I have been experiencing frequent system crashes for a few weeks now. No new hardware.. only thing I have updated driver wise was my mouse and nic driver tonight and it happened 3 more times since then. Any help is appreciated. Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\020211-24960-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\SYMBOLS*HTTP://MSDL.MICROSOFT.COM/DOWNLOAD/SYMBOLS Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c43e50 Debug session time: Wed Feb 2 23:31:35.559 2011 (UTC - 6:00) System Uptime: 0 days 0:27:43.260 Loading Kernel Symbols ............................................................... ................................................................ ........................... Loading User Symbols Loading unloaded module list ............ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 0, fffff880018897a0} Unable to load image PctWfpFilter64.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for PctWfpFilter64.sys *** ERROR: Module load completed but symbols could not be loaded for PctWfpFilter64.sys Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+86 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff880018897a0, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cae0e0 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: tcpip! ?? ::FNODOBFM::`string'+56f4 fffff880`018897a0 488b01 mov rax,qword ptr [rcx] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff880025a4520 -- (.trap 0xfffff880025a4520) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8003b9ba20 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa8003b9ba21 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880018897a0 rsp=fffff880025a46b0 rbp=0000000000000000 r8=fffffa8003b9ba20 r9=00000000000000d0 r10=fffff880009e9e80 r11=fffffa80094097a0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc tcpip! ?? ::FNODOBFM::`string'+0x56f4: fffff880`018897a0 488b01 mov rax,qword ptr [rcx] ds:07ff:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002a75ca9 to fffff80002a76740 STACK_TEXT: fffff880`025a43d8 fffff800`02a75ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`025a43e0 fffff800`02a74920 : fffffa80`07d2b080 fffffa80`094095b0 fffffa80`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`025a4520 fffff880`018897a0 : fffffa80`094095b0 fffff880`02dc5aca fffff880`206c644d fffffa80`04630680 : nt!KiPageFault+0x260 fffff880`025a46b0 fffff880`016e46a6 : fffffa80`094095b0 00000000`049c5000 00000000`00000000 fffffa80`049c5000 : tcpip! ?? ::FNODOBFM::`string'+0x56f4 fffff880`025a4700 fffff880`016e235d : 00000000`00000000 fffffa80`04630680 00000000`00000000 fffff880`0196b9a0 : NETIO!NetioDereferenceNetBufferList+0x86 fffff880`025a4730 fffff880`0185de26 : fffffa80`049c5000 fffffa80`04630700 00000000`00000011 fffffa80`094095b0 : NETIO!NetioDereferenceNetBufferListChain+0x2dd fffff880`025a47b0 fffff880`0185cb21 : 00000000`00000000 fffffa80`049c5000 fffff880`0196b9a0 00000000`06348801 : tcpip!IppReceiveHeaderBatch+0x3c7 fffff880`025a4890 fffff880`01934542 : fffffa80`070f7c20 00000000`00000000 fffffa80`06348801 00000000`00000001 : tcpip!IpFlcReceivePackets+0x651 fffff880`025a4a90 fffff880`01774afa : fffffa80`081ab502 fffffa80`081ab5f0 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xf2 fffff880`025a4ad0 fffff880`02dbe71d : fffffa80`0661cc90 fffffa80`063488b0 00000000`c0000000 fffff880`00000000 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256 fffff880`025a4b80 fffffa80`0661cc90 : fffffa80`063488b0 00000000`c0000000 fffff880`00000000 fffffa80`083a0002 : PctWfpFilter64+0xd71d fffff880`025a4b88 fffffa80`063488b0 : 00000000`c0000000 fffff880`00000000 fffffa80`083a0002 fffffa80`00000001 : 0xfffffa80`0661cc90 fffff880`025a4b90 00000000`c0000000 : fffff880`00000000 fffffa80`083a0002 fffffa80`00000001 fffffa80`0000000b : 0xfffffa80`063488b0 fffff880`025a4b98 fffff880`00000000 : fffffa80`083a0002 fffffa80`00000001 fffffa80`0000000b fffffa80`00000000 : 0xc0000000 fffff880`025a4ba0 fffffa80`083a0002 : fffffa80`00000001 fffffa80`0000000b fffffa80`00000000 fffffa80`00000000 : 0xfffff880`00000000 fffff880`025a4ba8 fffffa80`00000001 : fffffa80`0000000b fffffa80`00000000 fffffa80`00000000 fffff880`02dbe250 : 0xfffffa80`083a0002 fffff880`025a4bb0 fffffa80`0000000b : fffffa80`00000000 fffffa80`00000000 fffff880`02dbe250 fffffa80`063488b0 : 0xfffffa80`00000001 fffff880`025a4bb8 fffffa80`00000000 : fffffa80`00000000 fffff880`02dbe250 fffffa80`063488b0 00000000`00000002 : 0xfffffa80`0000000b fffff880`025a4bc0 fffffa80`00000000 : fffff880`02dbe250 fffffa80`063488b0 00000000`00000002 fffffa80`04630680 : 0xfffffa80`00000000 fffff880`025a4bc8 fffff880`02dbe250 : fffffa80`063488b0 00000000`00000002 fffffa80`04630680 fffff880`02dcd338 : 0xfffffa80`00000000 fffff880`025a4bd0 fffffa80`063488b0 : 00000000`00000002 fffffa80`04630680 fffff880`02dcd338 00000000`00000000 : PctWfpFilter64+0xd250 fffff880`025a4bd8 00000000`00000002 : fffffa80`04630680 fffff880`02dcd338 00000000`00000000 00000000`00000000 : 0xfffffa80`063488b0 fffff880`025a4be0 fffffa80`04630680 : fffff880`02dcd338 00000000`00000000 00000000`00000000 00000000`53636670 : 0x2 fffff880`025a4be8 fffff880`02dcd338 : 00000000`00000000 00000000`00000000 00000000`53636670 fffffa80`07e261d0 : 0xfffffa80`04630680 fffff880`025a4bf0 00000000`00000000 : 00000000`00000000 00000000`53636670 fffffa80`07e261d0 fffff880`02dd0128 : PctWfpFilter64+0x1c338 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!NetioDereferenceNetBufferList+86 fffff880`016e46a6 4885ff test rdi,rdi SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+86 FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a FAILURE_BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 BUCKET_ID: X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 Followup: MachineOwner --------- 1: kd> lmvm NETIO start end module name fffff880`016e0000 fffff880`01740000 NETIO (pdb symbols) c:\symbols\netio.pdb\4ACD68B3A9824AAAB3C53C0077FC611F2\netio.pdb Loaded symbol image file: NETIO.SYS Mapped memory image file: c:\symbols\NETIO.SYS\4A5BC18A60000\NETIO.SYS Image path: NETIO.SYS Image name: NETIO.SYS Timestamp: Mon Jul 13 18:21:46 2009 (4A5BC18A) CheckSum: 0005F36C ImageSize: 00060000 File version: 6.1.7600.16385 Product version: 6.1.7600.16385 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.6 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: netio.sys OriginalFilename: netio.sys ProductVersion: 6.1.7600.16385 FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileDescription: Network I/O Subsystem LegalCopyright: © Microsoft Corporation. All rights reserved.

Rich, Do you have PC Tools installed or Zone Alarm if this is the case remove them and check if the BSOD's stop. Let me known if this helps you. Kind Regards DFTIM me - TWiTTer: @DFTER

Hi, What antivirus/firewall are you currently using? Do you use tools such as Spyware Doctor?

Yes I'm using PC Tools the newest version. I will try that and see what results I get.

remove PC Tools, the driver (PctWfpFilter64) causes the crash."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/

Good news and bad news. Good news It hasn't blue screened since I removed PC Tools .. bad news is I blew 40 dollars on a product that crashes my PC. Thanks for the quick responses everyone.

bad news is I blew 40 dollars on a product that crashes my PC. see this as a lesson, not to use such "Snakeoil" tool. Use Microsoft Security Essentials (MSE ) and the includes Firewall from Windows and you're fine."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/