BSOD -- need help understanding minidump

[fastartcee]

I have been averaging one bsod every three or four days for the past three
weeks. I've done a minidump of the last crash and then used the debugging
tool, which indicated that the "probable cause" was fwpkclnt.sys, but I don't
know what to do about it.

I also did the "kd> !analyze -v" command; all the debugging results are below.

Thanks for any help.

Art
======================================

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini030408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Tue Mar 4 20:02:27.027 2008 (GMT-8)
System Uptime: 1 days 12:15:25.727
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {98, 2, 0, 8c175f5b}

Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for
vsdatant.sys


Probably caused by : fwpkclnt.sys (
fwpkclnt!FwpsInjectTransportSendAsync0+220 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000098, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8c175f5b, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
00000098

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!IppProcessRawData+3c
8c175f5b f6401801 test byte ptr [eax+18h],1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: vsmon.exe

LAST_CONTROL_TRANSFER: from 8c196e50 to 8c175f5b

STACK_TEXT:
96c55904 8c196e50 8c1e29c8 96c55a8c 96c55980 tcpip!IppProcessRawData+0x3c
96c55a64 8c1c032f 00000000 00000007 8c1e29c8 tcpip!IppSendDatagramsCommon+0xbb
96c55afc 8c119e9d 00000000 00000007 86828408 tcpip!IppInspectInjectTlSend+0xd7
96c55b58 8c040dba 86fdd058 00000000 00001c97
fwpkclnt!FwpsInjectTransportSendAsync0+0x220
WARNING: Stack unwind information not available. Following frames may be
wrong.
96c55ba8 8c03e51e 8697a550 84230f80 84230f84 vsdatant+0x26dba
96c55bbc 8c04413e 021eee58 00000001 84230f80 vsdatant+0x2451e
96c55be0 8c0444f0 86760340 00000001 021eee58 vsdatant+0x2a13e
96c55c18 8c043413 86733098 84230f68 86733098 vsdatant+0x2a4f0
96c55c2c 81c27f83 86733098 84230f68 84230f68 vsdatant+0x29413
96c55c44 81d88f37 86760340 84230f68 84230fd8 nt!IofCallDriver+0x63
96c55c64 81d89efb 86733098 86760340 021eee00
nt!IopSynchronousServiceTail+0x1e0
96c55d00 81d8ee55 86733098 84230f68 00000000 nt!IopXxxControlFile+0x6b7
96c55d34 81c8caaa 00000274 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
96c55d34 77c90f34 00000274 00000000 00000000 nt!KiFastCallEntry+0x12a
021eedf0 00000000 00000000 00000000 00000000 0x77c90f34


STACK_COMMAND: kb

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
8c119e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner
---------

0: kd> lmvm fwpkclnt
start end module name
8c115000 8c12e000 fwpkclnt (pdb symbols)
c:\symbols\fwpkclnt.pdb\0CDD1AD5ACD047479C8FB2FAC02E87B01\fwpkclnt.pdb
Loaded symbol image file: fwpkclnt.sys
Mapped memory image file:
c:\symbols\fwpkclnt.sys\4549B2F619000\fwpkclnt.sys
Image path: fwpkclnt.sys
Image name: fwpkclnt.sys
Timestamp: Thu Nov 02 01:57:26 2006 (4549B2F6)
CheckSum: 0002402A
ImageSize: 00019000
File version: 6.0.6000.16386
Product version: 6.0.6000.16386
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fwpkclnt.sys
OriginalFilename: fwpkclnt.sys
ProductVersion: 6.0.6000.16386
FileVersion: 6.0.6000.16386 (vista_rtm.061101-2205)
FileDescription: FWP/IPsec Kernel-Mode API
LegalCopyright: © Microsoft Corporation. All rights reserved.


=====================================

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
8c119e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner
---------

 

[fastartcee]

I forgot to mention these recent installations:
- HP Windows Home Server (seems to be operating okay)
- I'm trying out Firefox 3 Beta 3 (which seems to run okay, but I have had
crashes)

Also, I'm using:
- AVG for anti-virus
- Zone Alarm for firewall

 

[AJR]

Goggle "vsdatant.sys.

I have been averaging one bsod every three or four days for the past three
weeks. I've done a minidump of the last crash and then used the debugging
tool, which indicated that the "probable cause" was fwpkclnt.sys, but I
don't
know what to do about it.

I also did the "kd> !analyze -v" command; all the debugging results are
below.

Thanks for any help.

Art
======================================

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini030408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Tue Mar 4 20:02:27.027 2008 (GMT-8)
System Uptime: 1 days 12:15:25.727
Loading Kernel Symbols
..........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {98, 2, 0, 8c175f5b}

Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for
vsdatant.sys


Probably caused by : fwpkclnt.sys (
fwpkclnt!FwpsInjectTransportSendAsync0+220 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000098, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8c175f5b, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
00000098

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!IppProcessRawData+3c
8c175f5b f6401801 test byte ptr [eax+18h],1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: vsmon.exe

LAST_CONTROL_TRANSFER: from 8c196e50 to 8c175f5b

STACK_TEXT:
96c55904 8c196e50 8c1e29c8 96c55a8c 96c55980 tcpip!IppProcessRawData+0x3c
96c55a64 8c1c032f 00000000 00000007 8c1e29c8
tcpip!IppSendDatagramsCommon+0xbb
96c55afc 8c119e9d 00000000 00000007 86828408
tcpip!IppInspectInjectTlSend+0xd7
96c55b58 8c040dba 86fdd058 00000000 00001c97
fwpkclnt!FwpsInjectTransportSendAsync0+0x220
WARNING: Stack unwind information not available. Following frames may be
wrong.
96c55ba8 8c03e51e 8697a550 84230f80 84230f84 vsdatant+0x26dba
96c55bbc 8c04413e 021eee58 00000001 84230f80 vsdatant+0x2451e
96c55be0 8c0444f0 86760340 00000001 021eee58 vsdatant+0x2a13e
96c55c18 8c043413 86733098 84230f68 86733098 vsdatant+0x2a4f0
96c55c2c 81c27f83 86733098 84230f68 84230f68 vsdatant+0x29413
96c55c44 81d88f37 86760340 84230f68 84230fd8 nt!IofCallDriver+0x63
96c55c64 81d89efb 86733098 86760340 021eee00
nt!IopSynchronousServiceTail+0x1e0
96c55d00 81d8ee55 86733098 84230f68 00000000 nt!IopXxxControlFile+0x6b7
96c55d34 81c8caaa 00000274 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
96c55d34 77c90f34 00000274 00000000 00000000 nt!KiFastCallEntry+0x12a
021eedf0 00000000 00000000 00000000 00000000 0x77c90f34


STACK_COMMAND: kb

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
8c119e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner
---------

0: kd> lmvm fwpkclnt
start end module name
8c115000 8c12e000 fwpkclnt (pdb symbols)
c:\symbols\fwpkclnt.pdb\0CDD1AD5ACD047479C8FB2FAC02E87B01\fwpkclnt.pdb
Loaded symbol image file: fwpkclnt.sys
Mapped memory image file:
c:\symbols\fwpkclnt.sys\4549B2F619000\fwpkclnt.sys
Image path: fwpkclnt.sys
Image name: fwpkclnt.sys
Timestamp: Thu Nov 02 01:57:26 2006 (4549B2F6)
CheckSum: 0002402A
ImageSize: 00019000
File version: 6.0.6000.16386
Product version: 6.0.6000.16386
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fwpkclnt.sys
OriginalFilename: fwpkclnt.sys
ProductVersion: 6.0.6000.16386
FileVersion: 6.0.6000.16386 (vista_rtm.061101-2205)
FileDescription: FWP/IPsec Kernel-Mode API
LegalCopyright: © Microsoft Corporation. All rights reserved.


=====================================

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
8c119e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner

 

[C.B.]

I forgot to mention these recent installations:
- HP Windows Home Server (seems to be operating okay)
- I'm trying out Firefox 3 Beta 3 (which seems to run okay, but I have
had
crashes)

Also, I'm using:
- AVG for anti-virus
- Zone Alarm for firewall

fastartcee,

Uninstall your ZoneAlarm and use the native Windows firewall or get
another third party firewall. ZoneAlarm is not compatible with Vista
regardless of what ZoneAlarm says to the contrary.

C.B.

 

[alexB]

STICK WITH MICROSOFT!!!!!!!!!!!!!!!!!!!!!!!!!!!

My policy is not to use any 3-rd party anti-malware except Spybot S&D.
Windows Vista offers sufficient protection against malicious software
writers some of them I am sure watch this forum very carefully.

Download Microsoft Windows Baseline Security Analyzer. It is Beta 2.1 for
Vista and I think it is safe to download. Run it.

<http://www.microsoft.com/downloads/...AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en>

It will give you all your vulnerabilities, especially in your firewall
settings. You should read the report and if it suggests any changes, you
should consider them.
Your Windows firewall setting will be analyzed.

Download Microsoft® Windows® Malicious Software Removal Tool (KB890830). It
will want to run upon install. Choose the FULL scan although it may give you
a threatening message that it might take a few hours. It will scan your
entire computer in about half an hour or less if you do not have a lot of
stuff in it.

<http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en>

Some reassuring information: Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/default.mspx>
The Microsoft Windows Malicious Software Removal Tool helps remove specific,
prevalent malicious software from computers that are running Windows Vista,
Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/?kbid=890830

You can also go to Protection Center (Microsoft)
<http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt>
and click "Protection Scan." There will be a dropdown menu and a button:
"Launch Full Scan or Vista." You can do it if you wish.

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be asked
for donations but it is up to you. It is very up to date and every week you
will have to download new updates, sometimes even more often. You should
check for updates every time you run it. It will give you all su*kers
leached into your registry and ask you if you wanted to remove them. Many of
them have masqueraded themselves under MS Windows names like
Windows.something. Do not hesitate to kill them all. You can trust SB S&D.

http://www.spybot.info/en/index.html
http://www.spybot.info/en/spybotsd/index.html

It also allows you to IMMUNIZE your system. It means that when you go to a
website and they try to download some kind of a Trojan to you SB S&D will
either kill it silently, or ask you if you want to do it or will kill it and
give you a notice. It is better to let it kill them all in silence.

Exerpts from SB S&D website

<quote starts>
Spybot - Search & Destroy detects and removes spyware, a relatively new
kind of threat not yet covered by common anti-virus applications. Spyware
silently tracks your surfing behaviour to create a marketing profile for you
that is transmitted without your knowledge to the compilers and sold to
advertising companies. If you see new toolbars in your Internet Explorer
that you haven't intentionally installed, if your browser crashes
inexplicably, or if your home page has been "hijacked" (or changed without
your knowledge), your computer is most probably infected with spyware. Even
if you don't see the symptoms, your computer may be infected, because more
and more spyware is emerging. Spybot-S&D is free, so there's no harm giving
it a try to see if something has invaded your computer.

To see a list of threats Spybot-S&D can remove, in the navigation bar at the
left click on Support --> Threats. For an introduction to Spybot-S&D, please
read the tutorial. If you fear incompatibility with other software you are
now using, although we can assure you that there is no danger you can review
our compatibility overview which lists some software whose compatibility has
been analyzed.

Spybot-S&D can also clean usage tracks, an interesting function if you share
your computer with other users and don't want them to see what you have been
working on. And for professional users, Spybot-S&D allows you to fix some
registry inconsistencies and extended reports. A list of all the
application's features is also available.
<End of quote>

After you installed SB S&D Windows IE will *****integrate***** it into its
Tools Menu. In the right upper corner of IE click Tools and you will see
Spybot Search And destroy configuration item. Click on it and it will give
you options to deal with the threats that are being downloaded.


Listen to Mark Russinovich's (MS) webcast: Advanced Malware Cleaning

<http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359>

Downloading any 3-rd party "free" anti-spyware program (with teh exception
SB S&D) is an invitation for a disaster.

The AV (antivirus industry) is on the way to the cemetery:
The slow death of AV technology:
http://www.theregister.co.uk/2007/06/08/death_of_av/
Vista did it in.
Last note: it has been suggested around here by some unscrupulous trolls
that the Microsoft Malicious Software Removal Tool (MSRT) and SB S&D do not
clean the registry. MSRT and SB S&D work on different principles. MSRT in
full mode reads RAM memory and detects patterns in the files that match
known viruses and other malware configuraions. This is why it takes so long
to run. If malicious code is detected it is also quite likely that it has a
representation in the registry. The only way to remove a particular piece of
malware is to CLEAN the registry off of this key.
SB S&D works by going thru the registry and locating known names that match
its database of malicious software. After all culprits are found the user is
asked if he/she want to remove the malicious software. If you say OK, then
the registry IS CLEANED of this set of malicious execs. The execs themselves
are killed in the respective folders.
In this sense both tools do CLEAN the registry. They do not do any
"housekeeping" which is absolutely superfluous and unnecessary. It is NOT
recommended by MS and most of the experienced users as well.

*******************************
Additional security measure
To prevent unauthorized breaks into your computer, go to Computer
management, and disable Disable "Internet Guest Account." Make sure "Guest"
account is disabled. It should be disabled by default.

I have been averaging one bsod every three or four days for the past three
weeks. I've done a minidump of the last crash and then used the debugging
tool, which indicated that the "probable cause" was fwpkclnt.sys, but I
don't
know what to do about it.

I also did the "kd> !analyze -v" command; all the debugging results are
below.

Thanks for any help.

Art
======================================

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini030408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Tue Mar 4 20:02:27.027 2008 (GMT-8)
System Uptime: 1 days 12:15:25.727
Loading Kernel Symbols
..........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {98, 2, 0, 8c175f5b}

Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for
vsdatant.sys


Probably caused by : fwpkclnt.sys (
fwpkclnt!FwpsInjectTransportSendAsync0+220 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000098, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8c175f5b, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
00000098

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!IppProcessRawData+3c
8c175f5b f6401801 test byte ptr [eax+18h],1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: vsmon.exe

LAST_CONTROL_TRANSFER: from 8c196e50 to 8c175f5b

STACK_TEXT:
96c55904 8c196e50 8c1e29c8 96c55a8c 96c55980 tcpip!IppProcessRawData+0x3c
96c55a64 8c1c032f 00000000 00000007 8c1e29c8
tcpip!IppSendDatagramsCommon+0xbb
96c55afc 8c119e9d 00000000 00000007 86828408
tcpip!IppInspectInjectTlSend+0xd7
96c55b58 8c040dba 86fdd058 00000000 00001c97
fwpkclnt!FwpsInjectTransportSendAsync0+0x220
WARNING: Stack unwind information not available. Following frames may be
wrong.
96c55ba8 8c03e51e 8697a550 84230f80 84230f84 vsdatant+0x26dba
96c55bbc 8c04413e 021eee58 00000001 84230f80 vsdatant+0x2451e
96c55be0 8c0444f0 86760340 00000001 021eee58 vsdatant+0x2a13e
96c55c18 8c043413 86733098 84230f68 86733098 vsdatant+0x2a4f0
96c55c2c 81c27f83 86733098 84230f68 84230f68 vsdatant+0x29413
96c55c44 81d88f37 86760340 84230f68 84230fd8 nt!IofCallDriver+0x63
96c55c64 81d89efb 86733098 86760340 021eee00
nt!IopSynchronousServiceTail+0x1e0
96c55d00 81d8ee55 86733098 84230f68 00000000 nt!IopXxxControlFile+0x6b7
96c55d34 81c8caaa 00000274 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
96c55d34 77c90f34 00000274 00000000 00000000 nt!KiFastCallEntry+0x12a
021eedf0 00000000 00000000 00000000 00000000 0x77c90f34


STACK_COMMAND: kb

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
8c119e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner
---------

0: kd> lmvm fwpkclnt
start end module name
8c115000 8c12e000 fwpkclnt (pdb symbols)
c:\symbols\fwpkclnt.pdb\0CDD1AD5ACD047479C8FB2FAC02E87B01\fwpkclnt.pdb
Loaded symbol image file: fwpkclnt.sys
Mapped memory image file:
c:\symbols\fwpkclnt.sys\4549B2F619000\fwpkclnt.sys
Image path: fwpkclnt.sys
Image name: fwpkclnt.sys
Timestamp: Thu Nov 02 01:57:26 2006 (4549B2F6)
CheckSum: 0002402A
ImageSize: 00019000
File version: 6.0.6000.16386
Product version: 6.0.6000.16386
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fwpkclnt.sys
OriginalFilename: fwpkclnt.sys
ProductVersion: 6.0.6000.16386
FileVersion: 6.0.6000.16386 (vista_rtm.061101-2205)
FileDescription: FWP/IPsec Kernel-Mode API
LegalCopyright: © Microsoft Corporation. All rights reserved.


=====================================

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
8c119e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner

 

[Alias]

STICK WITH MICROSOFT!!!!!!!!!!!!!!!!!!!!!!!!!!!

Ant then the Nazi scum recommends a product that isn't from Microsoft of
Safenetworking for that matter:

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees. You may be
asked for donations but it is up to you. It is very up to date and every
week you will have to download new updates, sometimes even more often.
You should check for updates every time you run it. It will give you all
su*kers leached into your registry and ask you if you wanted to remove
them. Many of them have masqueraded themselves under MS Windows names
like Windows.something. Do not hesitate to kill them all. You can trust
SB S&D.

http://www.spybot.info/en/index.html
http://www.spybot.info/en/spybotsd/index.html

The above web sites are NOT for Spybot, Search and Destroy so if you
download it, there's no telling what you are really downloading.

Don't pay attention to this Nazi scum. He is completely wrong about
*everything* and following this Nazi scum's advice could really screw up
your computer.

Alias

 

[alexB]

You are a criminal, a disinformation, a public enemy, a scoundrel!

You are an Arab, a terrorist supporter!

Spybot S&Dis a proven entity. It is figured in MS Vista registry: HKEY_LOCAL
MACHINE \ SOFTWARE\MICROSOFT \ Windows \ Current Version \ Internet Settings
\ Zone Map \ Domains \ reviewsit.net \ www.spybot

 

[Alias]

You are a criminal, a disinformation, a public enemy, a scoundrel!

Look who's talking!

You are an Arab, a terrorist supporter!

False and libelous.

Spybot S&Dis a proven entity. It is figured in MS Vista registry:
HKEY_LOCAL MACHINE \ SOFTWARE\MICROSOFT \ Windows \ Current Version \
Internet Settings \ Zone Map \ Domains \ reviewsit.net \ www.spybot

Gosh, spyware lives in the registry? Really? LOL!

The real Spybot, Search and Destroy web site:

http://www.safer-networking.org/en/index.html

You are the most dangerous poster I ever have seen on MS newsgroups and
I am sure you will be banned soon. Buh bye.

Alias

 

[the wharf rat]

STICK WITH MICROSOFT!!!!!!!!!!!!!!!!!!!!!!!!!!!

Your Windows firewall setting will be analyzed.

Windows Firewall is a useless piece of crap.

Download and install Spybot Search & Destroy, a great piece of software
which is free for individuals but corporations pay fees.

How can you recommend free software? It could have all kinds
of viruses and trojans. And where will the poor user go for support?
I bet you work for those spyware people.

 

[fastartcee]

Thanks, C.B. I have done a clean uninstall of ZoneAlarm, and now I'll
monitor things for a week or so to see if this has solved my problem.

Art