System Slow and BSOD

[Gingerale]

Hi all new to the forums!

I've had a few days of BSOD's and now the computer is slow.

Found out how to read the dump files and here they are.

Any help would be greatly appreciated on what to do now?

Cheers

+ Oh I just realized I have SP0?/no Service Packs Updated,

and found that I installed dotnetfx35 SP1? I'm not sure if there is some sort of conflict or something.

Additionally I recently installed Microsoft Visual C++ 2008 for a video game and a few weeks ago I ran

NT Registry Optimizer. This is Windows Vista Ultimate.

Oh and BSOD read Kernel Stack In page Error stop:0x00000077,(0X000000E, 0xL000000E, 0x00000000, 0x018EL000

Update: I tried chkdsk /f /r and i got - could not load the hive file systemroot/system/32/config /security?

------------------------------

Microsoft ® Windows Debugger Version 6.8.0004.0 X86

Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16901.x86fre.vista_gdr.090805-0102

Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0

Debug session time: Tue Jan 19 08:44:04.278 2010 (GMT-5)

System Uptime: 0 days 16:54:12.403

Loading Kernel Symbols

....................................................................................................

........................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details

Loading unloaded module list

...................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {d, 0, 0, 0}

PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details

Probably caused by : ntkrnlmp.exe ( nt!KiSystemFatalException+f )

Followup: MachineOwner

---------

windbg> .hh dbgerr001

--------------------------------------------------------

second attempt--------------------------------------------------------------------

---------

1: kd> kd> !analyze -v

Numeric expression missing from '> !analyze -v'

1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

bugcheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

use .tss on the part before the colon, then kv.

Else if kv shows a trapframe

use .trap on that value

Else

.trap on the appropriate frame will show where the trap was taken

(on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 0000000d, EXCEPTION_GP_FAULT

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000

Debugging Details:

------------------

PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdd00c). Type ".hh dbgerr001" for details

BUGCHECK_STR: 0x7f_d

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

UNALIGNED_STACK_POINTER: a0a56bd5

LAST_CONTROL_TRANSFER: from c823e06e to 81849a87

STACK_TEXT:

a0a56bed c823e06e badb0d00 00000000 20000000 nt!KiSystemFatalException+0xf

WARNING: Frame IP not in any known module. Following frames may be wrong.

a0a56c5d 8184603a 000000e4 0792f700 0792f6f0 0xc823e06e

a0a56c5d 77cb0f34 000000e4 0792f700 0792f6f0 nt!KiFastCallEntry+0x12a

0792f6d8 00000000 00000000 00000000 00000000 0x77cb0f34

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!KiSystemFatalException+f

81849a87 c3 ret

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiSystemFatalException+f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4a7965d1

FAILURE_BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f

BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f

Followup: MachineOwner

----------------------FIND ntkrnlmp

81800000 81b95000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\007D2674723E4F56955AE3149CC50AE22\ntkrnlmp.pdb

Loaded symbol image file: ntkrnlmp.exe

Image path: ntkrnlmp.exe

Image name: ntkrnlmp.exe

Timestamp: Wed Aug 05 06:58:25 2009 (4A7965D1)

CheckSum: 00353013

ImageSize: 00395000

File version: 6.0.6000.16901

Product version: 6.0.6000.16901

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: ntkrnlmp.exe

OriginalFilename: ntkrnlmp.exe

ProductVersion: 6.0.6000.16901

FileVersion: 6.0.6000.16901 (vista_gdr.090805-0102)

FileDescription: NT Kernel & System

LegalCopyright: © Microsoft Corporation. All rights reserved.

MINI DUMP 1

Loading Dump File [C:\Windows\Minidump\Mini011910-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16901.x86fre.vista_gdr.090805-0102

Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0

Debug session time: Tue Jan 19 08:44:04.278 2010 (GMT-5)

System Uptime: 0 days 16:54:12.403

Loading Kernel Symbols

....................................................................................................

........................................

Loading User Symbols

Loading unloaded module list

...................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {d, 0, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemFatalException+f )

Followup: MachineOwner

---------

1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

bugcheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

use .tss on the part before the colon, then kv.

Else if kv shows a trapframe

use .trap on that value

Else

.trap on the appropriate frame will show where the trap was taken

(on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 0000000d, EXCEPTION_GP_FAULT

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000

Debugging Details:

------------------

BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

UNALIGNED_STACK_POINTER: a0a56bd5

LAST_CONTROL_TRANSFER: from c823e06e to 81849a87

STACK_TEXT:

a0a56bed c823e06e badb0d00 00000000 20000000 nt!KiSystemFatalException+0xf

WARNING: Frame IP not in any known module. Following frames may be wrong.

a0a56c5d 8184603a 000000e4 0792f700 0792f6f0 0xc823e06e

a0a56c5d 77cb0f34 000000e4 0792f700 0792f6f0 nt!KiFastCallEntry+0x12a

0792f6d8 00000000 00000000 00000000 00000000 0x77cb0f34

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!KiSystemFatalException+f

81849a87 c3 ret

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiSystemFatalException+f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4a7965d1

FAILURE_BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f

BUCKET_ID: 0x7f_d_nt!KiSystemFatalException+f

Followup: MachineOwner

---------

MINI DUMP 2

Loading Dump File [C:\Windows\Minidump\Mini011810-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16901.x86fre.vista_gdr.090805-0102

Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0

Debug session time: Mon Jan 18 14:39:04.406 2010 (GMT-5)

System Uptime: 0 days 0:28:25.110

Loading Kernel Symbols

....................................................................................................

.......................................

Loading User Symbols

Loading unloaded module list

......

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {e9b66300, 2, 0, e9b66300}

Unable to load image \SystemRoot\system32\DRIVERS\Rtlh86.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for Rtlh86.sys

*** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys

Probably caused by : tdx.sys ( tdx!TdxEventDisconnectConnection+1e9 )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: e9b66300, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000000, value 0 = read operation, 1 = write operation

Arg4: e9b66300, address which referenced memory

Debugging Details:

------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from 819275a0

Unable to read MiSystemVaType memory at 819086a0

e9b66300

CURRENT_IRQL: 2

FAULTING_IP:

+ffffffffe9b66300

e9b66300 ?? ???

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

TRAP_FRAME: 818e953c -- (.trap 0xffffffff818e953c)

ErrCode = 00000000

eax=00000000 ebx=81b98e10 ecx=84281602 edx=00000000 esi=841a1530 edi=8428168f

eip=e9b66300 esp=818e95b0 ebp=818e95e4 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286

e9b66300 ?? ???

Resetting default scope

LAST_CONTROL_TRANSFER: from e9b66300 to 81849314

FAILED_INSTRUCTION_ADDRESS:

+ffffffffe9b66300

e9b66300 ?? ???

STACK_TEXT:

818e953c e9b66300 badb0d00 00000000 818e955c nt!KiTrap0E+0x2ac

WARNING: Frame IP not in any known module. Following frames may be wrong.

818e95ac 8e009235 dfe8b08e 84198008 00000000 0xe9b66300

818e95e4 8ef61584 e9b66300 84198008 83fa7590 tdx!TdxEventDisconnectConnection+0x1e9

818e95f8 8ef5e0e4 00000002 00000001 83fa7590 tcpip!TcpNotifyDisconnectDelivery+0x25

818e961c 8ef5e228 83fa7590 83fa7590 818e968c tcpip!TcpDeliverFinToClient+0x7e

818e962c 8ef9d9c6 83fa7590 818e9728 83fa7590 tcpip!TcpAllowFin+0x85

818e968c 8ef9a8eb dd926f0f 83fa7590 818e96b0 tcpip!TcpTcbCarefulDatagram+0x106e

818e96e4 8ef978f7 85bc2a10 00fa7590 818e9728 tcpip!TcpTcbReceive+0x1a3

818e971c 8ef977dd 85bc2a10 85bb8000 00000000 tcpip!TcpMatchReceive+0xff

818e9764 8ef9c72d 85bc2a10 85bb8000 85bb8011 tcpip!TcpPreValidatedReceive+0x22d

818e9780 8ef9c94f 85bc2a10 85bb8000 818e97bc tcpip!TcpReceive+0x2d

818e9790 8ef8e3c4 818e97a4 c000023e 00000000 tcpip!TcpNlClientReceiveDatagrams+0x12

818e97bc 8ef8e194 8efe1be4 818e9818 c000023e tcpip!IppDeliverListToProtocol+0x49

818e97dc 8ef8e0c3 8efe1a00 00000006 818e9818 tcpip!IppProcessDeliverList+0x2a

818e9830 8ef8972e 8efe1a00 00000006 00000000 tcpip!IppReceiveHeaderBatch+0x1da

818e98c0 8ef8d9ea 85a48d38 00000000 8ddd5a01 tcpip!IpFlcReceivePackets+0xc06

818e993c 8ef8d303 85ccc158 857e0cd8 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x6db

818e9964 899ec0b0 85ccc158 857e0cd8 00000000 tcpip!FlReceiveNetBufferListChain+0x104

818e9998 899de8a2 004c5c58 857e0cd8 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0xab

818e99c0 899de819 00000000 00000001 85654000 ndis!ndisIndicateSortedNetBufferLists+0x4a

818e9b3c 89926526 855aa0e8 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129

818e9b58 899de476 855aa0e8 857e0cd8 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2c

818e9b74 899264f1 855aa0e8 857e0cd8 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x27

818e9b90 8dde1051 855aa0e8 857e0cd8 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x20

818e9c80 8ddd4bde 00654000 00000000 00000000 Rtlh86+0xf051

818e9ca4 899de086 85654000 85654000 00000000 Rtlh86+0x2bde

818e9cc8 89926252 858cf050 00000000 00000000 ndis!ndisMiniportDpc+0x81

818e9ce8 8186af6e 858cf050 858cf008 00000000 ndis!ndisInterruptDpc+0x8b

818e9d50 8183799e 00000000 0000000e 00000000 nt!KiRetireDpcList+0x147

818e9d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x46

STACK_COMMAND: kb

FOLLOWUP_IP:

tdx!TdxEventDisconnectConnection+1e9

8e009235 6806030000 push 306h

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: tdx!TdxEventDisconnectConnection+1e9

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tdx

IMAGE_NAME: tdx.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2fe

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_tdx!TdxEventDisconnectConnection+1e9

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_tdx!TdxEventDisconnectConnection+1e9

Followup: MachineOwner

---------

MINI DUMP 3

Loading Dump File [C:\Windows\Minidump\Mini011710-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16901.x86fre.vista_gdr.090805-0102

Kernel base = 0x81800000 PsLoadedModuleList = 0x81908ad0

Debug session time: Sun Jan 17 07:15:01.709 2010 (GMT-5)

System Uptime: 0 days 3:46:40.170

Loading Kernel Symbols

....................................................................................................

......................................

Loading User Symbols

Loading unloaded module list

.......

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {64000000, 2, 1, 81b98e89}

Probably caused by : ntkrnlmp.exe ( nt!KiTrap0E+2ac )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 64000000, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, bitfield :

bit 0 : value 0 = read operation, 1 = write operation

bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)

Arg4: 81b98e89, address which referenced memory

Debugging Details:

------------------

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 819275a0

Unable to read MiSystemVaType memory at 819086a0

64000000

CURRENT_IRQL: 2

FAULTING_IP:

hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+29

81b98e89 8902 mov dword ptr [edx],eax

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: wininit.exe

TRAP_FRAME: 8edd03d8 -- (.trap 0xffffffff8edd03d8)

ErrCode = 00000002

eax=8edd045c ebx=c00000d8 ecx=86804abc edx=64000000 esi=8912cd78 edi=86804a88

eip=81b98e89 esp=8edd044c ebp=8edd0468 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286

hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x29:

81b98e89 8902 mov dword ptr [edx],eax ds:0023:64000000=????????

Resetting default scope

LAST_CONTROL_TRANSFER: from 81b98e89 to 81849314

STACK_TEXT:

8edd03d8 81b98e89 badb0d00 64000000 00000000 nt!KiTrap0E+0x2ac

8edd0448 81863825 00000000 cc544688 c00000d8 hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x29

8edd0468 89f109c3 86804a88 86804d01 8edd049c nt!ExAcquireResourceExclusiveLite+0x25

8edd0478 89f10884 861f8918 cc544688 86804d01 Ntfs!NtfsAcquireResourceExclusive+0x1e

8edd049c 89f6a663 861f8918 cc544688 00000000 Ntfs!NtfsAcquireExclusiveFcb+0x42

8edd0534 89f80c3e 861f8918 8527c548 00000001 Ntfs!NtfsFlushVolume+0x149

8edd05b0 89f810d5 861f8918 84d54268 8e54f587 Ntfs!NtfsCommonFlushBuffers+0x1c7

8edd0618 81867ab9 8527c490 84d54268 84d54268 Ntfs!NtfsFsdFlushBuffers+0xf4

8edd0630 89a3ea5c 85982a90 84d54268 00000000 nt!IofCallDriver+0x63

8edd0654 89a3ec18 8edd0674 85982a90 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x22a

8edd068c 81867ab9 85982a90 84d54268 84d54268 fltmgr!FltpDispatch+0xc2

8edd06a4 819c82bb 84d54268 864bfb80 8630ea20 nt!IofCallDriver+0x63

8edd06c4 81a09d29 85982a90 8630ea20 00000000 nt!IopSynchronousServiceTail+0x1e0

8edd0730 8184603a 80000a00 8edd07f0 8edd0a04 nt!NtFlushBuffersFile+0x1e6

8edd0730 818440e1 80000a00 8edd07f0 8edd0a04 nt!KiFastCallEntry+0x12a

8edd07b0 81abd893 80000a74 8edd07f0 00000000 nt!ZwFlushBuffersFile+0x11

8edd0a04 81abd72a 8edd0a4c 00000004 818f3fec nt!PopFlushVolumeWorker+0x13c

8edd0a68 81abddc7 00000001 8eddb0d0 8edd0ba4 nt!PopFlushVolumes+0x2df

8edd0b90 8184603a 00000006 00000000 00000004 nt!NtSetSystemPowerState+0x46d

8edd0b90 81844f19 00000006 00000000 00000004 nt!KiFastCallEntry+0x12a

8edd0c14 81abda10 00000006 00000004 c0000004 nt!ZwSetSystemPowerState+0x11

8edd0d44 81a8d85b 00000006 00000004 c0000004 nt!NtSetSystemPowerState+0xc0

8edd0d58 8184603a 00000002 0021fe90 772d0f34 nt!NtShutdownSystem+0x32

8edd0d58 772d0f34 00000002 0021fe90 772d0f34 nt!KiFastCallEntry+0x12a

WARNING: Frame IP not in any known module. Following frames may be wrong.

0021fe90 00000000 00000000 00000000 00000000 0x772d0f34

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!KiTrap0E+2ac

81849314 833d00f8918100 cmp dword ptr [nt!KiFreezeFlag (8191f800)],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiTrap0E+2ac

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4a7965d1

FAILURE_BUCKET_ID: 0xA_W_nt!KiTrap0E+2ac

BUCKET_ID: 0xA_W_nt!KiTrap0E+2ac

Followup: MachineOwner

---------

MINI DUMP 4

Loading Dump File [C:\Windows\Minidump\Mini110909-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6000.16901.x86fre.vista_gdr.090805-0102

Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d08ad0

Debug session time: Mon Nov 9 10:23:12.817 2009 (GMT-5)

System Uptime: 1 days 13:35:28.432

Loading Kernel Symbols

....................................................................................................

....................................

Loading User Symbols

Loading unloaded module list

..................................................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {3, 2, 1, 89dfd53a}

Probably caused by : NETIO.SYS ( NETIO!InvalidateFlowContextTable+c )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 00000003, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: 89dfd53a, address which referenced memory

Debugging Details:

------------------

WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d275a0

Unable to read MiSystemVaType memory at 81d086a0

00000003

CURRENT_IRQL: 2

FAULTING_IP:

NETIO!InvalidateFlowContextTable+c

89dfd53a 83480401 or dword ptr [eax+4],1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

TRAP_FRAME: 8a1c1bd4 -- (.trap 0xffffffff8a1c1bd4)

ErrCode = 00000002

eax=ffffffff ebx=842ab701 ecx=ffffffff edx=00000002 esi=00000000 edi=84095c40

eip=89dfd53a esp=8a1c1c48 ebp=8a1c1c48 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286

NETIO!InvalidateFlowContextTable+0xc:

89dfd53a 83480401 or dword ptr [eax+4],1 ds:0023:00000003=????????

Resetting default scope

LAST_CONTROL_TRANSFER: from 89dfd53a to 81c49314

STACK_TEXT:

8a1c1bd4 89dfd53a badb0d00 00000002 83a6aa14 nt!KiTrap0E+0x2ac

8a1c1c48 89dec376 ffffffff 842ab74c 842ab730 NETIO!InvalidateFlowContextTable+0xc

8a1c1c68 89dec407 0001e98f 00000000 842ab74c NETIO!WfpProcessFlowDelete+0x31

8a1c1c7c 89dec3d9 0001e98f 00000000 842ab74c NETIO!KfdNotifyFlowDeletion+0x19

8a1c1c94 9038440a 842ab730 903ee474 00000000 NETIO!KfdAleNotifyFlowDeletion+0x18

8a1c1cb4 903942f6 842ab710 8a1c1cf8 90385287 tcpip!WfpAleFreeRemoteEndpoint+0x1c

8a1c1cc0 90385287 842ab750 81f98f00 903edbe0 tcpip!WfpAleDecrementWaitRef+0x65

8a1c1cf8 903852b4 903edbe0 903ee480 8a1c1d2c tcpip!WfpAlepDeleteDeferredEntries+0x117

8a1c1d08 89dec4cd 903ee4b4 81cf563c 854cbf18 tcpip!WfpAlepDeferredCleanupWorkQueueRoutine+0x15

8a1c1d2c 81e190d6 854cbf18 903ee480 85dcadb0 NETIO!NetiopIoWorkItemRoutine+0x2f

8a1c1d44 81c6b69a 85dcadb0 00000000 83a97828 nt!IopProcessWorkItem+0x2d

8a1c1d7c 81dafc1d 85dcadb0 8a1ca680 00000000 nt!ExpWorkerThread+0xfd

8a1c1dc0 81c9a31e 81c6b59d 00000001 00000000 nt!PspSystemThreadStartup+0x9d

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:

NETIO!InvalidateFlowContextTable+c

89dfd53a 83480401 or dword ptr [eax+4],1

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: NETIO!InvalidateFlowContextTable+c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 4a85738f

FAILURE_BUCKET_ID: 0xD1_W_NETIO!InvalidateFlowContextTable+c

BUCKET_ID: 0xD1_W_NETIO!InvalidateFlowContextTable+c

Followup: MachineOwner

---------

0: kd> lmvm NETIO

start end module name

89de7000 89e20000 NETIO (pdb symbols) c:\symbols\netio.pdb\FEC6313DC17648DCAC69527EE2EE07E02\netio.pdb

Loaded symbol image file: NETIO.SYS

Mapped memory image file: c:\symbols\NETIO.SYS\4A85738F39000\NETIO.SYS

Image path: \SystemRoot\system32\drivers\NETIO.SYS

Image name: NETIO.SYS

Timestamp: Fri Aug 14 10:24:15 2009 (4A85738F)

CheckSum: 00037A30

ImageSize: 00039000

File version: 6.0.6000.16908

Product version: 6.0.6000.16908

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.6 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: netio.sys

OriginalFilename: netio.sys

ProductVersion: 6.0.6000.16908

FileVersion: 6.0.6000.16908 (vista_gdr.090814-0321)

FileDescription: Network I/O Subsystem

LegalCopyright: © Microsoft Corporation. All rights reserved.

[MagicAndre1981]

please install Sp1 and Sp2! Both SPs included a lot of fixes. Do you still get the BSODs?

[cluberti]

Hard to say what is happening from that mish mash of data without being able to interrogate memory, but I would say it's likely a driver issue or a bug that's been fixed since RTM. I would agree with MagicAndre, you should install SP2 and update your drivers for starters. If the issues continue, configure the system for a complete dump (with the requisite paging file size configured on the Windows volume) to get some real data about the issues.