Gingerale

Hi all new to the forums! I've had a few days of BSOD's and now the computer is slow. Found out how to read the dump files and here they are. Any help would be greatly appreciated on what to do now? Cheers + Oh I just realized I have SP0?/no Service Packs Updated, and found that I installed dotnetfx35 SP1? I'm not sure if there is some sort of conflict or something. Additionally I recently installed Microsoft Visual C++ 2008 for a video game and a few weeks ago I ran NT Registry Optimizer. This is Windows Vista Ultimate. Oh and BSOD read Kernel Stack In page Error stop:0x00000077,(0X000000E, 0xL000000E, 0x00000000, 0x018EL000 Update: I tried chkdsk /f /r and i got - could not load the hive file systemroot/system/32/config /security? ------------------------------ Microsoft ® Windows Debugger Version 6.8.0004.0 X86 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 6000.16901.x86fre.vista_gdr.090805-0102 Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0 Debug session time: Tue Jan 19 08:44:04.278 2010 (GMT-5) System Uptime: 0 days 16:54:12.403 Loading Kernel Symbols .................................................................................................... ........................................ Loading User Symbols PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details Loading unloaded module list ................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {d, 0, 0, 0} PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details Probably caused by : ntkrnlmp.exe ( nt!KiSystemFatalException+f ) Followup: MachineOwner --------- windbg> .hh dbgerr001 -------------------------------------------------------- second attempt-------------------------------------------------------------------- --------- 1: kd> kd> !analyze -v Numeric expression missing from '> !analyze -v' 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000d, EXCEPTION_GP_FAULT Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details BUGCHECK_STR: 0x7f_d DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 UNALIGNED_STACK_POINTER: a0a56bd5 LAST_CONTROL_TRANSFER: from c823e06e to 81849a87 STACK_TEXT: a0a56bed c823e06e badb0d00 00000000 20000000 nt!KiSystemFatalException+0xf WARNING: Frame IP not in any known module. Following frames may be wrong. a0a56c5d 8184603a 000000e4 0792f700 0792f6f0 0xc823e06e a0a56c5d 77cb0f34 000000e4 0792f700 0792f6f0 nt!KiFastCallEntry+0x12a 0792f6d8 00000000 00000000 00000000 00000000 0x77cb0f34 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiSystemFatalException+f 81849a87 c3 ret SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!KiSystemFatalException+f FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4a7965d1 FAILURE_BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f Followup: MachineOwner ----------------------FIND ntkrnlmp 81800000 81b95000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\007D2674723E4F56955AE3149CC50AE22\ntkrnlmp.pdb Loaded symbol image file: ntkrnlmp.exe Image path: ntkrnlmp.exe Image name: ntkrnlmp.exe Timestamp: Wed Aug 05 06:58:25 2009 (4A7965D1) CheckSum: 00353013 ImageSize: 00395000 File version: 6.0.6000.16901 Product version: 6.0.6000.16901 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntkrnlmp.exe OriginalFilename: ntkrnlmp.exe ProductVersion: 6.0.6000.16901 FileVersion: 6.0.6000.16901 (vista_gdr.090805-0102) FileDescription: NT Kernel & System LegalCopyright: © Microsoft Corporation. All rights reserved. MINI DUMP 1 Loading Dump File [C:\Windows\Minidump\Mini011910-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 6000.16901.x86fre.vista_gdr.090805-0102 Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0 Debug session time: Tue Jan 19 08:44:04.278 2010 (GMT-5) System Uptime: 0 days 16:54:12.403 Loading Kernel Symbols .................................................................................................... ........................................ Loading User Symbols Loading unloaded module list ................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {d, 0, 0, 0} Probably caused by : ntkrnlmp.exe ( nt!KiSystemFatalException+f ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000d, EXCEPTION_GP_FAULT Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_d CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 UNALIGNED_STACK_POINTER: a0a56bd5 LAST_CONTROL_TRANSFER: from c823e06e to 81849a87 STACK_TEXT: a0a56bed c823e06e badb0d00 00000000 20000000 nt!KiSystemFatalException+0xf WARNING: Frame IP not in any known module. Following frames may be wrong. a0a56c5d 8184603a 000000e4 0792f700 0792f6f0 0xc823e06e a0a56c5d 77cb0f34 000000e4 0792f700 0792f6f0 nt!KiFastCallEntry+0x12a 0792f6d8 00000000 00000000 00000000 00000000 0x77cb0f34 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiSystemFatalException+f 81849a87 c3 ret SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!KiSystemFatalException+f FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4a7965d1 FAILURE_BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f Followup: MachineOwner --------- MINI DUMP 2 Loading Dump File [C:\Windows\Minidump\Mini011810-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 6000.16901.x86fre.vista_gdr.090805-0102 Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0 Debug session time: Mon Jan 18 14:39:04.406 2010 (GMT-5) System Uptime: 0 days 0:28:25.110 Loading Kernel Symbols .................................................................................................... ....................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {e9b66300, 2, 0, e9b66300} Unable to load image \SystemRoot\system32\DRIVERS\Rtlh86.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for Rtlh86.sys *** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys Probably caused by : tdx.sys ( tdx!TdxEventDisconnectConnection+1e9 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: e9b66300, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: e9b66300, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from 819275a0 Unable to read MiSystemVaType memory at 819086a0 e9b66300 CURRENT_IRQL: 2 FAULTING_IP: +ffffffffe9b66300 e9b66300 ?? ??? CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: Idle TRAP_FRAME: 818e953c -- (.trap 0xffffffff818e953c) ErrCode = 00000000 eax=00000000 ebx=81b98e10 ecx=84281602 edx=00000000 esi=841a1530 edi=8428168f eip=e9b66300 esp=818e95b0 ebp=818e95e4 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 e9b66300 ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from e9b66300 to 81849314 FAILED_INSTRUCTION_ADDRESS: +ffffffffe9b66300 e9b66300 ?? ??? STACK_TEXT: 818e953c e9b66300 badb0d00 00000000 818e955c nt!KiTrap0E+0x2ac WARNING: Frame IP not in any known module. Following frames may be wrong. 818e95ac 8e009235 dfe8b08e 84198008 00000000 0xe9b66300 818e95e4 8ef61584 e9b66300 84198008 83fa7590 tdx!TdxEventDisconnectConnection+0x1e9 818e95f8 8ef5e0e4 00000002 00000001 83fa7590 tcpip!TcpNotifyDisconnectDelivery+0x25 818e961c 8ef5e228 83fa7590 83fa7590 818e968c tcpip!TcpDeliverFinToClient+0x7e 818e962c 8ef9d9c6 83fa7590 818e9728 83fa7590 tcpip!TcpAllowFin+0x85 818e968c 8ef9a8eb dd926f0f 83fa7590 818e96b0 tcpip!TcpTcbCarefulDatagram+0x106e 818e96e4 8ef978f7 85bc2a10 00fa7590 818e9728 tcpip!TcpTcbReceive+0x1a3 818e971c 8ef977dd 85bc2a10 85bb8000 00000000 tcpip!TcpMatchReceive+0xff 818e9764 8ef9c72d 85bc2a10 85bb8000 85bb8011 tcpip!TcpPreValidatedReceive+0x22d 818e9780 8ef9c94f 85bc2a10 85bb8000 818e97bc tcpip!TcpReceive+0x2d 818e9790 8ef8e3c4 818e97a4 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12 818e97bc 8ef8e194 8efe1be4 818e9818 c000023e tcpip!IppDeliverListToProtocol+0x49 818e97dc 8ef8e0c3 8efe1a00 00000006 818e9818 tcpip!IppProcessDeliverList+0x2a 818e9830 8ef8972e 8efe1a00 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1da 818e98c0 8ef8d9ea 85a48d38 00000000 8ddd5a01 tcpip!IpFlcReceivePackets+0xc06 818e993c 8ef8d303 85ccc158 857e0cd8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x6db 818e9964 899ec0b0 85ccc158 857e0cd8 00000000 tcpip!FlReceiveNetBufferListChain+0x104 818e9998 899de8a2 004c5c58 857e0cd8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0xab 818e99c0 899de819 00000000 00000001 85654000 ndis!ndisIndicateSortedNetBufferLists+0x4a 818e9b3c 89926526 855aa0e8 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129 818e9b58 899de476 855aa0e8 857e0cd8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2c 818e9b74 899264f1 855aa0e8 857e0cd8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x27 818e9b90 8dde1051 855aa0e8 857e0cd8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x20 818e9c80 8ddd4bde 00654000 00000000 00000000 Rtlh86+0xf051 818e9ca4 899de086 85654000 85654000 00000000 Rtlh86+0x2bde 818e9cc8 89926252 858cf050 00000000 00000000 ndis!ndisMiniportDpc+0x81 818e9ce8 8186af6e 858cf050 858cf008 00000000 ndis!ndisInterruptDpc+0x8b 818e9d50 8183799e 00000000 0000000e 00000000 nt!KiRetireDpcList+0x147 818e9d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x46 STACK_COMMAND: kb FOLLOWUP_IP: tdx!TdxEventDisconnectConnection+1e9 8e009235 6806030000 push 306h SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: tdx!TdxEventDisconnectConnection+1e9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: tdx IMAGE_NAME: tdx.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2fe FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_tdx!TdxEventDisconnectConnection+1e9 BUCKET_ID: 0xD1_CODE_AV_BAD_IP_tdx!TdxEventDisconnectConnection+1e9 Followup: MachineOwner --------- MINI DUMP 3 Loading Dump File [C:\Windows\Minidump\Mini011710-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 6000.16901.x86fre.vista_gdr.090805-0102 Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0 Debug session time: Sun Jan 17 07:15:01.709 2010 (GMT-5) System Uptime: 0 days 3:46:40.170 Loading Kernel Symbols .................................................................................................... ...................................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {64000000, 2, 1, 81b98e89} Probably caused by : ntkrnlmp.exe ( nt!KiTrap0E+2ac ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 64000000, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 81b98e89, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from 819275a0 Unable to read MiSystemVaType memory at 819086a0 64000000 CURRENT_IRQL: 2 FAULTING_IP: hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+29 81b98e89 8902 mov dword ptr [edx],eax CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: wininit.exe TRAP_FRAME: 8edd03d8 -- (.trap 0xffffffff8edd03d8) ErrCode = 00000002 eax=8edd045c ebx=c00000d8 ecx=86804abc edx=64000000 esi=8912cd78 edi=86804a88 eip=81b98e89 esp=8edd044c ebp=8edd0468 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x29: 81b98e89 8902 mov dword ptr [edx],eax ds:0023:64000000=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 81b98e89 to 81849314 STACK_TEXT: 8edd03d8 81b98e89 badb0d00 64000000 00000000 nt!KiTrap0E+0x2ac 8edd0448 81863825 00000000 cc544688 c00000d8 hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x29 8edd0468 89f109c3 86804a88 86804d01 8edd049c nt!ExAcquireResourceExclusiveLite+0x25 8edd0478 89f10884 861f8918 cc544688 86804d01 Ntfs!NtfsAcquireResourceExclusive+0x1e 8edd049c 89f6a663 861f8918 cc544688 00000000 Ntfs!NtfsAcquireExclusiveFcb+0x42 8edd0534 89f80c3e 861f8918 8527c548 00000001 Ntfs!NtfsFlushVolume+0x149 8edd05b0 89f810d5 861f8918 84d54268 8e54f587 Ntfs!NtfsCommonFlushBuffers+0x1c7 8edd0618 81867ab9 8527c490 84d54268 84d54268 Ntfs!NtfsFsdFlushBuffers+0xf4 8edd0630 89a3ea5c 85982a90 84d54268 00000000 nt!IofCallDriver+0x63 8edd0654 89a3ec18 8edd0674 85982a90 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a 8edd068c 81867ab9 85982a90 84d54268 84d54268 fltmgr!FltpDispatch+0xc2 8edd06a4 819c82bb 84d54268 864bfb80 8630ea20 nt!IofCallDriver+0x63 8edd06c4 81a09d29 85982a90 8630ea20 00000000 nt!IopSynchronousServiceTail+0x1e0 8edd0730 8184603a 80000a00 8edd07f0 8edd0a04 nt!NtFlushBuffersFile+0x1e6 8edd0730 818440e1 80000a00 8edd07f0 8edd0a04 nt!KiFastCallEntry+0x12a 8edd07b0 81abd893 80000a74 8edd07f0 00000000 nt!ZwFlushBuffersFile+0x11 8edd0a04 81abd72a 8edd0a4c 00000004 818f3fec nt!PopFlushVolumeWorker+0x13c 8edd0a68 81abddc7 00000001 8eddb0d0 8edd0ba4 nt!PopFlushVolumes+0x2df 8edd0b90 8184603a 00000006 00000000 00000004 nt!NtSetSystemPowerState+0x46d 8edd0b90 81844f19 00000006 00000000 00000004 nt!KiFastCallEntry+0x12a 8edd0c14 81abda10 00000006 00000004 c0000004 nt!ZwSetSystemPowerState+0x11 8edd0d44 81a8d85b 00000006 00000004 c0000004 nt!NtSetSystemPowerState+0xc0 8edd0d58 8184603a 00000002 0021fe90 772d0f34 nt!NtShutdownSystem+0x32 8edd0d58 772d0f34 00000002 0021fe90 772d0f34 nt!KiFastCallEntry+0x12a WARNING: Frame IP not in any known module. Following frames may be wrong. 0021fe90 00000000 00000000 00000000 00000000 0x772d0f34 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiTrap0E+2ac 81849314 833d00f8918100 cmp dword ptr [nt!KiFreezeFlag (8191f800)],0 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!KiTrap0E+2ac FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4a7965d1 FAILURE_BUCKET_ID: 0xA_W_nt!KiTrap0E+2ac BUCKET_ID: 0xA_W_nt!KiTrap0E+2ac Followup: MachineOwner --------- MINI DUMP 4 Loading Dump File [C:\Windows\Minidump\Mini110909-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 6000.16901.x86fre.vista_gdr.090805-0102 Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d08ad0 Debug session time: Mon Nov 9 10:23:12.817 2009 (GMT-5) System Uptime: 1 days 13:35:28.432 Loading Kernel Symbols .................................................................................................... .................................... Loading User Symbols Loading unloaded module list .................................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {3, 2, 1, 89dfd53a} Probably caused by : NETIO.SYS ( NETIO!InvalidateFlowContextTable+c ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000003, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: 89dfd53a, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d275a0 Unable to read MiSystemVaType memory at 81d086a0 00000003 CURRENT_IRQL: 2 FAULTING_IP: NETIO!InvalidateFlowContextTable+c 89dfd53a 83480401 or dword ptr [eax+4],1 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: 8a1c1bd4 -- (.trap 0xffffffff8a1c1bd4) ErrCode = 00000002 eax=ffffffff ebx=842ab701 ecx=ffffffff edx=00000002 esi=00000000 edi=84095c40 eip=89dfd53a esp=8a1c1c48 ebp=8a1c1c48 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 NETIO!InvalidateFlowContextTable+0xc: 89dfd53a 83480401 or dword ptr [eax+4],1 ds:0023:00000003=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 89dfd53a to 81c49314 STACK_TEXT: 8a1c1bd4 89dfd53a badb0d00 00000002 83a6aa14 nt!KiTrap0E+0x2ac 8a1c1c48 89dec376 ffffffff 842ab74c 842ab730 NETIO!InvalidateFlowContextTable+0xc 8a1c1c68 89dec407 0001e98f 00000000 842ab74c NETIO!WfpProcessFlowDelete+0x31 8a1c1c7c 89dec3d9 0001e98f 00000000 842ab74c NETIO!KfdNotifyFlowDeletion+0x19 8a1c1c94 9038440a 842ab730 903ee474 00000000 NETIO!KfdAleNotifyFlowDeletion+0x18 8a1c1cb4 903942f6 842ab710 8a1c1cf8 90385287 tcpip!WfpAleFreeRemoteEndpoint+0x1c 8a1c1cc0 90385287 842ab750 81f98f00 903edbe0 tcpip!WfpAleDecrementWaitRef+0x65 8a1c1cf8 903852b4 903edbe0 903ee480 8a1c1d2c tcpip!WfpAlepDeleteDeferredEntries+0x117 8a1c1d08 89dec4cd 903ee4b4 81cf563c 854cbf18 tcpip!WfpAlepDeferredCleanupWorkQueueRoutine+0x15 8a1c1d2c 81e190d6 854cbf18 903ee480 85dcadb0 NETIO!NetiopIoWorkItemRoutine+0x2f 8a1c1d44 81c6b69a 85dcadb0 00000000 83a97828 nt!IopProcessWorkItem+0x2d 8a1c1d7c 81dafc1d 85dcadb0 8a1ca680 00000000 nt!ExpWorkerThread+0xfd 8a1c1dc0 81c9a31e 81c6b59d 00000001 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!InvalidateFlowContextTable+c 89dfd53a 83480401 or dword ptr [eax+4],1 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: NETIO!InvalidateFlowContextTable+c FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a85738f FAILURE_BUCKET_ID: 0xD1_W_NETIO!InvalidateFlowContextTable+c BUCKET_ID: 0xD1_W_NETIO!InvalidateFlowContextTable+c Followup: MachineOwner --------- 0: kd> lmvm NETIO start end module name 89de7000 89e20000 NETIO (pdb symbols) c:\symbols\netio.pdb\FEC6313DC17648DCAC69527EE2EE07E02\netio.pdb Loaded symbol image file: NETIO.SYS Mapped memory image file: c:\symbols\NETIO.SYS\4A85738F39000\NETIO.SYS Image path: \SystemRoot\system32\drivers\NETIO.SYS Image name: NETIO.SYS Timestamp: Fri Aug 14 10:24:15 2009 (4A85738F) CheckSum: 00037A30 ImageSize: 00039000 File version: 6.0.6000.16908 Product version: 6.0.6000.16908 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.6 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: netio.sys OriginalFilename: netio.sys ProductVersion: 6.0.6000.16908 FileVersion: 6.0.6000.16908 (vista_gdr.090814-0321) FileDescription: Network I/O Subsystem LegalCopyright: © Microsoft Corporation. All rights reserved.