locked
Bad pool Caller error RRS feed

  • Question

  • Hi my Computer's having an error called, Bad Pool Caller

    in my windows 8 HP

    Heres my DMP FILES

    https://onedrive.live.com/?gologin=1&mkt=en-US#cid=1B17D7BEAB5383AA&id=1B17D7BEAB5383AA!481

    Please help.

    Much appreciated

    Thursday, April 3, 2014 6:32 PM

Answers

  • Mark

    These were related to your Kaspersky & Symantec.  First Kaspersky doesnt play well with others in win 8.  Second Symantec is a known cause of crashes.  I would remove both and use the built in defender in their place.  It is never a good idea to run two active malware applications on the same system as they often result in instability and crashes.

    SYSTEM UP-TIME
    System Uptime: 0 days 0:12:03.761
    System Uptime: 0 days 0:06:02.661
    System Uptime: 0 days 0:15:51.802
    System Uptime: 0 days 0:03:57.574
    System Uptime: 0 days 13:16:04.778
    System Uptime: 0 days 4:09:16.316
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    
    
    
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 14:10:46.968 2014 (UTC - 4:00)
    System Uptime: 0 days 0:12:03.761
    BugCheck C2, {7, 1205, 0, ffffe00004ca5c38}
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:58:19.868 2014 (UTC - 4:00)
    System Uptime: 0 days 0:06:02.661
    BugCheck C2, {10, ffffe00006958af8, d6f68e90, ffffe00006958b30}
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for kneps.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_10
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:51:51.009 2014 (UTC - 4:00)
    System Uptime: 0 days 0:15:51.802
    BugCheck C2, {7, 1205, e, ffffe0000141dc48}
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:35:34.781 2014 (UTC - 4:00)
    System Uptime: 0 days 0:03:57.574
    BugCheck C2, {7, 1205, 0, ffffe00005a3e598}
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for kneps.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:31:06.984 2014 (UTC - 4:00)
    System Uptime: 0 days 13:16:04.778
    BugCheck C2, {7, 1205, 0, ffffe00001812318}
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 00:14:35.519 2014 (UTC - 4:00)
    System Uptime: 0 days 4:09:16.316
    BugCheck C2, {b, ffffe000082e6028, 0, ffffe000082e6ab8}
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for volmgrx.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_b
    PROCESS_NAME:  System
    Kaspersky is a frequent cause of BSOD's.  

    Symantec  is a frequent cause of BSOD's.  

    http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\New folder\040314-20125-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Machine Name:
    Kernel base = 0xfffff800`4368b000 PsLoadedModuleList = 0xfffff800`4394f990
    Debug session time: Thu Apr  3 14:10:46.968 2014 (UTC - 4:00)
    System Uptime: 0 days 0:12:03.761
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .............................................
    Loading User Symbols
    Loading unloaded module list
    ..........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck C2, {7, 1205, 0, ffffe00004ca5c38}
    
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for kneps.sys
    GetPointerFromAddress: unable to read from fffff800439d8150
    GetUlongFromAddress: unable to read from fffff800439d8208
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000007, Attempt to free pool which was already freed
    Arg2: 0000000000001205, (reserved)
    Arg3: 0000000000000000, Memory contents of the pool block
    Arg4: ffffe00004ca5c38, Address of the block of pool being deallocated
    
    Debugging Details:
    ------------------
    
    
    POOL_ADDRESS:  ffffe00004ca5c38 Nonpaged pool
    
    FREED_POOL_TAG:  NDnd
    
    BUGCHECK_STR:  0xc2_7_NDnd
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff8004391d3ca to fffff800437d8ca0
    
    STACK_TEXT:  
    ffffd000`21925008 fffff800`4391d3ca : 00000000`000000c2 00000000`00000007 00000000`00001205 00000000`00000000 : nt!KeBugCheckEx
    ffffd000`21925010 fffff800`01835f67 : ffffe000`00ea17a0 ffffe000`04c3dac0 ffffe000`0759b001 fffff800`01cee646 : nt!ExFreePoolWithTag+0x10fa
    ffffd000`219250e0 fffff800`01b73cb4 : ffffe000`041b3602 ffffe000`014f3f20 00000000`00000001 fffff800`01cef1c5 : NETIO! ?? ::FNODOBFM::`string'+0x797c
    ffffd000`21925130 fffff800`01804501 : ffffe000`0759b030 00000000`00000001 00000000`00000000 00000000`00000000 : tcpip!FlpReturnNetBufferListChain+0xd5c54
    ffffd000`21925180 fffff800`018013e7 : ffffe000`04c3dac0 00000000`00000000 00000000`00000000 ffffe000`0759b030 : NETIO!NetioDereferenceNetBufferList+0xb1
    ffffd000`219251f0 fffff800`01aa255b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!NetioDereferenceNetBufferListChain+0x2a7
    ffffd000`219252b0 fffff800`01a9f49a : 00000000`00000000 ffffe000`04c3dac0 ffffe000`0280f000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x55b
    ffffd000`219253e0 fffff800`01bd4bd8 : ffffe000`05aeb240 00000000`00000000 ffffe000`0286d901 ffffe000`04c3da00 : tcpip!IppFlcReceivePacketsCore+0x68a
    ffffd000`21925760 fffff800`01ce16d5 : ffffe000`04aa9d02 ffffe000`00e9a510 ffffd000`21925a99 ffffd000`21920000 : tcpip!IppInspectInjectReceive+0x148
    ffffd000`219257c0 fffff800`437433f9 : 00000000`00000000 ffffe000`00000000 ffffe000`041b3610 ffffe000`041b3610 : fwpkclnt!FwppInjectionStackCallout+0xe5
    ffffd000`21925850 fffff800`01cf26b6 : fffff800`01ce15f0 ffffd000`21925a20 00000000`00000010 00000000`00000001 : nt!KeExpandKernelStackAndCalloutInternal+0xe9
    ffffd000`219259a0 fffff800`0205e49c : ffffe000`041b3610 ffffe000`014f3e80 01cf4f68`09629400 ffffe000`014f3e80 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x2ea
    ffffd000`21925ae0 ffffe000`041b3610 : ffffe000`014f3e80 01cf4f68`09629400 ffffe000`014f3e80 00000000`00000002 : klwfp+0x449c
    ffffd000`21925ae8 ffffe000`014f3e80 : 01cf4f68`09629400 ffffe000`014f3e80 00000000`00000002 00000000`00000001 : 0xffffe000`041b3610
    ffffd000`21925af0 01cf4f68`09629400 : ffffe000`014f3e80 00000000`00000002 00000000`00000001 fffff800`00000004 : 0xffffe000`014f3e80
    ffffd000`21925af8 ffffe000`014f3e80 : 00000000`00000002 00000000`00000001 fffff800`00000004 fffff800`00000000 : 0x01cf4f68`09629400
    ffffd000`21925b00 00000000`00000002 : 00000000`00000001 fffff800`00000004 fffff800`00000000 ffffe000`04c3dac0 : 0xffffe000`014f3e80
    ffffd000`21925b08 00000000`00000001 : fffff800`00000004 fffff800`00000000 ffffe000`04c3dac0 fffff800`0205e414 : 0x2
    ffffd000`21925b10 fffff800`00000004 : fffff800`00000000 ffffe000`04c3dac0 fffff800`0205e414 ffffe000`014f3e80 : 0x1
    ffffd000`21925b18 fffff800`00000000 : ffffe000`04c3dac0 fffff800`0205e414 ffffe000`014f3e80 ffffe000`06a753e0 : 0xfffff800`00000004
    ffffd000`21925b20 ffffe000`04c3dac0 : fffff800`0205e414 ffffe000`014f3e80 ffffe000`06a753e0 fffff800`005c34f0 : 0xfffff800`00000000
    ffffd000`21925b28 fffff800`0205e414 : ffffe000`014f3e80 ffffe000`06a753e0 fffff800`005c34f0 fffff800`0205e6af : 0xffffe000`04c3dac0
    ffffd000`21925b30 ffffe000`014f3e80 : ffffe000`06a753e0 fffff800`005c34f0 fffff800`0205e6af ffffe000`014f3e80 : klwfp+0x4414
    ffffd000`21925b38 ffffe000`06a753e0 : fffff800`005c34f0 fffff800`0205e6af ffffe000`014f3e80 00000000`00000080 : 0xffffe000`014f3e80
    ffffd000`21925b40 fffff800`005c34f0 : fffff800`0205e6af ffffe000`014f3e80 00000000`00000080 ffffe000`014f3e80 : 0xffffe000`06a753e0
    ffffd000`21925b48 fffff800`0205e6af : ffffe000`014f3e80 00000000`00000080 ffffe000`014f3e80 fffff800`005c34f0 : kneps+0x224f0
    ffffd000`21925b50 ffffe000`014f3e80 : 00000000`00000080 ffffe000`014f3e80 fffff800`005c34f0 ffffe000`01536270 : klwfp+0x46af
    ffffd000`21925b58 00000000`00000080 : ffffe000`014f3e80 fffff800`005c34f0 ffffe000`01536270 ffffd000`21925bb0 : 0xffffe000`014f3e80
    ffffd000`21925b60 ffffe000`014f3e80 : fffff800`005c34f0 ffffe000`01536270 ffffd000`21925bb0 ffffe000`01575100 : 0x80
    ffffd000`21925b68 fffff800`005c34f0 : ffffe000`01536270 ffffd000`21925bb0 ffffe000`01575100 00000000`00000003 : 0xffffe000`014f3e80
    ffffd000`21925b70 ffffe000`01536270 : ffffd000`21925bb0 ffffe000`01575100 00000000`00000003 ffffe000`042ac150 : kneps+0x224f0
    ffffd000`21925b78 ffffd000`21925bb0 : ffffe000`01575100 00000000`00000003 ffffe000`042ac150 fffff800`02060c06 : 0xffffe000`01536270
    ffffd000`21925b80 ffffe000`01575100 : 00000000`00000003 ffffe000`042ac150 fffff800`02060c06 fffff800`00000000 : 0xffffd000`21925bb0
    ffffd000`21925b88 00000000`00000003 : ffffe000`042ac150 fffff800`02060c06 fffff800`00000000 00000000`00000000 : 0xffffe000`01575100
    ffffd000`21925b90 ffffe000`042ac150 : fffff800`02060c06 fffff800`00000000 00000000`00000000 00000000`00000000 : 0x3
    ffffd000`21925b98 fffff800`02060c06 : fffff800`00000000 00000000`00000000 00000000`00000000 5f20c483`00000001 : 0xffffe000`042ac150
    ffffd000`21925ba0 fffff800`00000000 : 00000000`00000000 00000000`00000000 5f20c483`00000001 fffff800`02383c20 : klwfp+0x6c06
    ffffd000`21925ba8 00000000`00000000 : 00000000`00000000 5f20c483`00000001 fffff800`02383c20 fffff800`023932a2 : 0xfffff800`00000000
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    NETIO! ?? ::FNODOBFM::`string'+797c
    fffff800`01835f67 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  NETIO! ?? ::FNODOBFM::`string'+797c
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NETIO
    
    IMAGE_NAME:  NETIO.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7e4
    
    IMAGE_VERSION:  6.3.9600.16384
    
    BUCKET_ID_FUNC_OFFSET:  797c
    
    FAILURE_BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0xc2_7_ndnd_netio!_??_::fnodobfm::_string_
    
    FAILURE_ID_HASH:  {fc6e9aa1-b899-d40c-eb82-38a4130ba536}
    
    Followup: MachineOwner
    ---------
    
    



    Wanikiya and Dyami--Team Zigzag


    Thursday, April 3, 2014 9:59 PM

All replies

  • Mark

    The link is either not shared or does not exist.  Try it again


    Wanikiya and Dyami--Team Zigzag


    • Edited by ZigZag3143x Thursday, April 3, 2014 8:40 PM
    Thursday, April 3, 2014 8:39 PM
  • https://onedrive.live.com/redir?resid=1B17D7BEAB5383AA%21481

    http://1drv.ms/1fC0Zix

    Iv shared it in public so neither should work thanks


    • Edited by Mark0092 Thursday, April 3, 2014 8:55 PM
    Thursday, April 3, 2014 8:54 PM
  • Mark

    These were related to your Kaspersky & Symantec.  First Kaspersky doesnt play well with others in win 8.  Second Symantec is a known cause of crashes.  I would remove both and use the built in defender in their place.  It is never a good idea to run two active malware applications on the same system as they often result in instability and crashes.

    SYSTEM UP-TIME
    System Uptime: 0 days 0:12:03.761
    System Uptime: 0 days 0:06:02.661
    System Uptime: 0 days 0:15:51.802
    System Uptime: 0 days 0:03:57.574
    System Uptime: 0 days 13:16:04.778
    System Uptime: 0 days 4:09:16.316
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    
    
    
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 14:10:46.968 2014 (UTC - 4:00)
    System Uptime: 0 days 0:12:03.761
    BugCheck C2, {7, 1205, 0, ffffe00004ca5c38}
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:58:19.868 2014 (UTC - 4:00)
    System Uptime: 0 days 0:06:02.661
    BugCheck C2, {10, ffffe00006958af8, d6f68e90, ffffe00006958b30}
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for kneps.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_10
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:51:51.009 2014 (UTC - 4:00)
    System Uptime: 0 days 0:15:51.802
    BugCheck C2, {7, 1205, e, ffffe0000141dc48}
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:35:34.781 2014 (UTC - 4:00)
    System Uptime: 0 days 0:03:57.574
    BugCheck C2, {7, 1205, 0, ffffe00005a3e598}
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for kneps.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 13:31:06.984 2014 (UTC - 4:00)
    System Uptime: 0 days 13:16:04.778
    BugCheck C2, {7, 1205, 0, ffffe00001812318}
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_7_NDnd
    PROCESS_NAME:  System
    ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Debug session time: Thu Apr  3 00:14:35.519 2014 (UTC - 4:00)
    System Uptime: 0 days 4:09:16.316
    BugCheck C2, {b, ffffe000082e6028, 0, ffffe000082e6ab8}
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for volmgrx.sys
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    BUGCHECK_STR:  0xc2_b
    PROCESS_NAME:  System
    Kaspersky is a frequent cause of BSOD's.  

    Symantec  is a frequent cause of BSOD's.  

    http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\New folder\040314-20125-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
    Machine Name:
    Kernel base = 0xfffff800`4368b000 PsLoadedModuleList = 0xfffff800`4394f990
    Debug session time: Thu Apr  3 14:10:46.968 2014 (UTC - 4:00)
    System Uptime: 0 days 0:12:03.761
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .............................................
    Loading User Symbols
    Loading unloaded module list
    ..........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck C2, {7, 1205, 0, ffffe00004ca5c38}
    
    *** WARNING: Unable to verify timestamp for klwfp.sys
    *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
    *** WARNING: Unable to verify timestamp for kneps.sys
    *** ERROR: Module load completed but symbols could not be loaded for kneps.sys
    GetPointerFromAddress: unable to read from fffff800439d8150
    GetUlongFromAddress: unable to read from fffff800439d8208
    Probably caused by : NETIO.SYS ( NETIO! ?? ::FNODOBFM::`string'+797c )
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000007, Attempt to free pool which was already freed
    Arg2: 0000000000001205, (reserved)
    Arg3: 0000000000000000, Memory contents of the pool block
    Arg4: ffffe00004ca5c38, Address of the block of pool being deallocated
    
    Debugging Details:
    ------------------
    
    
    POOL_ADDRESS:  ffffe00004ca5c38 Nonpaged pool
    
    FREED_POOL_TAG:  NDnd
    
    BUGCHECK_STR:  0xc2_7_NDnd
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff8004391d3ca to fffff800437d8ca0
    
    STACK_TEXT:  
    ffffd000`21925008 fffff800`4391d3ca : 00000000`000000c2 00000000`00000007 00000000`00001205 00000000`00000000 : nt!KeBugCheckEx
    ffffd000`21925010 fffff800`01835f67 : ffffe000`00ea17a0 ffffe000`04c3dac0 ffffe000`0759b001 fffff800`01cee646 : nt!ExFreePoolWithTag+0x10fa
    ffffd000`219250e0 fffff800`01b73cb4 : ffffe000`041b3602 ffffe000`014f3f20 00000000`00000001 fffff800`01cef1c5 : NETIO! ?? ::FNODOBFM::`string'+0x797c
    ffffd000`21925130 fffff800`01804501 : ffffe000`0759b030 00000000`00000001 00000000`00000000 00000000`00000000 : tcpip!FlpReturnNetBufferListChain+0xd5c54
    ffffd000`21925180 fffff800`018013e7 : ffffe000`04c3dac0 00000000`00000000 00000000`00000000 ffffe000`0759b030 : NETIO!NetioDereferenceNetBufferList+0xb1
    ffffd000`219251f0 fffff800`01aa255b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!NetioDereferenceNetBufferListChain+0x2a7
    ffffd000`219252b0 fffff800`01a9f49a : 00000000`00000000 ffffe000`04c3dac0 ffffe000`0280f000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x55b
    ffffd000`219253e0 fffff800`01bd4bd8 : ffffe000`05aeb240 00000000`00000000 ffffe000`0286d901 ffffe000`04c3da00 : tcpip!IppFlcReceivePacketsCore+0x68a
    ffffd000`21925760 fffff800`01ce16d5 : ffffe000`04aa9d02 ffffe000`00e9a510 ffffd000`21925a99 ffffd000`21920000 : tcpip!IppInspectInjectReceive+0x148
    ffffd000`219257c0 fffff800`437433f9 : 00000000`00000000 ffffe000`00000000 ffffe000`041b3610 ffffe000`041b3610 : fwpkclnt!FwppInjectionStackCallout+0xe5
    ffffd000`21925850 fffff800`01cf26b6 : fffff800`01ce15f0 ffffd000`21925a20 00000000`00000010 00000000`00000001 : nt!KeExpandKernelStackAndCalloutInternal+0xe9
    ffffd000`219259a0 fffff800`0205e49c : ffffe000`041b3610 ffffe000`014f3e80 01cf4f68`09629400 ffffe000`014f3e80 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x2ea
    ffffd000`21925ae0 ffffe000`041b3610 : ffffe000`014f3e80 01cf4f68`09629400 ffffe000`014f3e80 00000000`00000002 : klwfp+0x449c
    ffffd000`21925ae8 ffffe000`014f3e80 : 01cf4f68`09629400 ffffe000`014f3e80 00000000`00000002 00000000`00000001 : 0xffffe000`041b3610
    ffffd000`21925af0 01cf4f68`09629400 : ffffe000`014f3e80 00000000`00000002 00000000`00000001 fffff800`00000004 : 0xffffe000`014f3e80
    ffffd000`21925af8 ffffe000`014f3e80 : 00000000`00000002 00000000`00000001 fffff800`00000004 fffff800`00000000 : 0x01cf4f68`09629400
    ffffd000`21925b00 00000000`00000002 : 00000000`00000001 fffff800`00000004 fffff800`00000000 ffffe000`04c3dac0 : 0xffffe000`014f3e80
    ffffd000`21925b08 00000000`00000001 : fffff800`00000004 fffff800`00000000 ffffe000`04c3dac0 fffff800`0205e414 : 0x2
    ffffd000`21925b10 fffff800`00000004 : fffff800`00000000 ffffe000`04c3dac0 fffff800`0205e414 ffffe000`014f3e80 : 0x1
    ffffd000`21925b18 fffff800`00000000 : ffffe000`04c3dac0 fffff800`0205e414 ffffe000`014f3e80 ffffe000`06a753e0 : 0xfffff800`00000004
    ffffd000`21925b20 ffffe000`04c3dac0 : fffff800`0205e414 ffffe000`014f3e80 ffffe000`06a753e0 fffff800`005c34f0 : 0xfffff800`00000000
    ffffd000`21925b28 fffff800`0205e414 : ffffe000`014f3e80 ffffe000`06a753e0 fffff800`005c34f0 fffff800`0205e6af : 0xffffe000`04c3dac0
    ffffd000`21925b30 ffffe000`014f3e80 : ffffe000`06a753e0 fffff800`005c34f0 fffff800`0205e6af ffffe000`014f3e80 : klwfp+0x4414
    ffffd000`21925b38 ffffe000`06a753e0 : fffff800`005c34f0 fffff800`0205e6af ffffe000`014f3e80 00000000`00000080 : 0xffffe000`014f3e80
    ffffd000`21925b40 fffff800`005c34f0 : fffff800`0205e6af ffffe000`014f3e80 00000000`00000080 ffffe000`014f3e80 : 0xffffe000`06a753e0
    ffffd000`21925b48 fffff800`0205e6af : ffffe000`014f3e80 00000000`00000080 ffffe000`014f3e80 fffff800`005c34f0 : kneps+0x224f0
    ffffd000`21925b50 ffffe000`014f3e80 : 00000000`00000080 ffffe000`014f3e80 fffff800`005c34f0 ffffe000`01536270 : klwfp+0x46af
    ffffd000`21925b58 00000000`00000080 : ffffe000`014f3e80 fffff800`005c34f0 ffffe000`01536270 ffffd000`21925bb0 : 0xffffe000`014f3e80
    ffffd000`21925b60 ffffe000`014f3e80 : fffff800`005c34f0 ffffe000`01536270 ffffd000`21925bb0 ffffe000`01575100 : 0x80
    ffffd000`21925b68 fffff800`005c34f0 : ffffe000`01536270 ffffd000`21925bb0 ffffe000`01575100 00000000`00000003 : 0xffffe000`014f3e80
    ffffd000`21925b70 ffffe000`01536270 : ffffd000`21925bb0 ffffe000`01575100 00000000`00000003 ffffe000`042ac150 : kneps+0x224f0
    ffffd000`21925b78 ffffd000`21925bb0 : ffffe000`01575100 00000000`00000003 ffffe000`042ac150 fffff800`02060c06 : 0xffffe000`01536270
    ffffd000`21925b80 ffffe000`01575100 : 00000000`00000003 ffffe000`042ac150 fffff800`02060c06 fffff800`00000000 : 0xffffd000`21925bb0
    ffffd000`21925b88 00000000`00000003 : ffffe000`042ac150 fffff800`02060c06 fffff800`00000000 00000000`00000000 : 0xffffe000`01575100
    ffffd000`21925b90 ffffe000`042ac150 : fffff800`02060c06 fffff800`00000000 00000000`00000000 00000000`00000000 : 0x3
    ffffd000`21925b98 fffff800`02060c06 : fffff800`00000000 00000000`00000000 00000000`00000000 5f20c483`00000001 : 0xffffe000`042ac150
    ffffd000`21925ba0 fffff800`00000000 : 00000000`00000000 00000000`00000000 5f20c483`00000001 fffff800`02383c20 : klwfp+0x6c06
    ffffd000`21925ba8 00000000`00000000 : 00000000`00000000 5f20c483`00000001 fffff800`02383c20 fffff800`023932a2 : 0xfffff800`00000000
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    NETIO! ?? ::FNODOBFM::`string'+797c
    fffff800`01835f67 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  NETIO! ?? ::FNODOBFM::`string'+797c
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NETIO
    
    IMAGE_NAME:  NETIO.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7e4
    
    IMAGE_VERSION:  6.3.9600.16384
    
    BUCKET_ID_FUNC_OFFSET:  797c
    
    FAILURE_BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    BUCKET_ID:  0xc2_7_NDnd_NETIO!_??_::FNODOBFM::_string_
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0xc2_7_ndnd_netio!_??_::fnodobfm::_string_
    
    FAILURE_ID_HASH:  {fc6e9aa1-b899-d40c-eb82-38a4130ba536}
    
    Followup: MachineOwner
    ---------
    
    



    Wanikiya and Dyami--Team Zigzag


    Thursday, April 3, 2014 9:59 PM
  • Hi thank you, ill try to remove those and use the built in defender.

    May i know where i can find the built in defender for win 8 ?

    Thursday, April 3, 2014 10:24 PM
  • Hi thank you, ill try to remove those and use the built in defender.

    May i know where i can find the built in defender for win 8 ?


    Control panel\Windows Defender

    Roger Lu
    TechNet Community Support

    Friday, April 4, 2014 7:40 AM
  • Mark

    It is built in and should activate automatically when you remove the other malware.


    Wanikiya and Dyami--Team Zigzag

    Friday, April 4, 2014 11:27 AM