Blue Screen Appears from time to time

Hmm... I tried usasma Minidump analysis with a more resent crash dump file (btw since I started this thread my laptop crashed at least 3 times), I got the debugging tool to analyse it correctly this time and here is what I got: (it seems to be caused by NETIO.SYS )

Code:

Microsoft (R) Windows Debugger Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.
 
Loading Dump File [C:\Windows\Minidump\Mini071409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
 
Executable search path is: 
Windows Longhorn Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Kernel base = 0x81c1e000 PsLoadedModuleList = 0x81d35c70
Debug session time: Tue Jul 14 11:50:00.702 2009 (GMT+3)
System Uptime: 0 days 3:01:42.387
Loading Kernel Symbols
...........................................................................................................................................
Loading unloaded module list
.............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {50000005, 2, 1, 87a58d40}
Probably caused by : NETIO.SYS ( NETIO!WfppIncrementIndexAndPurgeEntries+a8 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 50000005, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 87a58d40, address which referenced memory
Debugging Details:
------------------
 
OVERLAPPED_MODULE: HIDCLASS
WRITE_ADDRESS: GetUlongFromAddress: unable to read from 81d55868
Unable to read MiSystemVaType memory at 81d35420
50000005 
CURRENT_IRQL: 2
FAULTING_IP: 
tcpip!WfpAlePreprocessLruEntryDelete+2f
87a58d40 894104 mov [ecx+0x4],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 879468bd to 87a58d40
TRAP_FRAME: 8874cc2c -- (.trap ffffffff8874cc2c)
ErrCode = 00000002
eax=8620c148 ebx=84968a60 ecx=50000001 edx=843d6c28 esi=843d6cd0 edi=843d6cd0
eip=87a58d40 esp=8874cca0 ebp=8874cca4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
tcpip!WfpAlePreprocessLruEntryDelete+0x2f:
87a58d40 894104 mov [ecx+0x4],eax ds:0023:50000005=????????
Resetting default scope
STACK_TEXT: 
8874cca4 879468bd 843d6cd0 00000000 00000000 tcpip!WfpAlePreprocessLruEntryDelete+0x2f
8874cce0 87941675 00000000 00000000 87ae16f8 NETIO!WfppIncrementIndexAndPurgeEntries+0xa8
8874ccf4 8794135b 87ae1760 87ae1360 81d2013c NETIO!WfppLeastRecentlyUsedTimerRoutine+0x10
8874cd20 8794189b 87ae1368 848c4590 8874cd44 NETIO!WfpTimerWheelTimeoutHandler+0x114
8874cd30 81e2b865 848c4590 84847f98 83a75580 NETIO!WfpSysTimerNdisPassiveCallback+0x20
8874cd44 81cc3e22 83f95558 00000000 83a75580 nt!IopProcessWorkItem+0x23
8874cd7c 81df3c42 83f95558 ec9dfd06 00000000 nt!ExpWorkerThread+0xfd
8874cdc0 81c5cefe 81cc3d25 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
 
FOLLOWUP_IP: 
NETIO!WfppIncrementIndexAndPurgeEntries+a8
879468bd 8d8e94080000 lea ecx,[esi+0x894]
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: NETIO!WfppIncrementIndexAndPurgeEntries+a8
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 49e0209d
STACK_COMMAND: .trap ffffffff8874cc2c ; kb
FAILURE_BUCKET_ID: 0xD1_W_NETIO!WfppIncrementIndexAndPurgeEntries+a8
BUCKET_ID: 0xD1_W_NETIO!WfppIncrementIndexAndPurgeEntries+a8
Followup: MachineOwner
---------

@usasma: This driver verifier method seems a little scary but I will try it later also. I will post the minidumps here afterwards. I will check both afd.sys and netio.sys.

could you use the info i posted? would like to know if it works

Accuser said:

could you use the info i posted? would like to know if it works

M8 , I tested my memory according to your info. It went OK. I have disabled some drivers that I don't use like the modem and LAN Card Drivers. I used yours and usasma's tutorial to analyse the dump files with windows debbuging tool, so now I know how to do it. For that I thank you both.

I read the Workarounds for Memory Leak in Some Versions of Microsoft Windows afd.sys file article but I think it explains a problem related when Windows consumes more and more memory as part of its Pool Nonpaged application when InterBase is connected. I dont have InterBase installed, I don't even know what it is...so I am not sure if Interbase is the source of my problems...

I have installed the latest WLAN and Video drivers and the Bluescreen hasn't appeared yet.
I will try to use the Driver Verifier Manager after few more tests , and I will post the dumps here.

Snuffy said:

Normally your error indicates a Program you added has a DRIVER ERROR. also
Product: 768_1 seems to indicate you have a DRIVER ERROS.
but the info included is not enough.
1. recommend you do a restore back to when it DID work correctly.
2. every time you add a program or what ever. make a note.
3. next time it screws up it normally is the last thing you added.

So you are saying that it's not just a driver that may cause my type of BSOD , it's a program that conflicts with a driver that could also be the problem? That is interesting I never thought it that way...
1. I cannot tell when it worked correctly 'cause when I reinstalled fresh vista I installed several programs that I use and like immediately afterwards... I turn system restore off because I find no use of it. I think that generally, when something screws up, it screws up so bad, that even a system restore cannot solve the problem.
2. Good advice.
3. That seems reasonable :)

AFD.SYS is related to the networking in your system
NETIO.SYS is also related to the networking in your system

But, you also have an overlapped module - OVERLAPPED_MODULE: HIDCLASS
which is likely related to a keyboard, mouse or other Human Interface Device (so that could also be the problem).

To start with, update the networking drivers (both wired and wireless) for your system. Don't use Windows Update or the "Update driver" thing in Device Manager. Rather, go to the website of the device manufacturer and download the drivers directly from there.

If they don't have Win7 drivers available, use the Vista drivers - but run them in Compatibility Mode for ALL USERS, and select "Run as Windows Vista" and "Run as administrator".