I've deployed a new Win 7 x64 OS and installed all updates. Now I am receiving BSOD with references to wdf01000.sys and DRIVER_IRQL_NOT_LESS_OR_EQUAL remarks. Attached is a zip file with two memdumps. Any suggestions on resolving this would be appreciated.
Last edited by Big3; 29 Jan 2015 at 17:00.
Allot of important info is missing from your zip, please follow Blue Screen of Death (BSOD) Posting Instructions to grab all and upload a new report here.
Uninstall McAfee as it is a cause of BSOD's.Code:Start Menu\Programs\McAfee Public:Start Menu\Programs\McAfee Public
Keep MSE only.
Revo Uninstaller:
Use Revo Uninstaller to uninstall stubborn software.
- Download and install the software
- Opt for Advance Mode while uninstalling which allows you to remove leftover registry.
- Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems
Microsoft Security Essentials is recommended from a strict BSOD perspective, compatibility & stability compared to other internet security software. Malwarebytes is a great combo to MSE. They are free and lightweight.
Also uninstall your existing Antivirus software before you install MSE.
Good and Free system security combination.
WarningDo not start the free trial of Malware Bytes; remember to deselect that option when prompted.
Clean boot
Reduce items at start-up. No software except anti-virus is required plus doing this improves the time for logging into windows:
Run the System File Checker that scans the of all protected Windows 7 system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible:
- Click on the
- Type CMD on Search
- Left click and Run as Administrator
- Type SFC /scannow
Full tutorial here:
Code:Microsoft (R) Windows Debugger Version 6.3.9600.16384 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\YUSRA\Downloads\Compressed\CCIU-I-105-Thu_01_29_2015_163357_10\012915-28735-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (24 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.18700.amd64fre.win7sp1_gdr.141211-1742 Machine Name: Kernel base = 0xfffff800`0384d000 PsLoadedModuleList = 0xfffff800`03a90890 Debug session time: Thu Jan 29 06:18:41.862 2015 (UTC + 6:00) System Uptime: 0 days 4:13:49.192 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ................................................................ ......... Loading User Symbols Loading unloaded module list ........................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {ffffffffffffffe8, 2, 0, fffff88000ea31d9} *** WARNING: Unable to verify timestamp for Wdf01000.sys *** ERROR: Module load completed but symbols could not be loaded for Wdf01000.sys Unable to open image file: C:\ProgramData\dbg\sym\Wdf01000.sys\51C51641c2000\Wdf01000.sys The system cannot find the file specified. Probably caused by : Wdf01000.sys ( Wdf01000+171d9 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: ffffffffffffffe8, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff88000ea31d9, address which referenced memory Debugging Details: ------------------ Unable to open image file: C:\ProgramData\dbg\sym\Wdf01000.sys\51C51641c2000\Wdf01000.sys The system cannot find the file specified. READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003afa100 GetUlongFromAddress: unable to read from fffff80003afa1c0 ffffffffffffffe8 CURRENT_IRQL: 2 FAULTING_IP: Wdf01000+171d9 fffff880`00ea31d9 483950e8 cmp qword ptr [rax-18h],rdx CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre TRAP_FRAME: fffff880009ff3b0 -- (.trap 0xfffff880009ff3b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80401fe0f0 rdx=fffffa80745fc6a8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88000ea31d9 rsp=fffff880009ff540 rbp=fffff880009ff5b8 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=fffff80003a3de80 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe cy Wdf01000+0x171d9: fffff880`00ea31d9 483950e8 cmp qword ptr [rax-18h],rdx ds:ffffffff`ffffffe8=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800038c3429 to fffff800038c3e80 STACK_TEXT: fffff880`009ff268 fffff800`038c3429 : 00000000`0000000a ffffffff`ffffffe8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`009ff270 fffff800`038c20a0 : 00000000`00000000 fffffa80`32957b50 00000000`00000010 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`009ff3b0 fffff880`00ea31d9 : fffffa80`32957b50 fffff800`03a3de80 fffffa80`32957c10 00000000`00000000 : nt!KiPageFault+0x260 fffff880`009ff540 fffffa80`32957b50 : fffff800`03a3de80 fffffa80`32957c10 00000000`00000000 00000000`00000000 : Wdf01000+0x171d9 fffff880`009ff548 fffff800`03a3de80 : fffffa80`32957c10 00000000`00000000 00000000`00000000 fffffa80`401fe020 : 0xfffffa80`32957b50 fffff880`009ff550 fffffa80`32957c10 : 00000000`00000000 00000000`00000000 fffffa80`401fe020 fffffa80`401fd5f0 : nt!KiInitialPCR+0x180 fffff880`009ff558 00000000`00000000 : 00000000`00000000 fffffa80`401fe020 fffffa80`401fd5f0 fffff880`009ff608 : 0xfffffa80`32957c10 STACK_COMMAND: kb FOLLOWUP_IP: Wdf01000+171d9 fffff880`00ea31d9 483950e8 cmp qword ptr [rax-18h],rdx SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: Wdf01000+171d9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Wdf01000 IMAGE_NAME: Wdf01000.sys DEBUG_FLR_IMAGE_TIMESTAMP: 51c51641 FAILURE_BUCKET_ID: X64_0xD1_Wdf01000+171d9 BUCKET_ID: X64_0xD1_Wdf01000+171d9 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0xd1_wdf01000+171d9 FAILURE_ID_HASH: {5bc4ed1b-6fae-55eb-0641-4a955e2d96ba} Followup: MachineOwner ---------
Is this based on detailed analysis of the data submitted or just a random guess? I have several other similarly configured machines with no BSOD issue using this version of McAfee.
Quote