followup: MachineOwner
---------
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell XPS 420
OS
Windows 10, Home Clean Install
CPU
Intel Core2 processsor Q8200(2.33Ghz 1333FSB) Quad Core Tech
Motherboard
Dell
Memory
6 gb
Graphics Card(s)
ATI Radeon 256MB HD3650
Sound Card
Intergrated 7.1 Channel Audio
Monitor(s) Displays
Dell SP2009W 20"
Hard Drives
640 GB Serial ATA Hard drive
Cooling
Fan
Keyboard
Dell USB Keyboard
Mouse
Dell Premium Optical USB
Internet Speed
DSL 2.85
zztemp said:
I see that you are using 2 anti virus programs.
One is Bitdefender 2016 and the other is malwarebytes.
It is not recommended to run more than 1 anti virus program.
If you want more information about this you can find it here : is it bad to run multiple antivirus programs? - Anti-Virus, Anti-Malware, and Privacy Software

I would suggest sticking to one of the two.
Click to expand...

Just to note,
Malwarebytes is no Anti-Virus program but Anti-Malware program.
Malwarebytes is designed to run alongside all of the popular antivirus programs.
Malwarebytes is designed to detect zero day threats before AV's detect them.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 10 Pro
CPU
i5-6500
Motherboard
Gigabyte B150-HD3P-CF
Memory
16GB DDR4 2133 Crucial Ballistix Sport LT
Graphics Card(s)
MSI GeForce GTX 1060 GAMING X 6G
Sound Card
Intel Display Audio
Monitor(s) Displays
Liyama ProLite XB2483HSU-B2
Screen Resolution
1920 x 1080
Hard Drives
Crucial MX200 500GB & Toshiba DT01ACA300 3TB
PSU
Corsair RM550x
Case
Fractal Design Define S
Cooling
Cooler Master TX3 i
Keyboard
Func KB-460 (MX Red)
Mouse
Corsair Gaming M65 RGB
Antivirus
Bitdefender Total Security 2016 + MBAM Pro + MBAE Pro
Browser
Google Chrome
Other Info
Creative Sound Blaster Tactic3D Rage V2 headset
You must log in or register to reply here.
Back
Top