none
Windows 7 blue screen (with minidump)

    Question

  • I'm getting a blue screen when booting windows 7 home edition, 64bit.  It gets to the point when the user icons appear for logging in and then blue screens on ndis.sys (sometimes just before the icons appear, sometimes a second or two after they appear).  It boots ok in safe mode, but not safe mode with networking.

    The bugcheck code is 0xd1.

    The "minidump" file is at:

    https://docs.google.com/leaf?id=0B9Do_DR123w6MmRjMGEzY2EtN2Q4ZC00ZDNmLWI4YjgtNDdkZWJiZTU5MzZh&hl=en&authkey=CKvutPID

    The memory dump file (345mb) is at:

    https://docs.google.com/leaf?id=0B9Do_DR123w6NzU5YjIwOGEtMmY1NC00NjE5LTkzMzMtOTg0YjYzMDU0ZWE2&hl=en&authkey=CKK0xZkI

    Background: Hadn't rebooted recently (maybe weeks), but things were starting to slow down so I did a restart.  It then started installing updates, but was stuck on "1 of 25" for about 15 minutes.  Thinking there must be a problem I forced a shutdown.  The blue screen then started appearing after rebooting.  Not sure if the forced shutdown caused the problem, or something else that was done since the last restart.

    Tried several things in safe mode:

    - Uninstalled some Cisco VPN devices in device manager

    - Disabled some unused "IR" drivers in device manager

    - Tried going back to several system restore points, from earlier today to several weeks ago (the oldest available)

    Nothing has changed the blue screen behavior.

    Thanks for any help.


    • Edited by pointzerotwo Thursday, April 14, 2011 12:14 PM Added minidump file
    Thursday, April 14, 2011 3:46 AM

Answers

  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000010, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff8800166aa26, address which referenced memory
    Debugging Details:
    ------------------
    READ_ADDRESS:  0000000000000010 
    CURRENT_IRQL:  2
    FAULTING_IP: 
    ndis!NdisFreeTimerObject+16
    fffff880`0166aa26 488b5310        mov     rdx,qword ptr [rbx+10h]
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    TRAP_FRAME:  fffff880035188b0 -- (.trap 0xfffff880035188b0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff880016a1ac8
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800166aa26 rsp=fffff88003518a40 rbp=fffff8000307e600
     r8=0000000000011120  r9=0000000000000000 r10=fffff80002e61000
    r11=fffffa8007e37030 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    ndis!NdisFreeTimerObject+0x16:
    fffff880`0166aa26 488b5310        mov     rdx,qword ptr [rbx+10h] ds:c490:0010=????????????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff80002ee0be9 to fffff80002ee1640
    STACK_TEXT:  
    fffff880`03518768 fffff800`02ee0be9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`03518770 fffff800`02edf860 : fffffa80`060b3400 00000000`00000801 fffffa80`07e5d000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`035188b0 fffff880`0166aa26 : fffffa80`0254c9e0 fffffa80`06dbb558 fffffa80`07e38440 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`03518a40 fffff880`0c85a297 : fffffa80`07e38440 fffff880`0c87032f fffff880`0c96f100 fffff880`0c96f0f0 : ndis!NdisFreeTimerObject+0x16
    fffff880`03518a70 fffff880`0c85a4f3 : fffffa80`07e372c0 fffffa80`03710000 fffffa80`05ae4050 fffff880`0c85d878 : athrx+0x2e297
    fffff880`03518aa0 fffff880`0c85d0c9 : fffffa80`07e37030 00000000`00000000 00000000`00000000 fffffa80`07e37000 : athrx+0x2e4f3
    fffff880`03518ad0 fffff880`0c85d069 : fffffa80`07e37030 fffff800`00000001 00000000`536c7452 00000000`00000010 : athrx+0x310c9
    fffff880`03518b00 fffff880`0c84b386 : fffffa80`064f5770 fffff880`03518b98 fffff880`009b1180 fffffa80`06629030 : athrx+0x31069
    fffff880`03518b70 fffff880`0c841ff4 : fffffa80`064f5770 00000000`00000001 fffff880`03518c10 00000000`00000000 : athrx+0x1f386
    fffff880`03518bc0 fffff880`0c841eae : fffffa80`064f5770 fffff880`03556e40 fffffa80`07eb4ae0 00000000`00000000 : athrx+0x15ff4
    fffff880`03518c40 fffff800`031d7f33 : fffffa80`064f5770 fffffa80`04f09080 fffffa80`05bbf1c0 fffffa80`0254c9e0 : athrx+0x15eae
    fffff880`03518c80 fffff800`02eeba21 : fffff800`0307e600 fffff800`031d7f01 fffffa80`0254c900 fffffa80`07e994a0 : nt!IopProcessWorkItem+0x23
    fffff880`03518cb0 fffff800`0317ecce : df94df94`d7e0d7e0 fffffa80`0254c9e0 00000000`00000080 fffffa80`02441840 : nt!ExpWorkerThread+0x111
    fffff880`03518d40 fffff800`02ed2fe6 : fffff880`03383180 fffffa80`0254c9e0 fffff880`0338e0c0 0a5d0a5d`f17bf17b : nt!PspSystemThreadStartup+0x5a
    fffff880`03518d80 00000000`00000000 : fffff880`03519000 fffff880`03513000 fffff880`03518740 00000000`00000000 : nt!KxStartSystemThread+0x16
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    athrx+2e297
    fffff880`0c85a297 4883c428        add     rsp,28h
    SYMBOL_STACK_INDEX:  4
    SYMBOL_NAME:  athrx+2e297
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: athrx
    IMAGE_NAME:  athrx.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a2997be
    FAILURE_BUCKET_ID:  X64_0xD1_athrx+2e297
    BUCKET_ID:  X64_0xD1_athrx+2e297
    Followup: MachineOwner
    ---------
    0: kd> lmvm athrx
    start             end                 module name
    fffff880`0c82c000 fffff880`0c99a000   athrx      (no symbols)           
        Loaded symbol image file: athrx.sys
        Image path: \SystemRoot\system32\DRIVERS\athrx.sys
        Image name: athrx.sys
        Timestamp:        Sat Jun 06 00:10:06 2009 (4A2997BE)
        CheckSum:         0016EDA1
        ImageSize:        0016E000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    ||||||||||||||||||
    Your BSOD was caused by athrx.sys. It belongs to prevx.
    I see that the last update was in 2009.
    Please update it or uninstall it. If this does not help, contact Prevx Technical Support.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner

    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Thursday, April 14, 2011 2:36 PM

All replies

  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000010, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff8800166aa26, address which referenced memory
    Debugging Details:
    ------------------
    READ_ADDRESS:  0000000000000010 
    CURRENT_IRQL:  2
    FAULTING_IP: 
    ndis!NdisFreeTimerObject+16
    fffff880`0166aa26 488b5310        mov     rdx,qword ptr [rbx+10h]
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    TRAP_FRAME:  fffff880035188b0 -- (.trap 0xfffff880035188b0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff880016a1ac8
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800166aa26 rsp=fffff88003518a40 rbp=fffff8000307e600
     r8=0000000000011120  r9=0000000000000000 r10=fffff80002e61000
    r11=fffffa8007e37030 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    ndis!NdisFreeTimerObject+0x16:
    fffff880`0166aa26 488b5310        mov     rdx,qword ptr [rbx+10h] ds:c490:0010=????????????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff80002ee0be9 to fffff80002ee1640
    STACK_TEXT:  
    fffff880`03518768 fffff800`02ee0be9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`03518770 fffff800`02edf860 : fffffa80`060b3400 00000000`00000801 fffffa80`07e5d000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`035188b0 fffff880`0166aa26 : fffffa80`0254c9e0 fffffa80`06dbb558 fffffa80`07e38440 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`03518a40 fffff880`0c85a297 : fffffa80`07e38440 fffff880`0c87032f fffff880`0c96f100 fffff880`0c96f0f0 : ndis!NdisFreeTimerObject+0x16
    fffff880`03518a70 fffff880`0c85a4f3 : fffffa80`07e372c0 fffffa80`03710000 fffffa80`05ae4050 fffff880`0c85d878 : athrx+0x2e297
    fffff880`03518aa0 fffff880`0c85d0c9 : fffffa80`07e37030 00000000`00000000 00000000`00000000 fffffa80`07e37000 : athrx+0x2e4f3
    fffff880`03518ad0 fffff880`0c85d069 : fffffa80`07e37030 fffff800`00000001 00000000`536c7452 00000000`00000010 : athrx+0x310c9
    fffff880`03518b00 fffff880`0c84b386 : fffffa80`064f5770 fffff880`03518b98 fffff880`009b1180 fffffa80`06629030 : athrx+0x31069
    fffff880`03518b70 fffff880`0c841ff4 : fffffa80`064f5770 00000000`00000001 fffff880`03518c10 00000000`00000000 : athrx+0x1f386
    fffff880`03518bc0 fffff880`0c841eae : fffffa80`064f5770 fffff880`03556e40 fffffa80`07eb4ae0 00000000`00000000 : athrx+0x15ff4
    fffff880`03518c40 fffff800`031d7f33 : fffffa80`064f5770 fffffa80`04f09080 fffffa80`05bbf1c0 fffffa80`0254c9e0 : athrx+0x15eae
    fffff880`03518c80 fffff800`02eeba21 : fffff800`0307e600 fffff800`031d7f01 fffffa80`0254c900 fffffa80`07e994a0 : nt!IopProcessWorkItem+0x23
    fffff880`03518cb0 fffff800`0317ecce : df94df94`d7e0d7e0 fffffa80`0254c9e0 00000000`00000080 fffffa80`02441840 : nt!ExpWorkerThread+0x111
    fffff880`03518d40 fffff800`02ed2fe6 : fffff880`03383180 fffffa80`0254c9e0 fffff880`0338e0c0 0a5d0a5d`f17bf17b : nt!PspSystemThreadStartup+0x5a
    fffff880`03518d80 00000000`00000000 : fffff880`03519000 fffff880`03513000 fffff880`03518740 00000000`00000000 : nt!KxStartSystemThread+0x16
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    athrx+2e297
    fffff880`0c85a297 4883c428        add     rsp,28h
    SYMBOL_STACK_INDEX:  4
    SYMBOL_NAME:  athrx+2e297
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: athrx
    IMAGE_NAME:  athrx.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a2997be
    FAILURE_BUCKET_ID:  X64_0xD1_athrx+2e297
    BUCKET_ID:  X64_0xD1_athrx+2e297
    Followup: MachineOwner
    ---------
    0: kd> lmvm athrx
    start             end                 module name
    fffff880`0c82c000 fffff880`0c99a000   athrx      (no symbols)           
        Loaded symbol image file: athrx.sys
        Image path: \SystemRoot\system32\DRIVERS\athrx.sys
        Image name: athrx.sys
        Timestamp:        Sat Jun 06 00:10:06 2009 (4A2997BE)
        CheckSum:         0016EDA1
        ImageSize:        0016E000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    ||||||||||||||||||
    Your BSOD was caused by athrx.sys. It belongs to prevx.
    I see that the last update was in 2009.
    Please update it or uninstall it. If this does not help, contact Prevx Technical Support.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner

    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Thursday, April 14, 2011 2:36 PM
  • Turns out athrx.sys is part of an Atheros 802.11n wireless card driver.  I disabled the driver in Device Manager while in safe mode, and now everything is fine.

    The strange thing is, this is a desktop computer that has never had a wireless card!  Maybe it was just part of Dell's standard OS image for this computer.  I have no idea why it suddenly started causing a blue screen.

    In any case, thank you very much for pointing me in the right direction.

    Friday, April 15, 2011 12:52 AM