locked
Blue screen of death error, please help! RRS feed

  • Question

  • Hello,

    I have Windows 7 E nterprise and Ive been getting the BSOD recently, no idea what could be causing it. 

    DynamicSig[1].Name=OS Version
    DynamicSig[1].Value=6.1.7601.2.1.0.256.4
    DynamicSig[2].Name=Locale ID
    DynamicSig[2].Value=2067
    UI[2]=C:\Windows\system32\wer.dll
    UI[3]=Windows has recovered from an unexpected shutdown
    UI[4]=Windows can check online for a solution to the problem.
    UI[5]=&Check for solution
    UI[6]=&Check later
    UI[7]=Cancel
    UI[8]=Windows has recovered from an unexpected shutdown
    UI[9]=A problem caused Windows to stop working correctly.  Windows will notify you if a solution is available.
    UI[10]=Close
    Sec[0].Key=BCCode
    Sec[0].Value=d1
    Sec[1].Key=BCP1
    Sec[1].Value=00000014
    Sec[2].Key=BCP2
    Sec[2].Value=00000002
    Sec[3].Key=BCP3
    Sec[3].Value=00000000
    Sec[4].Key=BCP4
    Sec[4].Value=8B555BF2
    Sec[5].Key=OS Version
    Sec[5].Value=6_1_7601
    Sec[6].Key=Service Pack
    Sec[6].Value=1_0
    Hopefully I have included all the relevant data from the minidump file. I check all the drivers and they should be up to date. Seems to be happening when Im at home and never when I am at work. Also seems to happen when I have utorrent open, but I can have utorrent open at work no problem, so maybe a problem with network adapter? I have McAfee 8.8.0 running and my laptop model is HP ProBook 6560b. 
    Please help! 
    Tuesday, January 24, 2012 3:47 PM

Answers

  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8b543bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from 82f69848
    Unable to read MiSystemVaType memory at 82f48e20
     00000014

    CURRENT_IRQL:  2

    FAULTING_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8b543bf2 394614          cmp     dword ptr [esi+14h],eax

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8d58344c -- (.trap 0xffffffff8d58344c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8b543bf2 esp=8d5834c0 ebp=8d5834d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8b543bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8b543bf2 to 82e415fb

    STACK_TEXT: 
    8d58344c 8b543bf2 badb0d00 ffffffbc 88818008 nt!KiTrap0E+0x2cf
    8d5834d0 8b646b46 85a2a198 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8d583500 8b69577a 89687cf0 8d583550 8d58354c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8d583594 8b693dc6 85c1f430 89687cf0 8d5835bc tcpip!TcpTcbCarefulDatagram+0x168a
    8d583600 8b677438 85c1f430 89687cf0 00583674 tcpip!TcpTcbReceive+0x228
    8d583668 8b677c6a 85716a18 85c49000 00000000 tcpip!TcpMatchReceive+0x237
    8d5836b8 8b677cab 85c1f430 85c49000 0000d0e5 tcpip!TcpPreValidatedReceive+0x293
    8d5836d4 8b671fd5 85c1f430 85c49000 8d583710 tcpip!TcpReceive+0x2d
    8d5836e4 8b67a20b 8d5836f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8d583710 8b679b56 8b6f5198 8d583764 c000023e tcpip!IppDeliverListToProtocol+0x49
    8d583730 8b677f18 8b6f4fa8 00000006 8d583764 tcpip!IppProcessDeliverList+0x2a
    8d583788 8b6799ff 8b6f4fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8d58381c 8b687e2c 86072fa8 00000000 85c0c500 tcpip!IpFlcReceivePackets+0xbe5
    8d583898 8b68245e 86090158 85a1c8a8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8d5838cc 82e89654 85a1c8a8 ad826d00 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8d583934 8b6825cc 8b682340 8d58395c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8d583970 8b4ee18d 86090100 85a1c801 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8d5839a8 8b4dc5be 86015960 85a1c8a8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8d5839d0 8b4dc4b2 00000000 85a1c8a8 85f8b0e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8d583b4c 8b487c1d 85f8b0e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8d583b68 8b4dc553 85f8b0e0 85a1c8a8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8d583b90 8b487c78 85f8b0e0 85a1c8a8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8d583bb8 942176b7 85f8b0e0 85a1c8a8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8d583bd8 94212730 86043e18 85a1c8a8 86043e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8d583bec 830144dc 86043e18 942232f8 85578a70 tunnel!LwWorker+0x12
    8d583c00 82e7da6b 8583f188 00000000 85578a70 nt!IopProcessWorkItem+0x23
    8d583c50 83008fda 00000001 ad8268a4 00000000 nt!ExpWorkerThread+0x10d
    8d583c90 82eb11f9 82e7d95e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8b543bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------
    -----------------------------------------------------------------

    Start by updating your NIC drivers and disabling all security softwares you have.

    If this does not help then proceed like that:

    • update all your drivers
    • Uninstall all unused programs
    • Run msconfig and disable all startup items / services except Microsoft ones

    You can also contact Microsoft CSS for assistance.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.  

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Marked as answer by Miya Yao Monday, February 6, 2012 7:15 AM
    Wednesday, January 25, 2012 3:42 PM
  • but alas, after detailed analysis...
     
    8b751000 8b782000   fwpkclnt fwpkclnt.sys Sat Nov 20 01:39:08 2010
    (4CE7892C)
    8b782000 8b7a85c0   mfewfpk  mfewfpk.sys  Fri Aug 26 14:44:53 2011
    (4E5805C5)
     
    It looks like you have forefront and mcafee installed. additionally
    forefront is out of date... This might be a pointer towards the real issue.
     
     

    -- Mike Burr
    Interesting Reading on Technology and Finance
    • Marked as answer by Miya Yao Monday, February 6, 2012 7:15 AM
    Saturday, January 28, 2012 3:40 AM

All replies

  • For general blue screen troubleshooting,
     
     
    For 0xD1 DRIVER_IRQL_NOT_LESS_OR_EQUAL,
     
     
    If you would like help, please upload the minidump files from
    c:\windows\minidump to skydrive and post a link,
     
     

    -- Mike Burr
    Interesting Reading on Technology and Finance
    Tuesday, January 24, 2012 4:01 PM
  • Hello,

    Bug Check Code 0xD1: http://msdn.microsoft.com/en-us/library/windows/hardware/ff560244(v=vs.85).aspx

    This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

    Please use Microsoft Skydrive to upload dump files (c:\windows\minidumps). Once done, post a link here.

    You can also contact Microsoft CSS for assistance.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.  

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Tuesday, January 24, 2012 8:41 PM
  • Here is the crash dump file. Seems to be due to netio.sys. After a quick search seems a lot of others have the same problem involving McAfee and torrent programs. So I think I will try removing McAfee but hopefully you can confirm this is the problem!

     

    https://skydrive.live.com/redir.aspx?cid=7222d488930a67c1&resid=7222D488930A67C1!341&parid=7222D488930A67C1!240&authkey=!ABe2SP8u0-whKpI

    Wednesday, January 25, 2012 10:21 AM
  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000014, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8b543bf2, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from 82f69848
    Unable to read MiSystemVaType memory at 82f48e20
     00000014

    CURRENT_IRQL:  2

    FAULTING_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8b543bf2 394614          cmp     dword ptr [esi+14h],eax

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  8d58344c -- (.trap 0xffffffff8d58344c)
    ErrCode = 00000000
    eax=00000000 ebx=00000000 ecx=00000044 edx=ffffffbc esi=00000000 edi=ffffffbc
    eip=8b543bf2 esp=8d5834c0 ebp=8d5834d0 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    NETIO!RtlCopyBufferToMdl+0x1c:
    8b543bf2 394614          cmp     dword ptr [esi+14h],eax ds:0023:00000014=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8b543bf2 to 82e415fb

    STACK_TEXT: 
    8d58344c 8b543bf2 badb0d00 ffffffbc 88818008 nt!KiTrap0E+0x2cf
    8d5834d0 8b646b46 85a2a198 00000000 ffffffbc NETIO!RtlCopyBufferToMdl+0x1c
    8d583500 8b69577a 89687cf0 8d583550 8d58354c tcpip!TcpTcbReassemblyRetrieveSegments+0xad
    8d583594 8b693dc6 85c1f430 89687cf0 8d5835bc tcpip!TcpTcbCarefulDatagram+0x168a
    8d583600 8b677438 85c1f430 89687cf0 00583674 tcpip!TcpTcbReceive+0x228
    8d583668 8b677c6a 85716a18 85c49000 00000000 tcpip!TcpMatchReceive+0x237
    8d5836b8 8b677cab 85c1f430 85c49000 0000d0e5 tcpip!TcpPreValidatedReceive+0x293
    8d5836d4 8b671fd5 85c1f430 85c49000 8d583710 tcpip!TcpReceive+0x2d
    8d5836e4 8b67a20b 8d5836f8 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12
    8d583710 8b679b56 8b6f5198 8d583764 c000023e tcpip!IppDeliverListToProtocol+0x49
    8d583730 8b677f18 8b6f4fa8 00000006 8d583764 tcpip!IppProcessDeliverList+0x2a
    8d583788 8b6799ff 8b6f4fa8 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1fb
    8d58381c 8b687e2c 86072fa8 00000000 85c0c500 tcpip!IpFlcReceivePackets+0xbe5
    8d583898 8b68245e 86090158 85a1c8a8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
    8d5838cc 82e89654 85a1c8a8 ad826d00 00000000 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
    8d583934 8b6825cc 8b682340 8d58395c 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
    8d583970 8b4ee18d 86090100 85a1c801 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
    8d5839a8 8b4dc5be 86015960 85a1c8a8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
    8d5839d0 8b4dc4b2 00000000 85a1c8a8 85f8b0e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
    8d583b4c 8b487c1d 85f8b0e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
    8d583b68 8b4dc553 85f8b0e0 85a1c8a8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
    8d583b90 8b487c78 85f8b0e0 85a1c8a8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
    8d583bb8 942176b7 85f8b0e0 85a1c8a8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
    8d583bd8 94212730 86043e18 85a1c8a8 86043e18 tunnel!TeredoWfpIndicationWorker+0xa9
    8d583bec 830144dc 86043e18 942232f8 85578a70 tunnel!LwWorker+0x12
    8d583c00 82e7da6b 8583f188 00000000 85578a70 nt!IopProcessWorkItem+0x23
    8d583c50 83008fda 00000001 ad8268a4 00000000 nt!ExpWorkerThread+0x10d
    8d583c90 82eb11f9 82e7d95e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    NETIO!RtlCopyBufferToMdl+1c
    8b543bf2 394614          cmp     dword ptr [esi+14h],eax

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78963

    FAILURE_BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    BUCKET_ID:  0xD1_NETIO!RtlCopyBufferToMdl+1c

    Followup: MachineOwner
    ---------
    -----------------------------------------------------------------

    Start by updating your NIC drivers and disabling all security softwares you have.

    If this does not help then proceed like that:

    • update all your drivers
    • Uninstall all unused programs
    • Run msconfig and disable all startup items / services except Microsoft ones

    You can also contact Microsoft CSS for assistance.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.  

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Marked as answer by Miya Yao Monday, February 6, 2012 7:15 AM
    Wednesday, January 25, 2012 3:42 PM
  • but alas, after detailed analysis...
     
    8b751000 8b782000   fwpkclnt fwpkclnt.sys Sat Nov 20 01:39:08 2010
    (4CE7892C)
    8b782000 8b7a85c0   mfewfpk  mfewfpk.sys  Fri Aug 26 14:44:53 2011
    (4E5805C5)
     
    It looks like you have forefront and mcafee installed. additionally
    forefront is out of date... This might be a pointer towards the real issue.
     
     

    -- Mike Burr
    Interesting Reading on Technology and Finance
    • Marked as answer by Miya Yao Monday, February 6, 2012 7:15 AM
    Saturday, January 28, 2012 3:40 AM