Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 07 minutes and 33 seconds
- ================================= CPU ==================================
- COUNT: 4
- MHZ: 3600
- VENDOR: GenuineIntel
- FAMILY: 6
- MODEL: 9e
- STEPPING: b
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 19041.1.amd64fre.vb_release.191206-1406
- BUILD_VERSION: 10.0.19041.388 (WinBuild.160101.0800)
- BUILD: 19041
- SERVICEPACK: 388
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS
- BUILD_TIMESTAMP: unknown_date
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.19041.388
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * Additional BIOS information was not included in the dump file(s). This
- can be caused by an outdated BIOS.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ======================= File: 080320-6906-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff804`16400000 PsLoadedModuleList = 0xfffff804`1702a310
- Debug session time: Mon Aug 3 05:20:31.568 2020 (UTC - 4:00)
- System Uptime: 0 days 0:02:07.254
- BugCheck D1, {0, 2, 0, fffff8041aad8aac}
- *** WARNING: Unable to verify timestamp for klwfp.sys
- *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
- Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+88 )
- Followup: MachineOwner
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: 0000000000000000, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
- Arg4: fffff8041aad8aac, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
- DUMP_TYPE: 2
- READ_ADDRESS: fffff804170fa388: Unable to get MiVisibleState
- 0000000000000000
- CURRENT_IRQL: 2
- FAULTING_IP:
- tcpip!FlpReturnNetBufferListChain+6f71c
- fffff804`1aad8aac 488b01 mov rax,qword ptr [rcx]
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- TRAP_FRAME: fffff48ccfadf170 -- (.trap 0xfffff48ccfadf170)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=00000000000000c8 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8041aad8aac rsp=fffff48ccfadf300 rbp=ffffd58c4bff3c10
- r8=00000000000001f0 r9=0000000000000000 r10=ffffd58c48393768
- r11=00000000000000b7 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe nc
- tcpip!FlpReturnNetBufferListChain+0x6f71c:
- fffff804`1aad8aac 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff804167efa29 to fffff804167ddb60
- STACK_TEXT:
- fffff48c`cfadf028 fffff804`167efa29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- fffff48c`cfadf030 fffff804`167ebd29 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- fffff48c`cfadf170 fffff804`1aad8aac : ffffd58c`48373f10 00000000`00000000 ffffd58c`4bcb3d80 00000000`00000000 : nt!KiPageFault+0x469
- fffff48c`cfadf300 fffff804`1a925d98 : ffffd58c`45645300 ffffd58c`4bff3c10 00000000`00000000 fffff804`1a922504 : tcpip!FlpReturnNetBufferListChain+0x6f71c
- fffff48c`cfadf360 fffff804`1a925bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff48c`00000000 : NETIO!NetioDereferenceNetBufferList+0x88
- fffff48c`cfadf3b0 fffff804`1aa3ae96 : 00000000`00000000 fffff48c`cfadf400 00000000`00000000 ffffd58c`43eba000 : NETIO!NetioDereferenceNetBufferListChain+0x1c8
- fffff48c`cfadf430 fffff804`1aa3747f : fffff804`1abfa230 ffffd58c`43d6c8a0 ffffd58c`43eba000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x2b6
- fffff48c`cfadf530 fffff804`1ab617a2 : ffffd58c`4ab32710 ffffd58c`4bcb3d80 00000000`00000001 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x32f
- fffff48c`cfadf650 fffff804`1ab61624 : ffffd58c`43b53040 fffff48c`cfadf900 fffff48c`cfadf900 ffffd58c`43d50400 : tcpip!IppInspectInjectReceiveEx+0x172
- fffff48c`cfadf6a0 fffff804`1ad087b6 : fffff804`1ad086a0 fffff48c`cfadf900 00000000`00000000 fffff804`1663739e : tcpip!IppInspectInjectReceive+0x24
- fffff48c`cfadf700 fffff804`16637218 : fffff48c`cfadf900 ffffd58c`43d50480 00000000`00000003 ffffd58c`4a47f3b0 : fwpkclnt!FwppInjectionStackCallout+0x116
- fffff48c`cfadf790 fffff804`1663718d : fffff804`1ad086a0 fffff48c`cfadf900 ffffd58c`43c9c3c0 ffffd58c`4dff78f0 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- fffff48c`cfadf800 fffff804`1ad0a2b4 : 00000000`00000001 fffff804`1acf16e3 ffffd58c`4a47f3b0 fffff804`1cf35530 : nt!KeExpandKernelStackAndCalloutEx+0x1d
- fffff48c`cfadf840 fffff804`1ad09ea4 : 00000000`00000000 fffff48c`cfadf979 00000000`00000001 ffffd58c`4bcb3d80 : fwpkclnt!NetioExpandKernelStackAndCallout+0x58
- fffff48c`cfadf880 fffff804`1cf35685 : ffffd58c`452dc2e0 ffffd58c`4a47f3b0 ffffffff`00000000 ffffd58c`4a47f3b0 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x304
- fffff48c`cfadf9c0 ffffd58c`452dc2e0 : ffffd58c`4a47f3b0 ffffffff`00000000 ffffd58c`4a47f3b0 01010101`00000002 : klwfp+0x5685
- fffff48c`cfadf9c8 ffffd58c`4a47f3b0 : ffffffff`00000000 ffffd58c`4a47f3b0 01010101`00000002 00000000`00000001 : 0xffffd58c`452dc2e0
- fffff48c`cfadf9d0 ffffffff`00000000 : ffffd58c`4a47f3b0 01010101`00000002 00000000`00000001 00000000`00000011 : 0xffffd58c`4a47f3b0
- fffff48c`cfadf9d8 ffffd58c`4a47f3b0 : 01010101`00000002 00000000`00000001 00000000`00000011 00000000`00000000 : 0xffffffff`00000000
- fffff48c`cfadf9e0 01010101`00000002 : 00000000`00000001 00000000`00000011 00000000`00000000 ffffd58c`00000000 : 0xffffd58c`4a47f3b0
- fffff48c`cfadf9e8 00000000`00000001 : 00000000`00000011 00000000`00000000 ffffd58c`00000000 fffff804`1cf35530 : 0x01010101`00000002
- fffff48c`cfadf9f0 00000000`00000011 : 00000000`00000000 ffffd58c`00000000 fffff804`1cf35530 ffffd58c`4a47f3b0 : 0x1
- fffff48c`cfadf9f8 00000000`00000000 : ffffd58c`00000000 fffff804`1cf35530 ffffd58c`4a47f3b0 ffffd58c`452caff0 : 0x11
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: ba0cd6b4cdf456ab1f345f4a868c50ff0dc07d3d
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d993a4663540889d31e12f91daa50cf6a36edfe7
- THREAD_SHA1_HASH_MOD: 1e2611d0f57659d8711f1f61624d86e427b7c3cb
- FOLLOWUP_IP:
- NETIO!NetioDereferenceNetBufferList+88
- fffff804`1a925d98 4885ff test rdi,rdi
- FAULT_INSTR_CODE: 74ff8548
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+88
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NETIO
- IMAGE_NAME: NETIO.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 6e89bcc
- IMAGE_VERSION: 10.0.19041.208
- BUCKET_ID_FUNC_OFFSET: 88
- FAILURE_BUCKET_ID: OLD_IMAGE_NETIO.SYS
- BUCKET_ID: OLD_IMAGE_NETIO.SYS
- PRIMARY_PROBLEM_CLASS: OLD_IMAGE_NETIO.SYS
- TARGET_TIME: 2020-08-03T09:20:31.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:old_image_netio.sys
- FAILURE_ID_HASH: {248567a9-afbb-75e2-4d3a-e2178362efb0}
- Followup: MachineOwner
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- May 28 2015 - netr28ux.sys - Ralink Wireless Adapter driver https://www.mediatek.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Apr 04 2019 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jul 01 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jun 29 2020 - vgk.sys - Vanguard Anti-Cheat driver
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Mapped memory image file: C:\ProgramData\dbg\sym\netr28ux.sys\55672624229000\netr28ux.sys
- Image path: \SystemRoot\System32\drivers\netr28ux.sys
- Image name: netr28ux.sys
- Search : https://www.google.com/search?q=netr28ux.sys
- ADA Info : Ralink Wireless Adapter driver https://www.mediatek.com/
- Timestamp : Thu May 28 2015
- File version: 5.1.22.0
- Product version: 5.1.22.0
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: MediaTek Inc.
- ProductName: MediaTek 802.11n Wireless Adapters
- InternalName: netr28ux.sys
- OriginalFilename: netr28ux.sys
- ProductVersion: 5.01.22.0000
- FileVersion: 5.01.22.0000
- FileDescription: MediaTek 802.11n Wireless Adapter Driver
- LegalCopyright: MediaTek Inc. (C)2015. All rights reserved.
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Thu Apr 4 2019
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Jul 1 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\Program Files\Riot Vanguard\vgk.sys
- Image name: vgk.sys
- Search : https://www.google.com/search?q=vgk.sys
- ADA Info : Vanguard Anti-Cheat driver
- Timestamp : Mon Jun 29 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpitime.sys ACPI Wake Alarm (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- FsDepends.sys File System Dependency Manager Mini Filter driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- hvservice.sys Hypervisor Boot driver (Microsoft)
- hvsocket.sys Hyper-V Socket Provider (Microsoft)
- hvsocketcontrol.sys Hyper-V Socket Provider Control driver (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- storvsp.sys Storage vsp Driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- usbvideo.sys USB Video Class Driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- vfpext.sys Microsoft Azure VFP Extension (Microsoft)
- vhdmp.sys VHD Miniport driver (Microsoft)
- vhdparser.sys VHD Parser driver (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- vkrnlintvsp.sys Microsoft Hyper-V NT Kernel Integration VSP Driver
- vmbkmclr.sys Hyper-V VMBus Root KMCL (Microsoft)
- vmbusr.sys Microsoft Hyper-V Virtual Machine Bus Root driver (Microsoft)
- VmsProxy.sys VMSwitch Proxy Driver
- VmsProxyHNic.sys VmSwitch NIC Proxy Driver
- vmswitch.sys Network Virtualization Service Provider (Microsoft)
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vpcivsp.sys Virtual PCI VSP driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winnat.sys Windows NAT Driver
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff804`1d060000 fffff804`1d099000 klids.sys
- fffff804`5a1b0000 fffff804`5a1bb000 klpnpflt.sys
- fffff804`5a190000 fffff804`5a1a1000 MSKSSRV.sys
- fffff804`5a9a0000 fffff804`5a9b7000 klupd_klif_k
- fffff804`1a3d0000 fffff804`1a3ed000 EhStorClass.
- fffff804`1b610000 fffff804`1b61f000 dump_storpor
- fffff804`1b660000 fffff804`1b693000 dump_storahc
- fffff804`1b6c0000 fffff804`1b6de000 dump_dumpfve
- fffff804`1bdd0000 fffff804`1bddb000 klpnpflt.sys
- fffff804`1d5c0000 fffff804`1d5cc000 WdmCompanion
- fffff804`20fe0000 fffff804`20feb000 klpnpflt.sys
- fffff804`1f890000 fffff804`1f89b000 klpnpflt.sys
- fffff804`1d100000 fffff804`1d11c000 dam.sys
- fffff804`19e90000 fffff804`19ea2000 WdBoot.sys
- fffff804`19e80000 fffff804`19e8e000 klelam.sys
- fffff804`1b030000 fffff804`1b040000 hwpolicy.sys
- fffff804`139f0000 fffff804`13c80000 mcupdate.dll
- ====================== Dump #1: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #1: Extra #1 ===========================
- 1: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #1: Extra #2 ===========================
- 1: kd> !thread
- THREAD ffffd58c43b53040 Cid 0004.01f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8041701143c
- Owning Process ffffd58c43282080 Image: System
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 8144
- Context Switch Count 1228 IdealProcessor: 2
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- *** WARNING: Unable to verify timestamp for klflt.sys
- *** ERROR: Module load completed but symbols could not be loaded for klflt.sys
- Win32 Start Address klflt (0xfffff8041c8cf710)
- Stack Init fffff48ccfadfb90 Current fffff48ccfadf710
- Base fffff48ccfae0000 Limit fffff48ccfad9000 Call 0000000000000000
- Priority 12 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffff48c`cfadf028 fffff804`167efa29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- fffff48c`cfadf030 fffff804`167ebd29 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- fffff48c`cfadf170 fffff804`1aad8aac : ffffd58c`48373f10 00000000`00000000 ffffd58c`4bcb3d80 00000000`00000000 : nt!KiPageFault+0x469 (TrapFrame @ fffff48c`cfadf170)
- fffff48c`cfadf300 fffff804`1a925d98 : ffffd58c`45645300 ffffd58c`4bff3c10 00000000`00000000 fffff804`1a922504 : tcpip!FlpReturnNetBufferListChain+0x6f71c
- fffff48c`cfadf360 fffff804`1a925bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff48c`00000000 : NETIO!NetioDereferenceNetBufferList+0x88
- fffff48c`cfadf3b0 fffff804`1aa3ae96 : 00000000`00000000 fffff48c`cfadf400 00000000`00000000 ffffd58c`43eba000 : NETIO!NetioDereferenceNetBufferListChain+0x1c8
- fffff48c`cfadf430 fffff804`1aa3747f : fffff804`1abfa230 ffffd58c`43d6c8a0 ffffd58c`43eba000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x2b6
- fffff48c`cfadf530 fffff804`1ab617a2 : ffffd58c`4ab32710 ffffd58c`4bcb3d80 00000000`00000001 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x32f
- fffff48c`cfadf650 fffff804`1ab61624 : ffffd58c`43b53040 fffff48c`cfadf900 fffff48c`cfadf900 ffffd58c`43d50400 : tcpip!IppInspectInjectReceiveEx+0x172
- fffff48c`cfadf6a0 fffff804`1ad087b6 : fffff804`1ad086a0 fffff48c`cfadf900 00000000`00000000 fffff804`1663739e : tcpip!IppInspectInjectReceive+0x24
- fffff48c`cfadf700 fffff804`16637218 : fffff48c`cfadf900 ffffd58c`43d50480 00000000`00000003 ffffd58c`4a47f3b0 : fwpkclnt!FwppInjectionStackCallout+0x116
- fffff48c`cfadf790 fffff804`1663718d : fffff804`1ad086a0 fffff48c`cfadf900 ffffd58c`43c9c3c0 ffffd58c`4dff78f0 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- fffff48c`cfadf800 fffff804`1ad0a2b4 : 00000000`00000001 fffff804`1acf16e3 ffffd58c`4a47f3b0 fffff804`1cf35530 : nt!KeExpandKernelStackAndCalloutEx+0x1d
- fffff48c`cfadf840 fffff804`1ad09ea4 : 00000000`00000000 fffff48c`cfadf979 00000000`00000001 ffffd58c`4bcb3d80 : fwpkclnt!NetioExpandKernelStackAndCallout+0x58
- fffff48c`cfadf880 fffff804`1cf35685 : ffffd58c`452dc2e0 ffffd58c`4a47f3b0 ffffffff`00000000 ffffd58c`4a47f3b0 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x304
- fffff48c`cfadf9c0 ffffd58c`452dc2e0 : ffffd58c`4a47f3b0 ffffffff`00000000 ffffd58c`4a47f3b0 01010101`00000002 : klwfp+0x5685
- fffff48c`cfadf9c8 ffffd58c`4a47f3b0 : ffffffff`00000000 ffffd58c`4a47f3b0 01010101`00000002 00000000`00000001 : 0xffffd58c`452dc2e0
- fffff48c`cfadf9d0 ffffffff`00000000 : ffffd58c`4a47f3b0 01010101`00000002 00000000`00000001 00000000`00000011 : 0xffffd58c`4a47f3b0
- fffff48c`cfadf9d8 ffffd58c`4a47f3b0 : 01010101`00000002 00000000`00000001 00000000`00000011 00000000`00000000 : 0xffffffff`00000000
- fffff48c`cfadf9e0 01010101`00000002 : 00000000`00000001 00000000`00000011 00000000`00000000 ffffd58c`00000000 : 0xffffd58c`4a47f3b0
- fffff48c`cfadf9e8 00000000`00000001 : 00000000`00000011 00000000`00000000 ffffd58c`00000000 fffff804`1cf35530 : 0x01010101`00000002
- fffff48c`cfadf9f0 00000000`00000011 : 00000000`00000000 ffffd58c`00000000 fffff804`1cf35530 ffffd58c`4a47f3b0 : 0x1
- fffff48c`cfadf9f8 00000000`00000000 : ffffd58c`00000000 fffff804`1cf35530 ffffd58c`4a47f3b0 ffffd58c`452caff0 : 0x11
- ========================================================================
- ======================= Dump #2: ANALYZE VERBOSE =======================
- ======================= File: 080320-6796-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff802`51400000 PsLoadedModuleList = 0xfffff802`5202a310
- Debug session time: Mon Aug 3 05:38:19.322 2020 (UTC - 4:00)
- System Uptime: 0 days 0:00:42.008
- BugCheck D1, {0, 2, 0, fffff802540d8aac}
- *** WARNING: Unable to verify timestamp for klwfp.sys
- *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
- Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+88 )
- Followup: MachineOwner
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: 0000000000000000, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
- Arg4: fffff802540d8aac, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
- DUMP_TYPE: 2
- READ_ADDRESS: fffff802520fa388: Unable to get MiVisibleState
- 0000000000000000
- CURRENT_IRQL: 2
- FAULTING_IP:
- tcpip!FlpReturnNetBufferListChain+6f71c
- fffff802`540d8aac 488b01 mov rax,qword ptr [rcx]
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- TRAP_FRAME: ffff850b32ea7170 -- (.trap 0xffff850b32ea7170)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=00000000000000c8 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff802540d8aac rsp=ffff850b32ea7300 rbp=ffff8601b74f8650
- r8=00000000000001f0 r9=0000000000000000 r10=ffff8601b3653628
- r11=0000000000000253 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe nc
- tcpip!FlpReturnNetBufferListChain+0x6f71c:
- fffff802`540d8aac 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff802517efa29 to fffff802517ddb60
- STACK_TEXT:
- ffff850b`32ea7028 fffff802`517efa29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- ffff850b`32ea7030 fffff802`517ebd29 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffff850b`32ea7170 fffff802`540d8aac : ffff8601`b35d9c00 00000000`00000000 ffff8601`b7328cb0 00000000`00000000 : nt!KiPageFault+0x469
- ffff850b`32ea7300 fffff802`53f25d98 : ffff8601`b7402cf0 ffff8601`b74f8650 00000000`00000000 fffff802`53f22504 : tcpip!FlpReturnNetBufferListChain+0x6f71c
- ffff850b`32ea7360 fffff802`53f25bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff850b`00000000 : NETIO!NetioDereferenceNetBufferList+0x88
- ffff850b`32ea73b0 fffff802`5403ae96 : 00000000`00000000 ffff850b`32ea7400 00000000`00000000 ffff8601`ae4ce000 : NETIO!NetioDereferenceNetBufferListChain+0x1c8
- ffff850b`32ea7430 fffff802`5403747f : fffff802`541fa230 ffff8601`ae4cd030 ffff8601`ae4ce000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x2b6
- ffff850b`32ea7530 fffff802`541617a2 : ffff8601`b4440b10 ffff8601`b7328cb0 00000000`00000001 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x32f
- ffff850b`32ea7650 fffff802`54161624 : ffff8601`ae13a040 ffff850b`32ea7900 ffff850b`32ea7900 ffff8601`ac83c600 : tcpip!IppInspectInjectReceiveEx+0x172
- ffff850b`32ea76a0 fffff802`543087b6 : fffff802`543086a0 ffff850b`32ea7900 00000000`00000000 fffff802`5163739e : tcpip!IppInspectInjectReceive+0x24
- ffff850b`32ea7700 fffff802`51637218 : ffff850b`32ea7900 ffff8601`ac83c6c0 00000000`00000003 ffff8601`b6c9f140 : fwpkclnt!FwppInjectionStackCallout+0x116
- ffff850b`32ea7790 fffff802`5163718d : fffff802`543086a0 ffff850b`32ea7900 ffff8601`ae1a2f60 ffff8601`b353a550 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffff850b`32ea7800 fffff802`5430a2b4 : 00000000`00000001 fffff802`542f16e3 ffff8601`b6c9f140 fffff802`550f5530 : nt!KeExpandKernelStackAndCalloutEx+0x1d
- ffff850b`32ea7840 fffff802`54309ea4 : 00000000`00000000 ffff850b`32ea7979 00000000`00000001 ffff8601`b7328cb0 : fwpkclnt!NetioExpandKernelStackAndCallout+0x58
- ffff850b`32ea7880 fffff802`550f5685 : ffff8601`ae9231d0 ffff8601`b6c9f140 ffffffff`00000000 ffff8601`b6c9f140 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x304
- ffff850b`32ea79c0 ffff8601`ae9231d0 : ffff8601`b6c9f140 ffffffff`00000000 ffff8601`b6c9f140 01010101`00000002 : klwfp+0x5685
- ffff850b`32ea79c8 ffff8601`b6c9f140 : ffffffff`00000000 ffff8601`b6c9f140 01010101`00000002 00000000`00000001 : 0xffff8601`ae9231d0
- ffff850b`32ea79d0 ffffffff`00000000 : ffff8601`b6c9f140 01010101`00000002 00000000`00000001 00000000`0000001a : 0xffff8601`b6c9f140
- ffff850b`32ea79d8 ffff8601`b6c9f140 : 01010101`00000002 00000000`00000001 00000000`0000001a 00000000`00000000 : 0xffffffff`00000000
- ffff850b`32ea79e0 01010101`00000002 : 00000000`00000001 00000000`0000001a 00000000`00000000 ffff8601`00000000 : 0xffff8601`b6c9f140
- ffff850b`32ea79e8 00000000`00000001 : 00000000`0000001a 00000000`00000000 ffff8601`00000000 fffff802`550f5530 : 0x01010101`00000002
- ffff850b`32ea79f0 00000000`0000001a : 00000000`00000000 ffff8601`00000000 fffff802`550f5530 ffff8601`b6c9f140 : 0x1
- ffff850b`32ea79f8 00000000`00000000 : ffff8601`00000000 fffff802`550f5530 ffff8601`b6c9f140 ffff8601`ae912d30 : 0x1a
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: ba0cd6b4cdf456ab1f345f4a868c50ff0dc07d3d
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d993a4663540889d31e12f91daa50cf6a36edfe7
- THREAD_SHA1_HASH_MOD: 1e2611d0f57659d8711f1f61624d86e427b7c3cb
- FOLLOWUP_IP:
- NETIO!NetioDereferenceNetBufferList+88
- fffff802`53f25d98 4885ff test rdi,rdi
- FAULT_INSTR_CODE: 74ff8548
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+88
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NETIO
- IMAGE_NAME: NETIO.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 6e89bcc
- IMAGE_VERSION: 10.0.19041.208
- BUCKET_ID_FUNC_OFFSET: 88
- FAILURE_BUCKET_ID: OLD_IMAGE_NETIO.SYS
- BUCKET_ID: OLD_IMAGE_NETIO.SYS
- PRIMARY_PROBLEM_CLASS: OLD_IMAGE_NETIO.SYS
- TARGET_TIME: 2020-08-03T09:38:19.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:old_image_netio.sys
- FAILURE_ID_HASH: {248567a9-afbb-75e2-4d3a-e2178362efb0}
- Followup: MachineOwner
- ====================== Dump #2: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- May 28 2015 - netr28ux.sys - Ralink Wireless Adapter driver https://www.mediatek.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Apr 04 2019 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jul 01 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Mapped memory image file: C:\ProgramData\dbg\sym\netr28ux.sys\55672624229000\netr28ux.sys
- Image path: \SystemRoot\System32\drivers\netr28ux.sys
- Image name: netr28ux.sys
- Search : https://www.google.com/search?q=netr28ux.sys
- ADA Info : Ralink Wireless Adapter driver https://www.mediatek.com/
- Timestamp : Thu May 28 2015
- File version: 5.1.22.0
- Product version: 5.1.22.0
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: MediaTek Inc.
- ProductName: MediaTek 802.11n Wireless Adapters
- InternalName: netr28ux.sys
- OriginalFilename: netr28ux.sys
- ProductVersion: 5.01.22.0000
- FileVersion: 5.01.22.0000
- FileDescription: MediaTek 802.11n Wireless Adapter Driver
- LegalCopyright: MediaTek Inc. (C)2015. All rights reserved.
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Thu Apr 4 2019
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Jul 1 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #2: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpitime.sys ACPI Wake Alarm (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- FsDepends.sys File System Dependency Manager Mini Filter driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- hvservice.sys Hypervisor Boot driver (Microsoft)
- hvsocket.sys Hyper-V Socket Provider (Microsoft)
- hvsocketcontrol.sys Hyper-V Socket Provider Control driver (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- storvsp.sys Storage vsp Driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- usbvideo.sys USB Video Class Driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- vfpext.sys Microsoft Azure VFP Extension (Microsoft)
- vhdmp.sys VHD Miniport driver (Microsoft)
- vhdparser.sys VHD Parser driver (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- vkrnlintvsp.sys Microsoft Hyper-V NT Kernel Integration VSP Driver
- vmbkmclr.sys Hyper-V VMBus Root KMCL (Microsoft)
- vmbusr.sys Microsoft Hyper-V Virtual Machine Bus Root driver (Microsoft)
- VmsProxy.sys VMSwitch Proxy Driver
- VmsProxyHNic.sys VmSwitch NIC Proxy Driver
- vmswitch.sys Network Virtualization Service Provider (Microsoft)
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vpcivsp.sys Virtual PCI VSP driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winnat.sys Windows NAT Driver
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #2: UNLOADED MODULES =======================
- fffff802`55c80000 fffff802`55cb9000 klids.sys
- fffff802`5a400000 fffff802`5a40b000 klpnpflt.sys
- fffff802`5a3e0000 fffff802`5a3f1000 MSKSSRV.sys
- fffff802`539d0000 fffff802`539ed000 EhStorClass.
- fffff802`98bc0000 fffff802`98bd7000 klupd_klif_k
- fffff802`59ea0000 fffff802`59eab000 klpnpflt.sys
- fffff802`5abc0000 fffff802`5abcc000 WdmCompanion
- fffff802`55780000 fffff802`5578f000 dump_storpor
- fffff802`54c00000 fffff802`54c33000 dump_storahc
- fffff802`54c60000 fffff802`54c7e000 dump_dumpfve
- fffff802`5ab00000 fffff802`5ab0b000 klpnpflt.sys
- fffff802`59df0000 fffff802`59dfb000 klpnpflt.sys
- fffff802`55d20000 fffff802`55d3c000 dam.sys
- fffff802`54c80000 fffff802`55199000 vgk.sys
- fffff802`53490000 fffff802`534a2000 WdBoot.sys
- fffff802`53480000 fffff802`5348e000 klelam.sys
- fffff802`54630000 fffff802`54640000 hwpolicy.sys
- fffff802`4d120000 fffff802`4d3b0000 mcupdate.dll
- ====================== Dump #2: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #2: Extra #1 ===========================
- 3: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #2: Extra #2 ===========================
- 3: kd> !thread
- THREAD ffff8601ae13a040 Cid 0004.01e4 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8025201143c
- Owning Process ffff8601ac87a040 Image: System
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 2687
- Context Switch Count 1314 IdealProcessor: 1
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- *** WARNING: Unable to verify timestamp for klflt.sys
- *** ERROR: Module load completed but symbols could not be loaded for klflt.sys
- Win32 Start Address klflt (0xfffff8025524f710)
- Stack Init ffff850b32ea7b90 Current ffff850b32ea7710
- Base ffff850b32ea8000 Limit ffff850b32ea1000 Call 0000000000000000
- Priority 12 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffff850b`32ea7028 fffff802`517efa29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- ffff850b`32ea7030 fffff802`517ebd29 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffff850b`32ea7170 fffff802`540d8aac : ffff8601`b35d9c00 00000000`00000000 ffff8601`b7328cb0 00000000`00000000 : nt!KiPageFault+0x469 (TrapFrame @ ffff850b`32ea7170)
- ffff850b`32ea7300 fffff802`53f25d98 : ffff8601`b7402cf0 ffff8601`b74f8650 00000000`00000000 fffff802`53f22504 : tcpip!FlpReturnNetBufferListChain+0x6f71c
- ffff850b`32ea7360 fffff802`53f25bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff850b`00000000 : NETIO!NetioDereferenceNetBufferList+0x88
- ffff850b`32ea73b0 fffff802`5403ae96 : 00000000`00000000 ffff850b`32ea7400 00000000`00000000 ffff8601`ae4ce000 : NETIO!NetioDereferenceNetBufferListChain+0x1c8
- ffff850b`32ea7430 fffff802`5403747f : fffff802`541fa230 ffff8601`ae4cd030 ffff8601`ae4ce000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x2b6
- ffff850b`32ea7530 fffff802`541617a2 : ffff8601`b4440b10 ffff8601`b7328cb0 00000000`00000001 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x32f
- ffff850b`32ea7650 fffff802`54161624 : ffff8601`ae13a040 ffff850b`32ea7900 ffff850b`32ea7900 ffff8601`ac83c600 : tcpip!IppInspectInjectReceiveEx+0x172
- ffff850b`32ea76a0 fffff802`543087b6 : fffff802`543086a0 ffff850b`32ea7900 00000000`00000000 fffff802`5163739e : tcpip!IppInspectInjectReceive+0x24
- ffff850b`32ea7700 fffff802`51637218 : ffff850b`32ea7900 ffff8601`ac83c6c0 00000000`00000003 ffff8601`b6c9f140 : fwpkclnt!FwppInjectionStackCallout+0x116
- ffff850b`32ea7790 fffff802`5163718d : fffff802`543086a0 ffff850b`32ea7900 ffff8601`ae1a2f60 ffff8601`b353a550 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffff850b`32ea7800 fffff802`5430a2b4 : 00000000`00000001 fffff802`542f16e3 ffff8601`b6c9f140 fffff802`550f5530 : nt!KeExpandKernelStackAndCalloutEx+0x1d
- ffff850b`32ea7840 fffff802`54309ea4 : 00000000`00000000 ffff850b`32ea7979 00000000`00000001 ffff8601`b7328cb0 : fwpkclnt!NetioExpandKernelStackAndCallout+0x58
- ffff850b`32ea7880 fffff802`550f5685 : ffff8601`ae9231d0 ffff8601`b6c9f140 ffffffff`00000000 ffff8601`b6c9f140 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x304
- ffff850b`32ea79c0 ffff8601`ae9231d0 : ffff8601`b6c9f140 ffffffff`00000000 ffff8601`b6c9f140 01010101`00000002 : klwfp+0x5685
- ffff850b`32ea79c8 ffff8601`b6c9f140 : ffffffff`00000000 ffff8601`b6c9f140 01010101`00000002 00000000`00000001 : 0xffff8601`ae9231d0
- ffff850b`32ea79d0 ffffffff`00000000 : ffff8601`b6c9f140 01010101`00000002 00000000`00000001 00000000`0000001a : 0xffff8601`b6c9f140
- ffff850b`32ea79d8 ffff8601`b6c9f140 : 01010101`00000002 00000000`00000001 00000000`0000001a 00000000`00000000 : 0xffffffff`00000000
- ffff850b`32ea79e0 01010101`00000002 : 00000000`00000001 00000000`0000001a 00000000`00000000 ffff8601`00000000 : 0xffff8601`b6c9f140
- ffff850b`32ea79e8 00000000`00000001 : 00000000`0000001a 00000000`00000000 ffff8601`00000000 fffff802`550f5530 : 0x01010101`00000002
- ffff850b`32ea79f0 00000000`0000001a : 00000000`00000000 ffff8601`00000000 fffff802`550f5530 ffff8601`b6c9f140 : 0x1
- ffff850b`32ea79f8 00000000`00000000 : ffff8601`00000000 fffff802`550f5530 ffff8601`b6c9f140 ffff8601`ae912d30 : 0x1a
- ========================================================================
- ======================= Dump #3: ANALYZE VERBOSE =======================
- ====================== File: 080320-12609-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff804`0da00000 PsLoadedModuleList = 0xfffff804`0e62a310
- Debug session time: Mon Aug 3 05:15:55.695 2020 (UTC - 4:00)
- System Uptime: 0 days 6:03:21.381
- BugCheck D1, {0, 2, 0, fffff80410ed8aac}
- *** WARNING: Unable to verify timestamp for klwfp.sys
- *** ERROR: Module load completed but symbols could not be loaded for klwfp.sys
- Probably caused by : NETIO.SYS ( NETIO!NetioDereferenceNetBufferList+88 )
- Followup: MachineOwner
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: 0000000000000000, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
- Arg4: fffff80410ed8aac, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
- DUMP_TYPE: 2
- READ_ADDRESS: fffff8040e6fa388: Unable to get MiVisibleState
- 0000000000000000
- CURRENT_IRQL: 2
- FAULTING_IP:
- tcpip!FlpReturnNetBufferListChain+6f71c
- fffff804`10ed8aac 488b01 mov rax,qword ptr [rcx]
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- TRAP_FRAME: fffff40e5e4e7170 -- (.trap 0xfffff40e5e4e7170)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=0000000000000088 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80410ed8aac rsp=fffff40e5e4e7300 rbp=ffff8804ed80aa70
- r8=00000000000001f0 r9=0000000000000000 r10=ffff8804f0d96968
- r11=000000000000016b r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe nc
- tcpip!FlpReturnNetBufferListChain+0x6f71c:
- fffff804`10ed8aac 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff8040ddefa29 to fffff8040ddddb60
- STACK_TEXT:
- fffff40e`5e4e7028 fffff804`0ddefa29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- fffff40e`5e4e7030 fffff804`0ddebd29 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- fffff40e`5e4e7170 fffff804`10ed8aac : ffff8804`f08f41d0 00000000`00000000 ffff8804`ef8192d0 00000000`00000000 : nt!KiPageFault+0x469
- fffff40e`5e4e7300 fffff804`10d25d98 : ffff8804`f190da40 ffff8804`ed80aa70 00000000`00000000 fffff804`10d22504 : tcpip!FlpReturnNetBufferListChain+0x6f71c
- fffff40e`5e4e7360 fffff804`10d25bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff40e`00000000 : NETIO!NetioDereferenceNetBufferList+0x88
- fffff40e`5e4e73b0 fffff804`10e3ae96 : 00000000`00000000 fffff40e`5e4e7400 00000000`00000000 ffff8804`e2cac000 : NETIO!NetioDereferenceNetBufferListChain+0x1c8
- fffff40e`5e4e7430 fffff804`10e3747f : fffff804`10ffa230 ffff8804`e2b3a010 ffff8804`e2cac000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x2b6
- fffff40e`5e4e7530 fffff804`10f617a2 : ffff8804`f005b8a0 ffff8804`ef8192d0 00000000`00000001 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x32f
- fffff40e`5e4e7650 fffff804`10f61624 : ffff8804`e2fba040 fffff40e`5e4e7900 fffff40e`5e4e7900 ffff8804`e2b40300 : tcpip!IppInspectInjectReceiveEx+0x172
- fffff40e`5e4e76a0 fffff804`111087b6 : fffff804`111086a0 fffff40e`5e4e7900 00000000`00000000 fffff804`0dc3739e : tcpip!IppInspectInjectReceive+0x24
- fffff40e`5e4e7700 fffff804`0dc37218 : fffff40e`5e4e7900 ffff8804`e2b40360 00000000`00000003 ffff8804`f31afc40 : fwpkclnt!FwppInjectionStackCallout+0x116
- fffff40e`5e4e7790 fffff804`0dc3718d : fffff804`111086a0 fffff40e`5e4e7900 ffff8804`e29a30a0 ffff8804`eeb24e10 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- fffff40e`5e4e7800 fffff804`1110a2b4 : 00000000`00000001 fffff804`110f16e3 ffff8804`f31afc40 fffff804`12b45530 : nt!KeExpandKernelStackAndCalloutEx+0x1d
- fffff40e`5e4e7840 fffff804`11109ea4 : 00000000`00000000 fffff40e`5e4e7979 00000000`00000001 ffff8804`ef8192d0 : fwpkclnt!NetioExpandKernelStackAndCallout+0x58
- fffff40e`5e4e7880 fffff804`12b45685 : ffff8804`e4226f60 ffff8804`f31afc40 ffffffff`00000000 ffff8804`f31afc40 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x304
- fffff40e`5e4e79c0 ffff8804`e4226f60 : ffff8804`f31afc40 ffffffff`00000000 ffff8804`f31afc40 01010101`00000002 : klwfp+0x5685
- fffff40e`5e4e79c8 ffff8804`f31afc40 : ffffffff`00000000 ffff8804`f31afc40 01010101`00000002 00000000`00000001 : 0xffff8804`e4226f60
- fffff40e`5e4e79d0 ffffffff`00000000 : ffff8804`f31afc40 01010101`00000002 00000000`00000001 00000000`0000000d : 0xffff8804`f31afc40
- fffff40e`5e4e79d8 ffff8804`f31afc40 : 01010101`00000002 00000000`00000001 00000000`0000000d 00000000`00000000 : 0xffffffff`00000000
- fffff40e`5e4e79e0 01010101`00000002 : 00000000`00000001 00000000`0000000d 00000000`00000000 ffff8804`00000000 : 0xffff8804`f31afc40
- fffff40e`5e4e79e8 00000000`00000001 : 00000000`0000000d 00000000`00000000 ffff8804`00000000 fffff804`12b45530 : 0x01010101`00000002
- fffff40e`5e4e79f0 00000000`0000000d : 00000000`00000000 ffff8804`00000000 fffff804`12b45530 ffff8804`f31afc40 : 0x1
- fffff40e`5e4e79f8 00000000`00000000 : ffff8804`00000000 fffff804`12b45530 ffff8804`f31afc40 ffff8804`e2fdee70 : 0xd
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: ba0cd6b4cdf456ab1f345f4a868c50ff0dc07d3d
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d993a4663540889d31e12f91daa50cf6a36edfe7
- THREAD_SHA1_HASH_MOD: 1e2611d0f57659d8711f1f61624d86e427b7c3cb
- FOLLOWUP_IP:
- NETIO!NetioDereferenceNetBufferList+88
- fffff804`10d25d98 4885ff test rdi,rdi
- FAULT_INSTR_CODE: 74ff8548
- SYMBOL_STACK_INDEX: 4
- SYMBOL_NAME: NETIO!NetioDereferenceNetBufferList+88
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NETIO
- IMAGE_NAME: NETIO.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 6e89bcc
- IMAGE_VERSION: 10.0.19041.208
- BUCKET_ID_FUNC_OFFSET: 88
- FAILURE_BUCKET_ID: OLD_IMAGE_NETIO.SYS
- BUCKET_ID: OLD_IMAGE_NETIO.SYS
- PRIMARY_PROBLEM_CLASS: OLD_IMAGE_NETIO.SYS
- TARGET_TIME: 2020-08-03T09:15:55.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:old_image_netio.sys
- FAILURE_ID_HASH: {248567a9-afbb-75e2-4d3a-e2178362efb0}
- Followup: MachineOwner
- ====================== Dump #3: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- May 28 2015 - netr28ux.sys - Ralink Wireless Adapter driver https://www.mediatek.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Mar 19 2019 - nvhda64v.sys - Nvidia HDMI Audio Device http://www.nvidia.com/
- Apr 04 2019 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- May 14 2019 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jul 01 2019 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Oct 02 2019 - nvlddmkm.sys - Nvidia Graphics Card driver http://www.nvidia.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jun 29 2020 - vgk.sys - Vanguard Anti-Cheat driver
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #3: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Mapped memory image file: C:\ProgramData\dbg\sym\netr28ux.sys\55672624229000\netr28ux.sys
- Image path: \SystemRoot\System32\drivers\netr28ux.sys
- Image name: netr28ux.sys
- Search : https://www.google.com/search?q=netr28ux.sys
- ADA Info : Ralink Wireless Adapter driver https://www.mediatek.com/
- Timestamp : Thu May 28 2015
- File version: 5.1.22.0
- Product version: 5.1.22.0
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: MediaTek Inc.
- ProductName: MediaTek 802.11n Wireless Adapters
- InternalName: netr28ux.sys
- OriginalFilename: netr28ux.sys
- ProductVersion: 5.01.22.0000
- FileVersion: 5.01.22.0000
- FileDescription: MediaTek 802.11n Wireless Adapter Driver
- LegalCopyright: MediaTek Inc. (C)2015. All rights reserved.
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Search : https://www.google.com/search?q=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue Mar 19 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Thu Apr 4 2019
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue May 14 2019
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Mon Jul 1 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Search : https://www.google.com/search?q=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Wed Oct 2 2019
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
- Image name: klupd_klif_klark.sys
- Search : https://www.google.com/search?q=klupd_klif_klark.sys
- ADA Info : Kaspersky https://www.kaspersky.com/
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\Program Files\Riot Vanguard\vgk.sys
- Image name: vgk.sys
- Search : https://www.google.com/search?q=vgk.sys
- ADA Info : Vanguard Anti-Cheat driver
- Timestamp : Mon Jun 29 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #3: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpitime.sys ACPI Wake Alarm (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- FsDepends.sys File System Dependency Manager Mini Filter driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- hvservice.sys Hypervisor Boot driver (Microsoft)
- hvsocket.sys Hyper-V Socket Provider (Microsoft)
- hvsocketcontrol.sys Hyper-V Socket Provider Control driver (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxdav.sys Microsoft Windows XP Web Distributed Authoring and Versioning (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- storvsp.sys Storage vsp Driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- usbvideo.sys USB Video Class Driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- vfpext.sys Microsoft Azure VFP Extension (Microsoft)
- vhdmp.sys VHD Miniport driver (Microsoft)
- vhdparser.sys VHD Parser driver (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- vkrnlintvsp.sys Microsoft Hyper-V NT Kernel Integration VSP Driver
- vmbkmclr.sys Hyper-V VMBus Root KMCL (Microsoft)
- vmbusr.sys Microsoft Hyper-V Virtual Machine Bus Root driver (Microsoft)
- VmsProxy.sys VMSwitch Proxy Driver
- VmsProxyHNic.sys VmSwitch NIC Proxy Driver
- vmswitch.sys Network Virtualization Service Provider (Microsoft)
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vpcivsp.sys Virtual PCI VSP driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winnat.sys Windows NAT Driver
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #3: UNLOADED MODULES =======================
- fffff804`13240000 fffff804`13257000 klupd_klif_k
- fffff804`14220000 fffff804`1422b000 klpnpflt.sys
- fffff804`13220000 fffff804`13231000 MSKSSRV.sys
- fffff804`14200000 fffff804`14213000 klkbdflt.sys
- fffff804`14d20000 fffff804`14d32000 kbdhid.sys
- fffff804`13fb0000 fffff804`13fc7000 klupd_klif_k
- fffff804`14220000 fffff804`1422b000 klpnpflt.sys
- fffff804`13f90000 fffff804`13fa1000 MSKSSRV.sys
- fffff804`13f90000 fffff804`13fc8000 VBoxUSBMon.s
- fffff804`13200000 fffff804`13313000 VBoxDrv.sys
- fffff804`12c50000 fffff804`12ca7000 VBoxNetLwf.s
- fffff804`13560000 fffff804`135b3000 VBoxNetAdp6.
- fffff804`14220000 fffff804`1422b000 klpnpflt.sys
- fffff804`13e20000 fffff804`13e31000 MSKSSRV.sys
- fffff804`14d20000 fffff804`14d33000 klkbdflt.sys
- fffff804`14200000 fffff804`14212000 kbdhid.sys
- fffff804`14220000 fffff804`1422b000 klpnpflt.sys
- fffff804`13e00000 fffff804`13e11000 MSKSSRV.sys
- fffff804`13e20000 fffff804`13e33000 klkbdflt.sys
- fffff804`13e00000 fffff804`13e12000 kbdhid.sys
- fffff804`14220000 fffff804`1422b000 klpnpflt.sys
- fffff804`14200000 fffff804`14211000 MSKSSRV.sys
- fffff804`133b0000 fffff804`133e9000 klids.sys
- fffff804`14d20000 fffff804`14d37000 klupd_klif_k
- fffff804`107d0000 fffff804`107ed000 EhStorClass.
- fffff804`12550000 fffff804`1255f000 dump_storpor
- fffff804`125a0000 fffff804`125d3000 dump_storahc
- fffff804`11c00000 fffff804`11c1e000 dump_dumpfve
- fffff804`15a20000 fffff804`15a2b000 klpnpflt.sys
- fffff804`15950000 fffff804`1595c000 WdmCompanion
- fffff804`15a20000 fffff804`15a2b000 klpnpflt.sys
- fffff804`15950000 fffff804`1595b000 klpnpflt.sys
- fffff804`13450000 fffff804`1346c000 dam.sys
- fffff804`10290000 fffff804`102a2000 WdBoot.sys
- fffff804`10280000 fffff804`1028e000 klelam.sys
- fffff804`11430000 fffff804`11440000 hwpolicy.sys
- fffff804`09f70000 fffff804`0a200000 mcupdate.dll
- ====================== Dump #3: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #3: Extra #1 ===========================
- 1: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #3: Extra #2 ===========================
- 1: kd> !thread
- THREAD ffff8804e2fba040 Cid 0004.01f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8040e61143c
- Owning Process ffff8804e2080040 Image: System
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 1395287
- Context Switch Count 53757 IdealProcessor: 3
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- *** WARNING: Unable to verify timestamp for klflt.sys
- *** ERROR: Module load completed but symbols could not be loaded for klflt.sys
- Win32 Start Address klflt (0xfffff804121ef710)
- Stack Init fffff40e5e4e7b90 Current fffff40e5e4e7710
- Base fffff40e5e4e8000 Limit fffff40e5e4e1000 Call 0000000000000000
- Priority 12 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffff40e`5e4e7028 fffff804`0ddefa29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
- fffff40e`5e4e7030 fffff804`0ddebd29 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- fffff40e`5e4e7170 fffff804`10ed8aac : ffff8804`f08f41d0 00000000`00000000 ffff8804`ef8192d0 00000000`00000000 : nt!KiPageFault+0x469 (TrapFrame @ fffff40e`5e4e7170)
- fffff40e`5e4e7300 fffff804`10d25d98 : ffff8804`f190da40 ffff8804`ed80aa70 00000000`00000000 fffff804`10d22504 : tcpip!FlpReturnNetBufferListChain+0x6f71c
- fffff40e`5e4e7360 fffff804`10d25bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff40e`00000000 : NETIO!NetioDereferenceNetBufferList+0x88
- fffff40e`5e4e73b0 fffff804`10e3ae96 : 00000000`00000000 fffff40e`5e4e7400 00000000`00000000 ffff8804`e2cac000 : NETIO!NetioDereferenceNetBufferListChain+0x1c8
- fffff40e`5e4e7430 fffff804`10e3747f : fffff804`10ffa230 ffff8804`e2b3a010 ffff8804`e2cac000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x2b6
- fffff40e`5e4e7530 fffff804`10f617a2 : ffff8804`f005b8a0 ffff8804`ef8192d0 00000000`00000001 00000000`00000000 : tcpip!IppFlcReceivePacketsCore+0x32f
- fffff40e`5e4e7650 fffff804`10f61624 : ffff8804`e2fba040 fffff40e`5e4e7900 fffff40e`5e4e7900 ffff8804`e2b40300 : tcpip!IppInspectInjectReceiveEx+0x172
- fffff40e`5e4e76a0 fffff804`111087b6 : fffff804`111086a0 fffff40e`5e4e7900 00000000`00000000 fffff804`0dc3739e : tcpip!IppInspectInjectReceive+0x24
- fffff40e`5e4e7700 fffff804`0dc37218 : fffff40e`5e4e7900 ffff8804`e2b40360 00000000`00000003 ffff8804`f31afc40 : fwpkclnt!FwppInjectionStackCallout+0x116
- fffff40e`5e4e7790 fffff804`0dc3718d : fffff804`111086a0 fffff40e`5e4e7900 ffff8804`e29a30a0 ffff8804`eeb24e10 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- fffff40e`5e4e7800 fffff804`1110a2b4 : 00000000`00000001 fffff804`110f16e3 ffff8804`f31afc40 fffff804`12b45530 : nt!KeExpandKernelStackAndCalloutEx+0x1d
- fffff40e`5e4e7840 fffff804`11109ea4 : 00000000`00000000 fffff40e`5e4e7979 00000000`00000001 ffff8804`ef8192d0 : fwpkclnt!NetioExpandKernelStackAndCallout+0x58
- fffff40e`5e4e7880 fffff804`12b45685 : ffff8804`e4226f60 ffff8804`f31afc40 ffffffff`00000000 ffff8804`f31afc40 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x304
- fffff40e`5e4e79c0 ffff8804`e4226f60 : ffff8804`f31afc40 ffffffff`00000000 ffff8804`f31afc40 01010101`00000002 : klwfp+0x5685
- fffff40e`5e4e79c8 ffff8804`f31afc40 : ffffffff`00000000 ffff8804`f31afc40 01010101`00000002 00000000`00000001 : 0xffff8804`e4226f60
- fffff40e`5e4e79d0 ffffffff`00000000 : ffff8804`f31afc40 01010101`00000002 00000000`00000001 00000000`0000000d : 0xffff8804`f31afc40
- fffff40e`5e4e79d8 ffff8804`f31afc40 : 01010101`00000002 00000000`00000001 00000000`0000000d 00000000`00000000 : 0xffffffff`00000000
- fffff40e`5e4e79e0 01010101`00000002 : 00000000`00000001 00000000`0000000d 00000000`00000000 ffff8804`00000000 : 0xffff8804`f31afc40
- fffff40e`5e4e79e8 00000000`00000001 : 00000000`0000000d 00000000`00000000 ffff8804`00000000 fffff804`12b45530 : 0x01010101`00000002
- fffff40e`5e4e79f0 00000000`0000000d : 00000000`00000000 ffff8804`00000000 fffff804`12b45530 ffff8804`f31afc40 : 0x1
- fffff40e`5e4e79f8 00000000`00000000 : ffff8804`00000000 fffff804`12b45530 ffff8804`f31afc40 ffff8804`e2fdee70 : 0xd
Add Comment
Please, Sign In to add comment