Driver IRQL not less or equal, tcpip.sys

can someone help me? dont install anything today ~~
dump files attached

thanks before :D

i'm running windows 7 32-bit


Last edited:


Noob Whisperer
Uninstall Daemon Tools / Daemon Tools lite, then run this program from here DuplexSecure - Downloads (get the correct version for your architecture) download, run and click UNINSTALL button to get rid of this driver "sptd.sys".
It looks like something is playing havoc with your network stack so see what you can find for this driver
ipfnd51.sys 3/18/2009 ASUS NX1001 Network Adapter. Update, or uninstall / remove and upgrade to something a little more mainstream and current.
You also have another strange driver which I cannot identify;
ar2lxb5c.SYS 12/27/2011 Nothing on Google or Bing, SO....
If you have any reason to suspect an infection then grab a blank CD and this program What is Windows Defender Offline? (get the correct version for your architecture) boot your computer from the CD that the program creates for you and run FULL system scan. The program defaults to QUICK scan so make sure you run a FULL scan.
BugCheck D1, {10, 2, 1, 8946fe8f}
[U][B]Unable to load image \SystemRoot\system32\DRIVERS\EpfwLWF.sys[/B][/U], Win32 error 0n2  ([COLOR=#b22222][U][B]This is your ESET product driver and probably not the actual culprit[/B][/U][/COLOR])
*** WARNING: Unable to verify timestamp for EpfwLWF.sys
*** ERROR: Module load completed but symbols could not be loaded for EpfwLWF.sys
[U][B]Unable to load image \SystemRoot\system32\DRIVERS\ipfnd51.sys, Win32 error 0n2[/B][/U]  ([COLOR=#b22222][U][B]This is your network adapter driver and more likely the problem[/B][/U][/COLOR])
*** WARNING: Unable to verify timestamp for [COLOR=#ff0000][U][B]ipfnd51.sys[/B][/U][/COLOR]
*** ERROR: Module load completed but symbols could not be loaded for [COLOR=#ff0000][U][B]ipfnd51.sys[/B][/U][/COLOR]
Probably caused by : tcpip.sys ( tcpip!TcpBeginTcbSend+9f6 )
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arg1: 00000010, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8946fe8f, address which referenced memory
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 82fa2848
Unable to read MiSystemVaType memory at 82f81e20
8946fe8f f00fc111        lock xadd dword ptr [ecx],edx
TRAP_FRAME:  807e21e8 -- (.trap 0xffffffff807e21e8)
ErrCode = 00000002
eax=00000001 ebx=8553c050 ecx=00000010 edx=00000001 esi=8544d7e0 edi=807e227c
eip=8946fe8f esp=807e225c ebp=807e2384 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
8946fe8f f00fc111        lock xadd dword ptr [ecx],edx ds:0023:00000010=????????
Resetting default scope
LAST_CONTROL_TRANSFER:  from 8946fe8f to 82e7a65b
807e21e8 8946fe8f badb0d00 00000001 00000000 nt!KiTrap0E+0x2cf
807e2384 89468cf6 8553c050 00000000 00000001 tcpip!TcpBeginTcbSend+0x9f6
807e24e8 894871f6 8553c050 00000002 00000001 tcpip!TcpTcbSend+0x426
807e2538 89477f8a 00000001 00000000 86ae6616 tcpip!TcpFlushDelay+0x1f1
807e254c 8947e002 00000001 00000001 00000000 tcpip!TcpExitReceiveDpc+0x61
807e2584 8947e03b 86033eb8 8602c000 0000bb01 tcpip!TcpPreValidatedReceive+0x29b
807e25a0 89478355 86033eb8 8602c000 807e25dc tcpip!TcpReceive+0x2d
807e25b0 8948059b 807e25c4 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
807e25dc 8947fee6 894f8f90 807e2630 c000023e tcpip!IppDeliverListToProtocol+0x49
807e25fc 8947e2a8 894f8da0 00000006 807e2630 tcpip!IppProcessDeliverList+0x2a
807e2654 8947fd8f 894f8da0 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
807e26e8 8948e1db 862c8c00 00000000 00000001 tcpip!IpFlcReceivePackets+0xbe5
807e2764 8948880d 86ea4008 862fa6f0 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
807e2798 82ec25f4 862fa6f0 a667f5d8 860258e0 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
807e2800 8948897b 894886ef 807e2828 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
807e283c 8916e18d 86ea4002 862fa600 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
807e2874 8915c5be 86e56aa8 862fa6f0 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
807e289c 8915c4b2 00000000 00000000 86e32040 ndis!ndisIndicateSortedNetBufferLists+0x4a
807e2a18 89107c1d 868cd0e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
807e2a34 8913856a 868cd0e0 862fa6f0 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
807e2a50 89138504 86e31518 862fa6f0 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
807e2a6c 8f6b8aad 86e31518 862fa6f0 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
WARNING: Stack unwind information not available. Following frames may be wrong.
807e2ae8 8f6b75eb 862fa6f0 00000000 00000001 EpfwLWF+0x3aad
807e2b00 89173e94 86e32040 862fa6f0 00000000 EpfwLWF+0x25eb
807e2b4c 9121b464 028cd0e0 807e2bbc 00000001 ndis!ndisMIndicatePacketsToNetBufferLists+0xea
807e2c1c 9121b805 00000001 86a64744 868cd0e0 [COLOR=#ff0000][U][B]ipfnd51[/B][/U][/COLOR]+0x3464
807e2c34 8916cce7 94ba0400 86a64744 868cd0e0 [COLOR=#ff0000][U][B]ipfnd51[/B][/U][/COLOR]+0x3805
807e2c58 8913e020 86a64758 00a64744 00000000 ndis!ndisMDpcX+0x89
807e2c78 82eb11b5 86a64758 86a64744 00000000 ndis!ndis5InterruptDpc+0x92
807e2cd4 82eb1018 807c6120 807cb800 00000000 nt!KiExecuteAllDpcs+0xf9
807e2d20 82eb0e38 00000000 0000000e aaaaaaaa nt!KiRetireDpcList+0xd5
807e2d24 00000000 0000000e aaaaaaaa aaaaaaaa nt!KiIdleLoop+0x38
8946fe8f f00fc111        lock xadd dword ptr [ecx],edx
SYMBOL_NAME:  tcpip!TcpBeginTcbSend+9f6
FOLLOWUP_NAME:  MachineOwner
IMAGE_NAME:  tcpip.sys
FAILURE_BUCKET_ID:  0xD1_tcpip!TcpBeginTcbSend+9f6
BUCKET_ID:  0xD1_tcpip!TcpBeginTcbSend+9f6

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.