BSOD 1st time on recent build


  1. Posts : 196
    Win 7 Ultimate-64 Bit, Vista Home Premium-32 Bit, LinuxMint 17, Qiana 64 Bit
       #1

    BSOD 1st time on recent build


    This happened at approximately 1:26pm today This box is a recent home build with a clean install approximately 2 weeks ago.

    This machine has been running magnificiently as well as I can tell until this happened today.

    I restarted the machine and had no further problems that I can tell.

    I have attached the dump file and the system health report and my full spec's are located in "My System Spec's"

    Thank you very much for your help!

    ranger72
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    ranger72 said:
    This happened at approximately 1:26pm today This box is a recent home build with a clean install approximately 2 weeks ago.

    This machine has been running magnificiently as well as I can tell until this happened today.

    I restarted the machine and had no further problems that I can tell.

    I have attached the dump file and the system health report and my full spec's are located in "My System Spec's"

    Thank you very much for your help!

    ranger72
    Blamed on NETIO.sys. Often when this happens it is actually Zone Alarm. If so I would remove it and replace with microsoft Security essentials and the win 7 firewall. If not I would remove the AVG and replace with MSE.

    http://download.zonealarm.com/bin/fr...cpes_clean.exe

    http://www.avg.com/us-en/download-tools

    http://www.microsoft.com/security_essentials/


    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\042011-24570-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
    *http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`03211000 PsLoadedModuleList = 0xfffff800`03456e90
    Debug session time: Wed Apr 20 13:25:24.148 2011 (GMT-4)
    System Uptime: 0 days 6:17:02.132
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .............................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {fffff880027aac30, 2, 1, fffff8800179cf0d}
    
    Probably caused by : NETIO.SYS ( NETIO!memmove+bd )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffff880027aac30, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff8800179cf0d, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800034c20e8
     fffff880027aac30 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    NETIO!memmove+bd
    fffff880`0179cf0d 488941e0        mov     qword ptr [rcx-20h],rax
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff8800ace3ff0 -- (.trap 0xfffff8800ace3ff0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=4933823c0cc70858 rbx=0000000000000000 rcx=fffff880027aac50
    rdx=00000000040f76c6 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800179cf0d rsp=fffff8800ace4188 rbp=00000000000005ac
     r8=00000000000005ac  r9=000000000000002d r10=0d0ea08a36fa52b6
    r11=fffff880027aac30 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    NETIO!memmove+0xbd:
    fffff880`0179cf0d 488941e0        mov     qword ptr [rcx-20h],rax ds:c310:fffff880`027aac30=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80003290be9 to fffff80003291640
    
    STACK_TEXT:  
    fffff880`0ace3ea8 fffff800`03290be9 : 00000000`0000000a fffff880`027aac30 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`0ace3eb0 fffff800`0328f860 : fffffa80`0e1df9a0 00000000`00000001 00000000`00000002 fffff880`0ace4330 : nt!KiBugCheckDispatch+0x69
    fffff880`0ace3ff0 fffff880`0179cf0d : fffff880`017a4b0d fffffa80`0a9b9d80 00000000`00000000 fffffa80`00000aaf : nt!KiPageFault+0x260
    fffff880`0ace4188 fffff880`017a4b0d : fffffa80`0a9b9d80 00000000`00000000 fffffa80`00000aaf 00000000`00000000 : NETIO!memmove+0xbd
    fffff880`0ace4190 fffff880`01904af4 : fffff880`0ace4378 fffff880`0ace4348 fffff880`0ace4368 fffff880`0ace4330 : NETIO!RtlCopyMdlToMdlIndirect+0xfd
    fffff880`0ace4230 fffff880`0191ba45 : 00000000`00000000 fffffa80`0a9cc010 00000005`44605bd7 fffffa80`0a9cc170 : tcpip!TcpSatisfyReceiveRequests+0x1f4
    fffff880`0ace4510 fffff880`0191a839 : 00000000`002284b8 fffff880`0191a86d fffffa80`0a8a67c0 00000000`0000002f : tcpip!TcpDeliverDataToClient+0x105
    fffff880`0ace4690 fffff880`01917cc8 : 00000000`00000510 fffff880`0192aa78 fffff800`032942c2 00000000`000005ac : tcpip!TcpDeliverReceive+0xa9
    fffff880`0ace4790 fffff880`01918818 : 00000000`00000001 fffffa80`0c70a1a0 00000000`00000000 00000000`00000000 : tcpip!TcpTcbFastDatagram+0x208
    fffff880`0ace4950 fffff880`019175ea : fffffa80`0ae1f830 fffff880`0190fa00 fffffa80`0adec301 00000000`00000000 : tcpip!TcpTcbReceive+0x1e8
    fffff880`0ace4b40 fffff880`019192ab : fffff880`068a22e2 fffffa80`0b48c000 00000000`00000000 00000000`00005000 : tcpip!TcpMatchReceive+0x1fa
    fffff880`0ace4c90 fffff880`01910137 : fffffa80`0ae1f830 fffffa80`0ae05000 fffffa80`000089c3 00000000`000089c3 : tcpip!TcpPreValidatedReceive+0x36b
    fffff880`0ace4d60 fffff880`0190fcaa : 00000000`00000000 fffff880`01a249a0 fffff880`0ace4f20 fffffa80`0e5b6c40 : tcpip!IppDeliverListToProtocol+0x97
    fffff880`0ace4e20 fffff880`0190f2a9 : 00000000`00000000 00000000`000073f4 00000000`00000000 fffff880`0ace4f10 : tcpip!IppProcessDeliverList+0x5a
    fffff880`0ace4ec0 fffff880`0190cfff : 00000000`00000000 fffffa80`0b48c000 fffff880`01a249a0 00000000`0cc8c901 : tcpip!IppReceiveHeaderBatch+0x23a
    fffff880`0ace4fa0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IpFlcReceivePackets+0x64f
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    NETIO!memmove+bd
    fffff880`0179cf0d 488941e0        mov     qword ptr [rcx-20h],rax
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  NETIO!memmove+bd
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NETIO
    
    IMAGE_NAME:  NETIO.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79381
    
    FAILURE_BUCKET_ID:  X64_0xD1_NETIO!memmove+bd
    
    BUCKET_ID:  X64_0xD1_NETIO!memmove+bd
    
    Followup: MachineOwner
    ---------
    
    1: kd> lmvm NETIO
    start             end                 module name
    fffff880`0179b000 fffff880`017fb000   NETIO      (pdb symbols)          c:\symbols\netio.pdb\DD06DDC1DE2F426D85400E127C2DF49A2\netio.pdb
        Loaded symbol image file: NETIO.SYS
        Mapped memory image file: C:\Symbols\NETIO.SYS\4CE7938160000\NETIO.SYS
        Image path: \SystemRoot\system32\drivers\NETIO.SYS
        Image name: NETIO.SYS
        Timestamp:        Sat Nov 20 04:23:13 2010 (4CE79381)
        CheckSum:         00066D17
        ImageSize:        00060000
        File version:     6.1.7601.17514
        Product version:  6.1.7601.17514
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.6 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     netio.sys
        OriginalFilename: netio.sys
        ProductVersion:   6.1.7601.17514
        FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
        FileDescription:  Network I/O Subsystem
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    I would also suggest you run a system file check to verify and repair OS files just in case.

    Run a system file check to verify and repair your system files.
    To do this type cmd in search, then right click to run as administrator, then
    SFC /SCANNOW

    Read here for more information SFC /SCANNOW Command - System File Checker

    Let us know the results from the report at the end.
      My Computer


  3. Posts : 196
    Win 7 Ultimate-64 Bit, Vista Home Premium-32 Bit, LinuxMint 17, Qiana 64 Bit
    Thread Starter
       #3

    Thank you zigzag for your help!

    I would like to give you some more info before I follow your current instructions to see what you might think before acting on instructions to see if you wish to change any instructions.

    Zonealarm has never been on this machine. What I mean by that is I have never personally used it and I have never downloaded/installed it.

    My antivirus app is AVG Anti-Virus 2011, program file version: 10.0.1209 and this is the paid version. I have been using this program for years with the following OS' without any issues whatsoever; Win XP Home Edition; Win XP Pro; Win Vista Home premium; The Beta version (release candidate) of Win 7 and also on this, the Full retail version of WIN 7 Ult 64 Bit which I purchased directly from Microsoft.

    I am using the Win 7 firewall.

    After creating this thread but before I received your response I ran AVG after updating and found no infections.

    I then ran Malwarebytes and found multiple infections and I have attached the the MBAM log file for your review. I removed the infections which I believe were caused by the downloading/installation of the trial version of WIN.ZIP. I believe the infections came from a program called FACETHEMES which was bundled with WIN.ZIP. There may have been other infections not caused by FACETHEMES as well.

    I have removed FACETHEMES from the machine.

    I will run SFC/ SCANNOW after posting this info to you and I will go to the link you provided for echecker and read that.

    I would like to refrain from deleting AVG from my machine until you have had a chance to review this post and after we see what happens with scannow.

    Also I found and I did not know the Windows Defender was also running on this machine and I don't remember initializing it but I wonder if there is a conflict between it and AVG and also I have Spybot Search and destroy on this machine as well.

    Thanks again very much for your help and I will post again after running scannow.

    ranger72:)
      My Computer


  4. Posts : 196
    Win 7 Ultimate-64 Bit, Vista Home Premium-32 Bit, LinuxMint 17, Qiana 64 Bit
    Thread Starter
       #4

    OK! zigzag,

    Here is the results of the SFC/SCANNOW

    Thanks very much.

    ranger72:)
      My Computer


  5. Posts : 578
    Windows 7 Pro x64
       #5

    ranger72 said:
    OK! zigzag,

    Here is the results of the SFC/SCANNOW

    Thanks very much.

    ranger72:)
    Then you are good to go unless you have another BSOD.

    Then I'd start checking hardware. RAM first with MemTest86+.
      My Computer


  6. Posts : 196
    Win 7 Ultimate-64 Bit, Vista Home Premium-32 Bit, LinuxMint 17, Qiana 64 Bit
    Thread Starter
       #6

    Ok Shootist,

    Thanks very much!

    I'll monitor for a few days and if nothing further happens I will close this thread.

    In the meantime I'll run memtest

    Last edited by ranger72; 20 Apr 2011 at 19:21. Reason: added text
      My Computer


  7. Posts : 196
    Win 7 Ultimate-64 Bit, Vista Home Premium-32 Bit, LinuxMint 17, Qiana 64 Bit
    Thread Starter
       #7

    Ok! I ran memtest86+, Version 4.00 overnight for approximately 14 passes (15Hours or thereabouts) and the testing showed 0 errors. Then I found there is a more recent version (4.20) to be precise. So I burned that version to a disk and will run it overnight tonight just to make sure.

    I think my machine is running well again. seems to be anyway. I will close this thread tomorrow if nothing further shows up.

    Thanks very much to zigzag and The Shootist for your help

    ranger72:)
      My Computer


  8. Posts : 196
    Win 7 Ultimate-64 Bit, Vista Home Premium-32 Bit, LinuxMint 17, Qiana 64 Bit
    Thread Starter
       #8

    Memtest86+ version 4.20 shows no problems after 12 hours of wall time.

    As the starter of this thread and with all the help I have received I now pronounce this threat closed!

    Thanks guys!
    ranger72
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:30.
Find Us