Hi My torrenting is causing BSODs daily. Here's the latest dump file info. Microsoft (R) Windows Debugger Version 6.2.8400.4218 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\070912-41933-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030 Machine Name: Kernel base = 0xfffff800`03c57000 PsLoadedModuleList = 0xfffff800`03e9b670 Debug session time: Mon Jul 9 07:56:05.158 2012 (UTC - 4:00) System Uptime: 0 days 6:24:54.313 Loading Kernel Symbols ............................................................... ................................................................ ................................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {28, 2, 0, fffff88001737b2d} *** WARNING: Unable to verify timestamp for ndis.sys *** ERROR: Module load completed but symbols could not be loaded for ndis.sys Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1d ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000028, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88001737b2d, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003f05100 GetUlongFromAddress: unable to read from fffff80003f051c0 0000000000000028 Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: NETIO!RtlCopyBufferToMdl+1d fffff880`01737b2d 448b5228 mov r10d,dword ptr [rdx+28h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff880033b5660 -- (.trap 0xfffff880033b5660) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff880033b5880 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88001737b2d rsp=fffff880033b57f0 rbp=fffff880033b5920 r8=00000000ffffffbc r9=0000000000000044 r10=0000000000000000 r11=fffffa8012cb7740 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc NETIO!RtlCopyBufferToMdl+0x1d: fffff880`01737b2d 448b5228 mov r10d,dword ptr [rdx+28h] ds:00000000`00000028=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80003cd5769 to fffff80003cd61c0 STACK_TEXT: fffff880`033b5518 fffff800`03cd5769 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`033b5520 fffff800`03cd43e0 : fffffa80`0cddcb20 fffff880`01899b02 00000000`00000001 00000000`00000044 : nt!KiBugCheckDispatch+0x69 fffff880`033b5660 fffff880`01737b2d : fffffa80`141f2510 00000000`00000060 00000000`0000000e fffffa80`0cddccc8 : nt!KiPageFault+0x260 fffff880`033b57f0 fffff880`018d90cc : 00000000`00000000 fffff880`018a76b6 00000000`00000001 fffff880`02ccc00f : NETIO!RtlCopyBufferToMdl+0x1d fffff880`033b5850 fffff880`018a4ca3 : fffffa80`12cb7740 00000000`00000001 fffffa80`141f2510 00000000`00000000 : tcpip! ?? ::FNODOBFM::`string'+0x1d1ef fffff880`033b58c0 fffff880`01897a84 : fffff880`033b5d78 fffffa80`00000029 fffffa80`141f2510 00000000`00000001 : tcpip!TcpTcbCarefulDatagram+0x543 fffff880`033b5a70 fffff880`018963aa : fffffa80`0dc73bd0 fffff880`0188f294 fffffa80`0dc50c40 00000000`00000000 : tcpip!TcpTcbReceive+0x694 fffff880`033b5c20 fffff880`01897fdb : fffff880`0748108e fffffa80`0ddab000 00000000`00000000 fffff880`033b5f00 : tcpip!TcpMatchReceive+0x1fa fffff880`033b5d70 fffff880`0188f927 : fffffa80`0dc73bd0 fffffa80`0dc71bcb fffffa80`000064b2 00000000`000064b2 : tcpip!TcpPreValidatedReceive+0x36b fffff880`033b5e40 fffff880`0188f49a : 00000000`00000000 fffff880`019a3800 fffff880`033b6000 00001f80`005d0078 : tcpip!IppDeliverListToProtocol+0x97 fffff880`033b5f00 fffff880`0188ea99 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`033b5ff0 : tcpip!IppProcessDeliverList+0x5a fffff880`033b5fa0 fffff880`0188c7ff : 00000000`00000000 00000000`0f58c000 fffff880`019a3800 fffff880`019a3800 : tcpip!IppReceiveHeaderBatch+0x23a fffff880`033b6080 fffff880`0188bdf2 : fffffa80`0f203220 00000000`00000000 fffffa80`0f58c000 00000000`00000001 : tcpip!IpFlcReceivePackets+0x64f fffff880`033b6280 fffff880`019042ea : fffffa80`118a5620 fffffa80`111786b0 fffffa80`0f58c010 fffffa80`0dc80d18 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2 fffff880`033b6360 fffff800`03ce1e48 : fffff880`033b6370 00000001`00000001 fffffa80`0ce3b040 00000000`00000001 : tcpip! ?? ::FNODOBFM::`string'+0x52f02 fffff880`033b63b0 fffff880`0188b952 : fffff880`0188b1b0 fffffa80`115e4a30 fffff880`033b6500 00000000`00000001 : nt!KeExpandKernelStackAndCalloutEx+0xd8 fffff880`033b6490 fffff880`016f20eb : fffffa80`0f58c7c0 00000000`00000000 fffffa80`0ee921a0 fffffa80`114541f2 : tcpip!FlReceiveNetBufferListChain+0xb2 fffff880`033b6500 fffffa80`0f58c7c0 : 00000000`00000000 fffffa80`0ee921a0 fffffa80`114541f2 fffffa80`00000100 : ndis+0xbf0eb fffff880`033b6508 00000000`00000000 : fffffa80`0ee921a0 fffffa80`114541f2 fffffa80`00000100 00000000`00000001 : 0xfffffa80`0f58c7c0 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!RtlCopyBufferToMdl+1d fffff880`01737b2d 448b5228 mov r10d,dword ptr [rdx+28h] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: NETIO!RtlCopyBufferToMdl+1d FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381 FAILURE_BUCKET_ID: X64_0xD1_NETIO!RtlCopyBufferToMdl+1d BUCKET_ID: X64_0xD1_NETIO!RtlCopyBufferToMdl+1d Followup: MachineOwner --------- And heres the link for the dump files. https://skydrive.live.com/redir?resid=EBEAB13E9C29DDAC!118 Thanks. Masood.

Also, I have checked the network drivers from Device Manager and they are up to date. Do you need the small dumps or the kernel dumps? Thanks. Masood.

Thanks. I have uninstalled Mcafee AV and installed microsoft essentials. Buddy, whats ZoneAlarm? I dont think I have it...checked in msconfig.exe and there is nothing named ZoneAlarm. And I dont have any Symantec product, so do i still need to disable NetBIOS over TCP/IP? Thanks. Masood.

Please post a copy of your dumpfile as a shared file to your Sky Drive with a link here. http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65 For advice on how to configure your system to create dump files please read: http://support.microsoft.com/kb/254649 The dumpfile will be created at c:\windows\minidump. You may need to change your settings in Windows to be able to see the file. To show hidden files type Folder Options in the search box above the Start button and select View, Advanced Settings and verify that the box before "Show hidden files and folders" is checked and "Hide protected operating system files" is unchecked. You may need to scroll down to see the second item. You should also make certain that the box before "Hide extensions for known file types" is not checked. What is your computer make and model? If not a branded computer what is your motherboard make and model? Type System information in the Search Box above the start Button and press the ENTER key. What is your BIOS version and date? Is your Windows 7 32 bit or 64 bit?Hope this helps, Gerry

Yes. I have uploaded the dumps in the folder "BSOD dumps" and made it public <https://skydrive.live.com/redir?resid=EBEAB13E9C29DDAC!123> I have the latest BIOS v. 1208 and date 05.25.2012. Windows 7 x64 Pro. Asus M5A99X EVO mobo <http://www.asus.com/Motherboards/AMD_AM3Plus/M5A99X_EVO/#> OS Name Microsoft Windows 7 Professional Version 6.1.7601 Service Pack 1 Build 7601 Other OS Description Not Available OS Manufacturer Microsoft Corporation System Name MASOOD-PRO-PC System Manufacturer To be filled by O.E.M. System Model To be filled by O.E.M. System Type x64-based PC Processor AMD Phenom(tm) II X4 945 Processor, 3000 Mhz, 4 Core(s), 4 Logical Processor(s) BIOS Version/Date American Megatrends Inc. 1208, 4/18/2012 SMBIOS Version 2.7 Windows Directory C:\Windows System Directory C:\Windows\system32 Boot Device \Device\HarddiskVolume1 Locale United States Hardware Abstraction Layer Version = "6.1.7601.17514" User Name Not Available Time Zone Eastern Daylight Time Installed Physical Memory (RAM) 16.0 GB Total Physical Memory 16.0 GB Available Physical Memory 12.6 GB Total Virtual Memory 31.9 GB Available Virtual Memory 28.6 GB Page File Space 16.0 GB Page File C:\pagefile.sys Thanks. Masood.

Masood Update Realtek RTL8111E LAN Driver to version 7.48.823.2011 for Windows 7 32bit & 64bit dated 5 January 2012 Asmedia USB3.0 Controller Driver to version 1.14.1.0 for Windows XP/Vista/7 32bit & 64bit dated 13 October 2011 AMD AHCI Driver to version 1.2.1.292 for Windows Vista/7 32bit & 64bit dated 13 February 2012 http://www.asus.com/Motherboards/AMD_AM3Plus/M5A99X_EVO/#downloadHope this helps, Gerry

Hi, It's more related to BIOS, you'd better update to the latest verison. Here are some discussions can be referred to. Windows 7 ndis.sys blue screen error http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/99a0f44e-0320-4dde-aa70-afebe3e7613d Bluescreen ndis.sys windows 7 http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/bluescreen-ndissys-windows-7/05785887-52c1-4a98-b280-24b6413d323eIvan-Liu TechNet Community Support

I updated the BIOS and the other drivers since the first bsod. I think the Mcafee "snake oil" was causing the crashes. since mcafee's removal, i have put the wireless card under heavy test which lasted around four hours without a crash while torrenting simultaneously. i will download 72 gb tonight which should last 10+ hours. netio.sys is a network file, whats ndis.sys for? Thanks guys. Masood.

Network Driver Interface Specification (NDIS) You should not assume that the ndis. sys is the cause of the system system failure. It rarely is. You have to debug the stack headed by ndis.sys to determine which driver is causing ndis.sys to fault. That is not an easy task.Hope this helps, Gerry

ndis.sys doesnt appear in the blue screen before restart. netio.sys does, but when i open the dump in windbg, i see ndis.sys error like this: "*** ERROR: Module load completed but symbols could not be loaded for ndis.sys." anyway, my download test is running for seven hours now and no sight of bsod. i will keep it running for till tonight, just to make sure. when i had mcafee trash it would see a crash within 60 minutes of downloading. did u find some other file as the cause and not netio? i was leaning towards netio because it showed netio in the blue screen. thanks. masood

The error you received was most likely related to McAfee as the mfenlfk.sys was also involved in the crash: BugCheck D1, {28, 2, 0, fffff880015aeb2d} *** WARNING: Unable to verify timestamp for mfenlfk.sys *** ERROR: Module load completed but symbols could not be loaded for mfenlfk.sys Probably caused by : NETIO.SYS ( NETIO!RtlCopyBufferToMdl+1d ) Consider replacing McAfee with alternative security software such as Microsoft Security Essentials. If you decide to try reinstalling McAfee I would suggest to install the following hotfix for the Operating System beforehand: http://support.microsoft.com/kb/2664888

Thanks auggy. But in the dumps why does it show netio and not mfenlfk.sys? anyway I have installed Essentials thrown mcafee in trash. So far no BSODs, since I removed that crap. Masood.

You have to debug the stack headed by netios.sys to determine which driver is causing netio.sys to fault. That is not an easy task. That is why people like Auggy are so helpful because they possess the debugging skills.Hope this helps, Gerry