Server Restarting - Probably Caused By : Bdftdif.sys
I have read other topics on this problem but despite following the following advise
1. Click on Start from Windows and choose Run .
2. Here type ncpa.cpl and click on Ok .
3. Right-click your "Local Area Connection" and choose Properties.
4. Uncheck "BitDefender Firewall NDIS Filter Driver" then click on Ok .
which was found here I am still having the problem.
The dump file shows:
Server Restarting
Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini120409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) UP Free x64
Product: Server, suite: TerminalServer SingleUserTS Blade
Machine Name:
Kernel base = 0xfffff800`01a01000 PsLoadedModuleList = 0xfffff800`01bc5dd0
Debug session time: Fri Dec 4 12:02:51.189 2009 (GMT+0)
System Uptime: 4 days 13:00:11.750
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffffa8006287000, 2, 0, fffffa60026355e2}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to load image \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for bdftdif.sys
*** ERROR: Module load completed but symbols could not be loaded for bdftdif.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : bdftdif.sys ( bdftdif+165e2 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffa8006287000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffffa60026355e2, address which referenced memory
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: bdftdif
FAULTING_MODULE: fffff80001a01000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a081722
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
fffffa8006287000
CURRENT_IRQL: 0
FAULTING_IP:
bdftdif+165e2
fffffa60`026355e2 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from fffff80001a5b1ee to fffff80001a5b450
STACK_TEXT:
fffffa60`032995e8 fffff800`01a5b1ee : 00000000`0000000a fffffa80`06287000 00000000`00000002 00000000`00000000 : nt+0x5a450
fffffa60`032995f0 00000000`0000000a : fffffa80`06287000 00000000`00000002 00000000`00000000 fffffa60`026355e2 : nt+0x5a1ee
fffffa60`032995f8 fffffa80`06287000 : 00000000`00000002 00000000`00000000 fffffa60`026355e2 fffffa80`03639f20 : 0xa
fffffa60`03299600 00000000`00000002 : 00000000`00000000 fffffa60`026355e2 fffffa80`03639f20 00000000`00000000 : 0xfffffa80`06287000
fffffa60`03299608 00000000`00000000 : fffffa60`026355e2 fffffa80`03639f20 00000000`00000000 00000000`00000000 : 0x2
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
bdftdif+165e2
fffffa60`026355e2 ?? ???
SYMBOL_NAME: bdftdif+165e2
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: bdftdif.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Can anyone help please as I am lost as to what to do next?
Thanks in advance.
Mark
Comments
-
Hello magicmarkuk,
In order to solve this issue please upgrade to our latest version of BitDefender following the steps from the next thread.
Thank you.0
