Question
174 views

Blue Screen errors in Windows 8.1

jross11 asked on

Starting yesterday I starting getting periodic Blue Screen errors. They have all occurred when I was browsing the internet. The first three said "BAD_POOL_CALLER" and the one that occurred today said "DRIVER_IRQL_NOT_LESS_OR_EQUAL". After the first set occurred, I went through and tried to update all of the drivers. One driver for my Realtek card reader was out of date and it would not download a new driver (it kept freezing). I found the driver online and manually installed it. The next day I received the latter message. I do not know if the two are relate or if the second one is as a result of me manually downloading the new driver. Any help would be really appreciated. Its finals week and I need my computer to not crash in the middle of an exam.

My model is HP 2000-2b89WM.

It runs Windows 8.1
the minidump files are here:
https://onedrive.live.com/redir?resid=5B37F5770BE3EDEB%21108

1 person had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on

Hi,


We have two bug checks:


DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.


0: kd> k
Child-SP          RetAddr           Call Site
fffff801`e6017388 fffff801`e3f747e9 nt!KeBugCheckEx
fffff801`e6017390 fffff801`e3f7303a nt!KiBugCheckDispatch+0x69
fffff801`e60174d0 fffff800`0360a303 nt!KiPageFault+0x23a
fffff801`e6017660 fffff800`0360a6c3 nwifi!ExtSTARecvInitializeMSDUFromNBL+0x2f
fffff801`e60176b0 fffff800`0360adab nwifi!ExtSTAReceiveNBL+0xb3
fffff801`e6017740 fffff800`012f5cb6 nwifi!Pt6Receive+0x1d3
fffff801`e60177a0 fffff800`032dd261 ndis!NdisMIndicateReceiveNetBufferLists+0xb86
fffff801`e6017990 00000000`00000000 netr28x+0x8e261


Ralink RT2860 series Wireless LAN Card (you may have a different manufacturer) driver call, as well as various other network related routines. With this said, something 3rd-party is likely causing NETBIOS conflicts.


BAD_POOL_CALLER (c2)

This indicates that the current thread is making a bad pool request.

3: kd> !pool ffffe00004fb47a8
Pool page ffffe00004fb47a8 region is Nonpaged pool
 ffffe00004fb4000 size:   60 previous size:    0  (Allocated)  Io  
 ffffe00004fb4060 size:   40 previous size:   60  (Allocated)  MmSe
 ffffe00004fb40a0 size:  170 previous size:   40  (Allocated)  Ntfx
 ffffe00004fb4210 size:   40 previous size:  170  (Allocated)  VfIT
 ffffe00004fb4250 size:  240 previous size:   40  (Allocated)  286R
 ffffe00004fb4490 size:   d0 previous size:  240  (Allocated)  Mdl
 ffffe00004fb4560 size:  240 previous size:   d0  (Allocated)  286R
*ffffe00004fb47a0 size:   d0 previous size:  240  (Allocated) *Mdl
        Pooltag Mdl  : Io, Mdls
 ffffe00004fb4870 size:  240 previous size:   d0  (Allocated)  286R
 ffffe00004fb4ab0 size:   d0 previous size:  240  (Allocated)  Mdl
 ffffe00004fb4b80 size:  240 previous size:   d0  (Allocated)  286R
 ffffe00004fb4dc0 size:  240 previous size:  240  (Allocated)  286R

3: kd> k
Child-SP          RetAddr           Call Site
ffffd000`24465928 fffff800`29b183ca nt!KeBugCheckEx
ffffd000`24465930 fffff800`0103bf67 nt!ExFreePoolWithTag+0x10fa
ffffd000`24465a00 fffff800`013a2ee8 NETIO! ?? ::FNODOBFM::`string'+0x797c
ffffd000`24465a50 fffff800`01007224 tcpip!FlpReturnNetBufferListChain+0xd2b08
ffffd000`24465aa0 fffff800`012d9c4b NETIO!NetioDereferenceNetBufferListChain+0xe4
ffffd000`24465b60 fffff800`012bf93c tcpip!TcpFlushDelay+0x9b
ffffd000`24465cf0 fffff800`012c3ddf tcpip!TcpPreValidatedReceive+0x40c
ffffd000`24465df0 fffff800`012c40e3 tcpip!IppDeliverListToProtocol+0x4f
ffffd000`24465eb0 fffff800`012d45bc tcpip!IppProcessDeliverList+0x63
ffffd000`24465f50 fffff800`012d181a tcpip!IppReceiveHeaderBatch+0x1fc
ffffd000`24466080 fffff800`012d0f7c tcpip!IppFlcReceivePacketsCore+0x68a
ffffd000`24466400 fffff800`012d0c3f tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x31c
ffffd000`244664e0 fffff800`2993e3f9 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x17e
ffffd000`24466610 fffff800`012d0396 nt!KeExpandKernelStackAndCalloutInternal+0xe9
ffffd000`24466760 fffff800`00e9ecde tcpip!FlReceiveNetBufferListChain+0xb6
ffffd000`244667e0 fffff800`00ead7f8 ndis!ndisMIndicateNetBufferListsToOpen+0x11e
ffffd000`244668a0 fffff800`00ef25a5 ndis!ndisMTopReceiveNetBufferLists+0x228
ffffd000`24466930 fffff800`00ec7bd0 ndis!ndisInvokeNextReceiveHandler+0x45
ffffd000`24466a60 fffff800`00eadc0c ndis!ndisFilterIndicateReceiveNetBufferLists+0x1a270
ffffd000`24466b00 fffff800`01d9d430 ndis!NdisFIndicateReceiveNetBufferLists+0x4c
ffffd000`24466b40 ffffe000`06ccc010 Teefer+0xb430
ffffd000`24466b48 00000000`00050100 0xffffe000`06ccc010
ffffd000`24466b50 00000000`00000000 0x50100

Teefer.sys appears to be the culprit driver which is a Norton driver.

-----------------------

Remove and replace Norton with Windows 8's built-in Windows Defender for temporary troubleshooting purposes as it's causing NETBIOS conflicts:

Norton removal - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

Windows Defender (how to turn on after removal) - http://www.eightforums.com/tutorials/21962-windows-defender-turn-off-windows-8-a.html

Regards,

Patrick

Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress