Go Back   Tech Support Forum > Microsoft Support > BSOD, App Crashes And Hangs

User Tag List

[SOLVED] Windows 7 BSOD: tcpip.sys and ntoskrnl.exe

This is a discussion on [SOLVED] Windows 7 BSOD: tcpip.sys and ntoskrnl.exe within the BSOD, App Crashes And Hangs forums, part of the Tech Support Forum category. bsod windows 7 tcpip and ntoskrnl My computer keeps crashing. I need help deciphering my blue screen of death. I


Closed Thread
 
Thread Tools Search this Thread
Old 02-19-2011, 10:49 PM   #1
Registered Member
 
Join Date: Feb 2011
Posts: 3
OS: windows 7



bsod windows 7 tcpip and ntoskrnl
My computer keeps crashing. I need help deciphering my blue screen of death. I have bluescreenview and it highlighted "ntoskrnl.exe" and "tcpip.sys." Also used a debugger.

Thanks, J

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Windows\Minidump\021911-22744-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
 
Symbol search path is: SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c49000 PsLoadedModuleList = 0xfffff800`02e86e50
Debug session time: Sat Feb 19 17:29:54.783 2011 (UTC - 8:00)
System Uptime: 0 days 0:31:42.360
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck D1, {0, 2, 0, fffff88002c8c7a0}
 
Unable to load image PctWfpFilter64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for PctWfpFilter64.sys
*** ERROR: Module load completed but symbols could not be loaded for PctWfpFilter64.sys
Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+86 )
 
Followup: MachineOwner
---------
 
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88002c8c7a0, address which referenced memory
 
Debugging Details:
------------------
 
 
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ef10e0
 0000000000000000 
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
tcpip! ?? ::FNODOBFM::`string'+56f4
fffff880`02c8c7a0 488b01          mov     rax,qword ptr [rcx]
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
 
BUGCHECK_STR:  0xD1
 
PROCESS_NAME:  System
 
TRAP_FRAME:  fffff88003b2d520 -- (.trap 0xfffff88003b2d520)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800a241d70 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800a241d71 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88002c8c7a0 rsp=fffff88003b2d6b0 rbp=0000000000000000
 r8=fffffa800a241d70  r9=00000000000000d0 r10=fffff880009e9e80
r11=fffffa800a2b4500 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
tcpip! ?? ::FNODOBFM::`string'+0x56f4:
fffff880`02c8c7a0 488b01          mov     rax,qword ptr [rcx] ds:07ff:00000000`00000000=????????????????
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from fffff80002cb8ca9 to fffff80002cb9740
 
STACK_TEXT:  
fffff880`03b2d3d8 fffff800`02cb8ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`03b2d3e0 fffff800`02cb7920 : fffffa80`08f61140  fffffa80`04357030 fffffa80`00000000 fffff880`043ea753 :  nt!KiBugCheckDispatch+0x69
fffff880`03b2d520 fffff880`02c8c7a0 : fffffa80`04357030  fffff880`041d3aca fffff880`206c644d fffffa80`0a4d27a0 :  nt!KiPageFault+0x260
fffff880`03b2d6b0 fffff880`018046a6 : fffffa80`04357030  00000000`07a56000 00000000`00000000 fffffa80`07a56000 : tcpip! ??  ::FNODOBFM::`string'+0x56f4
fffff880`03b2d700 fffff880`0180235d : 00000000`00000000  fffffa80`0a4d27a0 00000000`00000000 fffff880`02d6e9a0 :  NETIO!NetioDereferenceNetBufferList+0x86
fffff880`03b2d730 fffff880`02c60e26 : fffffa80`07a56000  fffffa80`0a4d2800 00000000`00000011 fffffa80`04357030 :  NETIO!NetioDereferenceNetBufferListChain+0x2dd
fffff880`03b2d7b0 fffff880`02c5fb21 : 00000000`00000000  fffffa80`07a56000 fffff880`02d6e9a0 00000000`044b2901 :  tcpip!IppReceiveHeaderBatch+0x3c7
fffff880`03b2d890 fffff880`02d37542 : fffffa80`07c6a580  00000000`00000000 fffffa80`044b2901 00000000`00000001 :  tcpip!IpFlcReceivePackets+0x651
fffff880`03b2da90 fffff880`04153afa : fffffa80`0826e702  fffffa80`0826e7c0 00000000`00000002 00000000`00000000 :  tcpip!IppInspectInjectReceive+0xf2
fffff880`03b2dad0 fffff880`041cc71d : fffffa80`08d51780  fffffa80`044b2950 00000000`c0000000 fffff880`00000000 :  fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
fffff880`03b2db80 fffffa80`08d51780 : fffffa80`044b2950  00000000`c0000000 fffff880`00000000 fffffa80`04d60002 :  PctWfpFilter64+0xd71d
fffff880`03b2db88 fffffa80`044b2950 : 00000000`c0000000  fffff880`00000000 fffffa80`04d60002 fffffa80`00000001 :  0xfffffa80`08d51780
fffff880`03b2db90 00000000`c0000000 : fffff880`00000000  fffffa80`04d60002 fffffa80`00000001 fffffa80`0000000d :  0xfffffa80`044b2950
fffff880`03b2db98 fffff880`00000000 : fffffa80`04d60002 fffffa80`00000001 fffffa80`0000000d fffffa80`00000000 : 0xc0000000
fffff880`03b2dba0 fffffa80`04d60002 : fffffa80`00000001  fffffa80`0000000d fffffa80`00000000 fffffa80`00000000 :  0xfffff880`00000000
fffff880`03b2dba8 fffffa80`00000001 : fffffa80`0000000d  fffffa80`00000000 fffffa80`00000000 fffff880`041cc250 :  0xfffffa80`04d60002
fffff880`03b2dbb0 fffffa80`0000000d : fffffa80`00000000  fffffa80`00000000 fffff880`041cc250 fffffa80`044b2950 :  0xfffffa80`00000001
fffff880`03b2dbb8 fffffa80`00000000 : fffffa80`00000000  fffff880`041cc250 fffffa80`044b2950 00000000`53636670 :  0xfffffa80`0000000d
fffff880`03b2dbc0 fffffa80`00000000 : fffff880`041cc250  fffffa80`044b2950 00000000`53636670 fffffa80`0a4d27a0 :  0xfffffa80`00000000
fffff880`03b2dbc8 fffff880`041cc250 : fffffa80`044b2950  00000000`53636670 fffffa80`0a4d27a0 fffff880`041db338 :  0xfffffa80`00000000
fffff880`03b2dbd0 fffffa80`044b2950 : 00000000`53636670  fffffa80`0a4d27a0 fffff880`041db338 00000000`00000000 :  PctWfpFilter64+0xd250
fffff880`03b2dbd8 00000000`53636670 : fffffa80`0a4d27a0  fffff880`041db338 00000000`00000000 00000000`00000000 :  0xfffffa80`044b2950
fffff880`03b2dbe0 fffffa80`0a4d27a0 : fffff880`041db338 00000000`00000000 00000000`00000000 00000000`53636670 : 0x53636670
fffff880`03b2dbe8 fffff880`041db338 : 00000000`00000000  00000000`00000000 00000000`53636670 fffffa80`09b3d9f0 :  0xfffffa80`0a4d27a0
fffff880`03b2dbf0 00000000`00000000 : 00000000`00000000  00000000`53636670 fffffa80`09b3d9f0 fffff880`041de128 :  PctWfpFilter64+0x1c338
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
NETIO!NetioDereferenceNetBufferList+86
fffff880`018046a6 4885ff          test    rdi,rdi
 
SYMBOL_STACK_INDEX:  4
 
SYMBOL_NAME:  NETIO!NetioDereferenceNetBufferList+86
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: NETIO
 
IMAGE_NAME:  NETIO.SYS
 
DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a
 
FAILURE_BUCKET_ID:  X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
 
BUCKET_ID:  X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
 
Followup: MachineOwner
HalydeX is offline  
Sponsored Links
Advertisement
 
Old 02-19-2011, 11:44 PM   #2
Administrator
Manager, Microsoft Support
Acting Manager, Security
BSOD Kernel Dump Expert
Microsoft Windows Insider MVP
 
jcgriff2's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: New Jersey Shore
Posts: 34,338
OS: Windows 10, 8.1 + Windbg :)



Quote:
Originally Posted by HalydeX View Post
I have bluescreenview and it highlighted "ntoskrnl.exe" and "tcpip.sys." Also used a debugger.
Hi -

ntoskrnl.exe = the Windows NT Kernel & Executive
tcpip.sys = Microsoft TCP/IP networking related driver

The dump actually named netio.sys as the probable cause -
Code:
Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+86 )
netio.sys = Microsoft Networking I/O subsystem driver

Microsoft OS drivers are often listed as the probable cause of software-related BSODs because there are no symbol files available for 3rd party drivers to identify them.

The real culprit - more than likely PC Tools Internet Security - it is the only 3rd party driver visible on the stack -
Code:
STACK_TEXT: 
00000002 00000000`00000000 : nt!KeBugCheckEx
00000000 fffff880`043ea753 :  nt!KiBugCheckDispatch+0x69
206c644d fffffa80`0a4d27a0 :  nt!KiPageFault+0x260
00000000 fffffa80`07a56000 : tcpip! ??  ::FNODOBFM::`string'+0x56f4
00000000 fffff880`02d6e9a0 :  NETIO!NetioDereferenceNetBufferList+0x86
00000011 fffffa80`04357030 :  NETIO!NetioDereferenceNetBufferListChain+0x2dd
02d6e9a0 00000000`044b2901 :  tcpip!IppReceiveHeaderBatch+0x3c7
044b2901 00000000`00000001 :  tcpip!IpFlcReceivePackets+0x651
00000002 00000000`00000000 :  tcpip!IppInspectInjectReceive+0xf2
c0000000 fffff880`00000000 :  fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
00000000 fffffa80`04d60002 :  PctWfpFilter64+0xd71d
04d60002 fffffa80`00000001 :  0xfffffa80`08d51780
00000001 fffffa80`0000000d :  0xfffffa80`044b2950
000000d fffffa80`00000000 : 0xc0000000
00000000 fffffa80`00000000 :  0xfffff880`00000000
00000000 fffff880`041cc250 :  0xfffffa80`04d60002
041cc250 fffffa80`044b2950 :  0xfffffa80`00000001
044b2950 00000000`53636670 :  0xfffffa80`0000000d
53636670 fffffa80`0a4d27a0 :  0xfffffa80`00000000
0a4d27a0 fffff880`041db338 :  0xfffffa80`00000000
041db338 00000000`00000000 :  PctWfpFilter64+0xd250
00000000 00000000`00000000 :  0xfffffa80`044b2950
0000000 00000000`53636670 : 0x53636670
53636670 fffffa80`09b3d9f0 :  0xfffffa80`0a4d27a0
09b3d9f0 fffff880`041de128 :  PctWfpFilter64+0x1c338

Driver Reference Table - PctWfpFilter64.sys - sysnative.com - MVP

Get rid of PC Tools Internet Security.

Use removal tool, if available - Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase

Reboot upon completion. Install MSE - https://www.microsoft.com/security_essentials/

Regards. . .

jcgriff2

`
jcgriff2 is offline  
Old 02-20-2011, 08:50 AM   #3
Registered Member
 
Join Date: Feb 2011
Posts: 3
OS: windows 7



hm.. i was beginng to suspect pc tools. oh well i uninstalled pc tools and downloaded the microsoft security essentials. I will keep you updated.

thanks,

J
HalydeX is offline  
Sponsored Links
Advertisement
 
Old 02-25-2011, 11:11 PM   #4
Registered Member
 
Join Date: Feb 2011
Posts: 3
OS: windows 7


Thumbs Down

Update: no more crashes. pctools has bad juju.
HalydeX is offline  
Old 02-25-2011, 11:41 PM   #5
Administrator
Manager, Microsoft Support
Acting Manager, Security
BSOD Kernel Dump Expert
Microsoft Windows Insider MVP
 
jcgriff2's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: New Jersey Shore
Posts: 34,338
OS: Windows 10, 8.1 + Windbg :)



You are not the first to have BSODs caused by PC Tools Internet Security.

I'm glad to hear it is history ... along with your BSODs.

Thank you for posting back letting us know the outcome - much appreciated.

Have a good weekend!

jcgriff2

`
jcgriff2 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD 6 month Hiatus [moved from Vista/ Windows 7]
System Details - GigaByte GA-EP43-UD3L - 8GB Patriot Viper Series PC2-8500 - CPU - Windows 7 Professional 64 bit - System age 1.5-2 years - Video card ATI Radeon X1600/X1650 Series - OS install 1.5 years 6+ months ago my system was blue screening and I went thru all the suggested...
kungfusion BSOD, App Crashes And Hangs 8 03-04-2011 04:31 PM
[SOLVED] BSOD problems.
Vista x64 What was original installed OS on system? None. Custom built. OEM: Full Retail Version Age of system (hardware): 3 years Age of OS installation - have you re-installed the OS? 3 years. Yes. CPU: Intel Core 2 Duo E8400 Wolfdale Video Card: EVGA GEforce 8800 GT...
ajcc323 BSOD, App Crashes And Hangs 25 02-24-2011 05:31 AM
[SOLVED] Virus Removal
On my other computer with the virus, it says "svchost.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created" Also, I cannot use the internet other than to search Google. DDS (Ver_10-12-12.02) - NTFSx86 Run by user at...
Activeradio Virus/Trojan/Spyware Help 1 02-19-2011 07:38 AM
BSOD ntoskrnl.exe [moved from Vista/ Windows 7]
================================================== Dump File : 021011-40092-01.dmp Crash Time : 10-2-2011 18:50:11 Bug Check String : SYSTEM_SERVICE_EXCEPTION Bug Check Code : 0x0000003b Parameter 1 : 00000000`c0000005 Parameter 2 : 00000000`fffff880 Parameter...
mmmcool BSOD, App Crashes And Hangs 31 02-12-2011 09:45 AM
The well known Windows 7 Bsod caused by ntoskrnl.exe !
Hi guys, :pray: :pray: :pray: First I'm running on : OS -Windows 7 x64 OEM version but purchased from retailer (weird I know) Age of system : 1.5 year Age of OS installation 1.5 years CPU : Core Quad Q8400 2.66 GHz
polol119 BSOD, App Crashes And Hangs 4 01-04-2011 03:29 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:28 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts