Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

run utorrent i get irql_not_less_or_equal error blue screen.


  • Please log in to reply
12 replies to this topic

#1 mr2005

mr2005

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 25 August 2009 - 08:15 AM

all of a sudden when i run utorrent, i am getting an error that says irql_not_less_or_equal. something about a physical memory dump and the blue screen.

whats causing this?

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:07 PM

Posted 25 August 2009 - 08:53 AM

These usually are caused by corrupt drivers, you can read this article for more information.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 mr2005

mr2005
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 25 August 2009 - 08:26 PM

These usually are caused by corrupt drivers, you can read this article for more information.



i looked at your link and it might be above my level of expertise.
below is a link to my error screen.
Posted Image
should i be doing something to the NDIS.sys file?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:07 PM

Posted 26 August 2009 - 07:49 AM

I believe that NDIS.sys is a network driver...your current driver may be damaged/corrupted.

Since it is a system file, I would try running either sfc /scannow or doing a repair install of XP.

The fact that you are using a torrent client...IMO, somewhat increases the possibility that the file in question may be malware. That would depend on file path and size, IMO.

Your NIC could also be bad, I've seen that listed as a possibility.

I suppose that I would first uninstall the NIC and then reinstall it and see if any change results.

Since you have a .dmp file as a result, you might also try following the procedures detailed at Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/

Louis

#5 mr2005

mr2005
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 August 2009 - 09:31 AM

I believe that NDIS.sys is a network driver...your current driver may be damaged/corrupted.

Since it is a system file, I would try running either sfc /scannow or doing a repair install of XP.

The fact that you are using a torrent client...IMO, somewhat increases the possibility that the file in question may be malware. That would depend on file path and size, IMO.

Your NIC could also be bad, I've seen that listed as a possibility.

I suppose that I would first uninstall the NIC and then reinstall it and see if any change results.

Since you have a .dmp file as a result, you might also try following the procedures detailed at Help Diagnosing BSODs And Crashes (BC) - http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/

Louis


thanks hamluis...

in step 2 of the link you provided, the link doesnt work. can you or someone else recommend a good online malware screener.

thanks.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:07 PM

Posted 26 August 2009 - 09:46 AM

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! - http://www.superantispyware.com/

Malwarebytes.org - http://www.malwarebytes.org/mbam.php

A reliable AV program: Avira Free, http://www.free-av.com/en/products/1/avira..._antivirus.html

Combined, of course, with the use of a firewall. The Windows firewall is adequate for this.

Louis

#7 mr2005

mr2005
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 August 2009 - 09:47 AM

ok....i think i have it. in the effort of fulldisclosure, i am running the malware check right now. i skippeed ahead because i have to leave for work and am letting the malware check run.


heres the dump.


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini082609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at start of path element
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Aug 26 00:48:05.390 2009 (GMT-7)
System Uptime: 0 days 0:23:13.981
Loading Kernel Symbols
...............................................................
................................................................

Loading User Symbols
Loading unloaded module list
...................
Unable to load image bdfndisf.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for bdfndisf.sys
*** ERROR: Module load completed but symbols could not be loaded for bdfndisf.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {8, 2, 0, ba422858}

*** WARNING: Unable to verify timestamp for e1e5132.sys
*** ERROR: Module load completed but symbols could not be loaded for e1e5132.sys
Probably caused by : bdfndisf.sys ( bdfndisf+17f3 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: ba422858, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000008

CURRENT_IRQL: 2

FAULTING_IP:
NDIS!NdisReturnPackets+48
ba422858 8b7308 mov esi,dword ptr [ebx+8]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: svchost.exe

LAST_CONTROL_TRANSFER: from b90fd7f3 to ba422858

STACK_TEXT:
bacc7b8c b90fd7f3 bacc7ba8 00000001 bacc7bc4 NDIS!NdisReturnPackets+0x48
WARNING: Stack unwind information not available. Following frames may be wrong.
bacc7b9c ba42288f 89edcbf8 89b115d0 8a1f8130 bdfndisf+0x17f3
bacc7bc4 b911c061 bacc7be8 00000001 89af7c58 NDIS!NdisReturnPackets+0xe9
bacc7bdc ba42fc09 89f61db8 89af7c10 b9121b40 psched!MpReturnPacket+0x3b
bacc7c30 b911c01d 00f411c0 89f58c98 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x56d
bacc7c44 b911c1b4 8a1f8130 89f58c98 00000001 psched!PsFlushReceiveQueue+0x15
bacc7c68 b911c5f9 89f61dc0 00000000 8a1f8130 psched!PsEnqueueReceivePacket+0xda
bacc7c80 ba42fc40 89f61db8 b9107ef8 89edcbf8 psched!ClReceiveComplete+0x13
bacc7cd0 b90feaec 00f411c0 bacc7d14 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
bacc7d08 b9103a91 89edcbf8 89af7c10 00000000 bdfndisf+0x2aec
bacc7d30 b90fe88d 8a383e90 00000000 89af7bb0 bdfndisf+0x7a91
bacc7d60 b90ff11c 89edcbf8 89af7b48 8a330130 bdfndisf+0x288d
bacc7d90 ba42fb9f 89edcbf8 89b11440 00000002 bdfndisf+0x311c
bacc7de4 b927da6c 00f3f1c0 bacc7e68 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x1c2
bacc7e08 b927dfa2 bacc7e28 bacc7e68 00000001 e1e5132+0xa6c
bacc7e20 b92846c1 8a08a2b0 bacc7e68 00000001 e1e5132+0xfa2
bacc7e40 b9285bfb 89d5b008 00000000 bacc7e68 e1e5132+0x76c1
bacc7f78 b928263a 89d5b008 00000000 bacc7fb7 e1e5132+0x8bfb
bacc7fac b927d4f4 00d5b008 ba425e99 8a08a2b0 e1e5132+0x563a
bacc7fcc 80545e7f 89d5b3d8 89d5b3c4 00000000 e1e5132+0x4f4
bacc7ff4 805459eb b207cd44 00000000 00000000 nt!KiRetireDpcList+0x61
bacc7ff8 b207cd44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2b
805459eb 00000000 00000009 0081850f bb830000 0xb207cd44


STACK_COMMAND: kb

FOLLOWUP_IP:
bdfndisf+17f3
b90fd7f3 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: bdfndisf+17f3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: bdfndisf

IMAGE_NAME: bdfndisf.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a853cdc

FAILURE_BUCKET_ID: 0xD1_bdfndisf+17f3

BUCKET_ID: 0xD1_bdfndisf+17f3

Followup: MachineOwner
---------

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:07 PM

Posted 26 August 2009 - 11:25 AM

http://dllinfo.dll-free-download.org/b/166...fndisf.sys.html

I guess that I'm not smart enough to easily interpret what I see.

The bdfndisf.sys file appears to be part of Bit Defender Firewall and, on the face of things, looks as if is corrupt/damaged and causing problems. The way I would check this theory would be to remove it and use the Windows firewall temporarily and see if anything changes.

The fact that svchost.exe is mentioned seems to indicate that something attempts to connect to the Internet, resulting in problems. The NDIS.sys file just may be the scene of the accident.

If you don't have Bit Defender Firewall installed, that's a different line of thought.

Firewalls are another set of programs...which have drivers, as do AV programs, video edit programs, etc.

Louis

#9 mr2005

mr2005
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 August 2009 - 04:38 PM

louis,

i do have bit defender installed.

i'll uninstall it tonight and see what happens.

#10 mr2005

mr2005
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 August 2009 - 07:51 PM

i did a fresh install of BD and I'm still getting the error...

any thoughts
?

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:07 PM

Posted 28 August 2009 - 08:23 PM

Did you get the same .dmp file?

Louis

#12 mr2005

mr2005
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 16 September 2009 - 02:50 AM

Did you get the same .dmp file?

Louis



hi,
i'm still having this issue. Luis, below is the newest .dmp file. it looks the same.


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini091609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at start of path element
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Sep 16 00:36:40.484 2009 (GMT-7)
System Uptime: 0 days 3:29:58.206
Loading Kernel Symbols
...............................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
.......................
Unable to load image bdfndisf.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for bdfndisf.sys
*** ERROR: Module load completed but symbols could not be loaded for bdfndisf.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {8, 2, 0, ba422858}

*** WARNING: Unable to verify timestamp for e1e5132.sys
*** ERROR: Module load completed but symbols could not be loaded for e1e5132.sys
Probably caused by : bdfndisf.sys ( bdfndisf+17f3 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: ba422858, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000008

CURRENT_IRQL: 2

FAULTING_IP:
NDIS!NdisReturnPackets+48
ba422858 8b7308 mov esi,dword ptr [ebx+8]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from b96387f3 to ba422858

STACK_TEXT:
80550fe8 b96387f3 80551004 00000001 80551020 NDIS!NdisReturnPackets+0x48
WARNING: Stack unwind information not available. Following frames may be wrong.
80550ff8 ba42288f 89efd678 89adbb48 8a1e0ad0 bdfndisf+0x17f3
80551020 b9657061 80551044 00000001 89acdb90 NDIS!NdisReturnPackets+0xe9
80551038 ba42fc09 89fd6008 89acdb48 b965cb40 psched!MpReturnPacket+0x3b
8055108c b965701d 00fdeab0 89fcdb80 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x56d
805510a0 b96571b4 8a1e0ad0 89fcdb80 00000001 psched!PsFlushReceiveQueue+0x15
805510c4 b96575f9 89fd6010 00000000 8a1e0ad0 psched!PsEnqueueReceivePacket+0xda
805510dc ba42fc40 89fd6008 b9642ef8 89efd678 psched!ClReceiveComplete+0x13
8055112c b9639aec 00fdeab0 80551170 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x5a4
80551164 b963ea91 89efd678 89acdb48 00000000 bdfndisf+0x2aec
8055118c b963988d 8761e2c8 00000000 89acdc78 bdfndisf+0x7a91
805511bc b963a11c 89efd678 89acdc10 8a2e4130 bdfndisf+0x288d
805511ec ba42fb9f 89efd678 89adb9b8 00000002 bdfndisf+0x311c
80551240 b97b8a6c 00fde968 805512c4 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x1c2
80551264 b97b8fa2 80551284 805512c4 00000001 e1e5132+0xa6c
8055127c b97bf6c1 89f8d108 805512c4 00000001 e1e5132+0xfa2
8055129c b97c0bfb 89f552d0 00000000 805512c4 e1e5132+0x76c1
805513d4 b97bd63a 89f552d0 00000000 80551413 e1e5132+0x8bfb
80551408 b97b84f4 00f552d0 ba425e99 89f8d108 e1e5132+0x563a
80551428 80545e7f 89f556a0 89f5568c 00000000 e1e5132+0x4f4
80551450 80545d64 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
80551454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND: kb

FOLLOWUP_IP:
bdfndisf+17f3
b96387f3 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: bdfndisf+17f3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: bdfndisf

IMAGE_NAME: bdfndisf.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a853cdc

FAILURE_BUCKET_ID: 0xD1_bdfndisf+17f3

BUCKET_ID: 0xD1_bdfndisf+17f3

Followup: MachineOwner
---------

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:07 PM

Posted 16 September 2009 - 09:07 AM

I would uninstall Bit Defender Firewall...activate the XP firewall...and see.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users