[BSOD] ntoskrnl.exe

Hi guys,
Sadly I have to begin on this forum with a problem that I hope you'll be able to help me with.

Since my installation of Windows 7, I have some BSOD caused by ntoskrnl.exe. It happens randomly and it can happen more than once a day. It's really annoying cause it always happen in the worst time possible. I don't really want to format again and maybe still have this problem.

So there is my setting:

-Windows 7 Ultimate edition (not an upgrade)
-nVidian GeForce 8800GTS (with drivers up-to-date)
-Asus P5Q Deluxe (up-to-date)

My antivirus is NOD32, I have ZoneAlarm as Firewall. I also have Malwarebyte's Anti-Malware as Anti-Malware.

I read my minidump files with a program called "WhoCrashed" and all my BSOD were caused by "ntoskrnl.exe".

If you guys need my Minidump files, just tell me how to send em please. ^_^

I hope you'll be able to help me fix those annoying crashes.

Thanks,
Ssooz.

Ssooz said:

Hi guys,
Sadly I have to begin on this forum with a problem that I hope you'll be able to help me with.

Since my installation of Windows 7, I have some BSOD caused by ntoskrnl.exe. It happens randomly and it can happen more than once a day. It's really annoying cause it always happen in the worst time possible. I don't really want to format again and maybe still have this problem.

So there is my setting:

-Windows 7 Ultimate edition (not an upgrade)
-nVidian GeForce 8800GTS (with drivers up-to-date)
-Asus P5Q Deluxe (up-to-date)

My antivirus is NOD32, I have ZoneAlarm as Firewall. I also have Malwarebyte's Anti-Malware as Anti-Malware.

I read my minidump files with a program called "WhoCrashed" and all my BSOD were caused by "ntoskrnl.exe".

If you guys need my Minidump files, just tell me how to send em please. ^_^

I hope you'll be able to help me fix those annoying crashes.

Thanks,
Ssooz.

Dont worry we will figure it out. can you use this to find the DMP and upload it to us? https://www.sevenforums.com/crash-loc...d-problem.html

thanks

Ken

Dont worry we will figure it out. can you use this to find the DMP and upload it to us? https://www.sevenforums.com/crash-loc...d-problem.html

thanks

Ken

Hi Ken and thank you for your fast answer. I'm sorry I should have searched on the forum for How to send Minidump files. So there are mine.

Thanks again for help,
Ssooz

Ssooz said:

Dont worry we will figure it out. can you use this to find the DMP and upload it to us? https://www.sevenforums.com/crash-loc...d-problem.html

thanks

Ken

Hi Ken and thank you for your fast answer. I'm sorry I could have searched on the forum for How to send Minidump files. So there are mine.

Thanks again for help,
Ssooz

Hey Ssooz and welcome

these both were a 7f bug check. The Usual causes: Memory corruption, Hardware (memory in particular), Installing a faulty or mismatched hardware (especially memory) or a failure after installing it, Device drivers, SCSI/network/BIOS updates needed, Improperly seated cards, Incompatible storage devices, Overclocking, Virus scanner, Backup tool, Bad motherboard, Missing Service Pack

Since the first three usual causes were memory related I would download memtestx86 and run it for 5 passes.

If the memory checks out I would also run a system file check.
to do that type cmd in search>right click and run as admin>sfc /scannow

Let us know the results as you may have to re-run either or both

Let us know if you need help

Ken

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\Minidump\022810-22448-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02a10000 PsLoadedModuleList = 0xfffff800`02c4de50
Debug session time: Sun Feb 28 14:58:26.286 2010 (GMT-5)
System Uptime: 0 days 0:41:05.956
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 406f8, fffff80002a4a600}

Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000406f8
Arg4: fffff80002a4a600

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002a81469 to fffff80002a81f00

STACK_TEXT:  
fffff880`009f0c68 fffff800`02a81469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt!KeBugCheckEx
fffff880`009f0c70 fffff800`02a7f932 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009f0db0 fffff800`02a4a600 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`0695cff0 fffff800`02a4a7df : fffffa80`04910068 00000000`00000001 00000000`00000000 00000000`00000000 : nt!SepTokenFromAccessInformation+0x20
fffff880`0695d020 fffff880`01714c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x9f
fffff880`0695d710 fffff880`0171294f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`0695d780 fffff880`017149b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`0695d7d0 fffff880`01714845 : fffffa80`04d53160 fffffa80`06887680 fffff880`0695d9f8 fffff880`0695e130 : NETIO!FilterMatch+0x95
fffff880`0695d820 fffff880`01715ccb : 00000000`00000000 00000000`00000000 fffff880`0695e130 fffff880`0695d9e0 : NETIO!IndexListClassify+0x69
fffff880`0695d8a0 fffff880`0183e4d0 : fffff880`0695e130 fffff880`0695dd78 fffff880`0695eab0 fffffa80`03f07860 : NETIO!KfdClassify+0xa4e
fffff880`0695dc10 fffff880`0183777e : fffff880`01946690 00000000`00000000 fffffa80`0652ddb0 00000000`00000000 : tcpip!WfpAleClassify+0x50
fffff880`0695dc50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!CompareSecurityContexts+6a
fffff880`01714c5a 448b442470      mov     r8d,dword ptr [rsp+70h]

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NETIO!CompareSecurityContexts+6a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

Followup: MachineOwner
---------

So, I should do a memtest then after a system files check ?
I don't know how to do a memtest tho and is the version of memtestx86 the 3.4a one ?

And maybe can you tell me how it works ?

Thanks,
Ssooz

Hey, just sayin' that I still have my Bluescreen problem. If you guys continue to help me with it, I'd be happy.

Thanks,
Ssooz.

Bump! Just came back of another BSOD.

Remove Zone Alarm from your system --> Self-Service Support

Re-boot upon completion.

NOD32 is good antivirus. I have it on systems here using Windows Firewall + Windows Defender. Other systems, I just use MSE -

MSE --> http://www.microsoft.com/security_essentials/

I would not advise that you use 3rd party firewall.

Remove Z/A and see if system stabilizes.

Regards. . .

jcgriff2

.

jcgriff2 said:

Remove Zone Alarm from your system --> Self-Service Support

Re-boot upon completion.

NOD32 is good antivirus. I have it on systems here using Windows Firewall + Windows Defender. Other systems, I just use MSE -

MSE --> http://www.microsoft.com/security_essentials/

I would not advise that you use 3rd party firewall.

Remove Z/A and see if system stabilizes.

Regards. . .

jcgriff2

.

Thanks for your answer, I'll try this out and let you know.
Ssooz.