BSOD after login.....minidump included

[Orbitall]

Hi im having a variety of different BSOD messages pop up after login of windows 7. This disables me from doing anything! Managed to run safemode to save the minidumps(included)! Last time this happened it was the USB3 + Network drivers causing the issue!

Can anyone tell me how to fix this, or what underlying issue is using the minidumps?

 

[Arc]

It appears that AVG IDS Application Activity Monitor Driver is contributing to your BSODs.

fffff880`0953e448  fffff880`0a61bfafUnable to load image \SystemRoot\system32\DRIVERS\avgidsdrivera.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for [URL="http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys"]avgidsdrivera.sys[/URL]
*** ERROR: Module load completed but symbols could not be loaded for [URL="http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys"]avgidsdrivera.sys[/URL]
 avgidsdrivera+0x1bfaf

Description here: http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys

Uninstall AVG, using the advanced mode of Revo Uninstaller Freeware. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.

Let us know how it is running.

There is some other suspicious things (e.g. Intel Rapid Storage, network driver) .... but cannot say anything more at this point, as you have supplied inadequate data. If the issue persists, Post it following the Blue Screen of Death (BSOD) Posting Instructions.

 

[Orbitall]

Ok....iv run the diagnostic program in safemode, results are attached! This should provide a more detailed descripton of issue. I believe this could be network issue because i recently installed tunngle (just before MAJOR problems) and safemode with networking causes same symtoms.

I installed 'BlueScreenView' in order to read the minidumps myself...first one points at 'NETIO.sys' and ntoskrnl.exe. Havnt finished analyzing the other dumps yet, soz quite noob at this!

Any suggestions?

i will attempt to uninstall the AVG, Tunngle and Hamachi using revo uninstaller and will post back soon on results.

 

[Arc]

I installed 'BlueScreenView' in order to read the minidumps myself...first one points at 'NETIO.sys' and ntoskrnl.exe. Havnt finished analyzing the other dumps yet, soz quite noob at this!

Any suggestions?

No
BSView is BSView after all. And Windbg also showed NETIO.sys as failing. It is a system driver. Cannot fail at itself. Something must be causing it fail. And the antivirus activity monitor is that thing that is not letting NETIO work properly.

So, no other suggestion that that is already given

For more, see what I have written in the last paragraph

 

[Orbitall]

Unistalled AVG...Insalled Security essentials- BSOD on shutdown!
Uninstalled Tunngle....BSOD!

"There is some other suspicious things (e.g. Intel Rapid Storage, network driver)".
I wasnt disregarding your first suggestion, I looked into the minidump and suggested possible problems because of the drivers you pointed out, and issues i have had in the past. Im sorry if i'm pointing out the obvious, just brainstorming ideas!

Should I look into reinstalling the drivers?
Should I system restore?
Any suggestions?

 

[Arc]

Unistalled AVG...Insalled Security essentials- BSOD on shutdown!
Uninstalled Tunngle....BSOD!

"There is some other suspicious things (e.g. Intel Rapid Storage, network driver)".
I wasnt disregarding your first suggestion, I looked into the minidump and suggested possible problems because of the drivers you pointed out, and issues i have had in the past. Im sorry if i'm pointing out the obvious, just brainstorming ideas!

Should I look into reinstalling the drivers?
Should I system restore?
Any suggestions?

Suggestion is already given in post #2.

If the issue persists, Post it following the Blue Screen of Death (BSOD) Posting Instructions.

So go ahead and do it

 

[Orbitall]

Each post in this thread is corresponding to the stages of the posting instructions! I have attached all the relevant details needed within the diagnostic results in post #3.

Final Stage of instructions given in post #3!
Go ahead and do what?

 

[Arc]

How old are you?

Well, everytime you will face a BSOD, you have to report it using Blue Screen of Death (BSOD) Posting Instructions. Hope you understand it now?

It is not possible to debug a BSOD, without seeing the crash dump recorded by it.

 

[nommy the first]

Hello Orbitall,

The following software is contributing to your problems, please uninstall it;

[COLOR=Red][B]DAEMON Tools Lite[/B][/COLOR]    "c:\program files (x86)\daemon tools lite\dtlite.exe" -autorun    Black-Ice\Brownz    HKU\S-1-5-21-2254189085-4108429279-886624529-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[COLOR=Red][B]Pando Media Booster[/B][/COLOR]    d:\program files (x86)\pando networks\media booster\pmb.exe    Black-Ice\Brownz    HKU\S-1-5-21-2254189085-4108429279-886624529-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[COLOR=Red][B]uTorrent[/B][/COLOR]    "d:\users\brownz\appdata\roaming\utorrent\utorrent.exe"  /minimized    Black-Ice\Brownz    HKU\S-1-5-21-2254189085-4108429279-886624529-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

• Download and install Revo Uninstaller.
• Right click the program that needs to be removed, and click on Uninstall.
• Select "Advanced" as uninstall mode.
• Let Revo remove the program, and afterwards please follow the displayed steps to remove all entries of the program as well.
• When all programs have been uninstalled, please restart your machine.

----------

:warn: P2P Warning! :warn:

:info: Important: I notice that there are one or more P2P (Person to person) file sharing programs on your computer;

1. UTorrent
2. Pando Media Booster

:note: Please note that using any form of peer to peer networking is highly dangerous, as there is no way to identify the source of the files you download, and you can expect an infestation of malware to occur.

Years ago P2P file sharing was safe and easy to do. And while the latter may still be so today, it is most certainly not safe anymore. A peer to peer program is a direct conduit into your computer. Most of these programs lack proper security measures and malware writers can easily breach them, and they continue to exploit the users of these programs to spread their malware.
As addition to that; while using a P2P program, your computer may be sharing way more than you want it to. There have been reports of people's passwords, personal, private and financial data being exposed via P2P networks, only because they had a peer to peer program installed, and lacked the skills to configure it properly.

Please read the following reports on the dangers of using peer to peer programs and file sharing.
Risks of P2P systems.
File sharing infects 500.000 computers.
File sharing dangers involve more than legal troubles.
Seattle man arrested for P2P identity theft.

I highly recommend that you uninstall the above mentioned P2P programs, as I can not guarantee your safety from malware if you leave them installed and the likelihood of reinfection is very high to certain.
You can uninstall them by doing the following steps;

1. Click on the rb:.
2. Click on Control Panel and under Programs click on Uninstall a program.
3. Wait for the list to update, and when done, please right-click on the icon of the program(s) mentioned above and select Uninstall.
4. Follow the on screen instructions, and when prompted, please restart your computer.
   
   :info: When you have multiple P2P programs installed Click No - I will manually restart later when prompted to restart, and repeat steps three and four until all programs are uninstalled, and click Yes - Restart now when you have finished uninstalling the last P2P program.
   :ar:If you choose not to uninstall them, please refrain from using any P2P program during this fix! Using them may interfere with any measures we may take.

----------

Your first dump file points to this;

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red][B]BugCheck 3B[/B][/COLOR], {c0000005, fffff88004534a84, fffff8800953eda0, 0}

[COLOR=Red][B]Probably caused by : NETIO.SYS[/B][/COLOR] ( NETIO!WeightCompare+4 )

Followup: MachineOwner
---------

Usual cause: Corrupted GPU driver, interfering antivirus.
More info :ar: Bug Check 0x3B.

----------

As Arc has explained, NETIO.SYS is failing because of AVG.
Have you replaced AVG with, for example, Microsoft Security Essentials?

----------

The one to last dump file points to this;

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red][B]BugCheck 50[/B][/COLOR], {fffffa4143414348, 0, fffff800030a7ef1, 7}


Could not read faulting driver name
[COLOR=Red][B]Probably caused by : memory_corruption[/B][/COLOR] ( nt!MiGetNextNode+15 )

Followup: MachineOwner
---------

Usual cause: Failing RAM, faulty hardware, failing hardware or antivirus software.
More info :ar: Bug Check 0x50.

----------

Again, AVG might be the issue here, but just to rule the rest out, please preform the following hardware test;
Please run Memtest86+ to test your RAM for issues.

   Tip

Let Memtest run for at least 10 passes and preferably overnight as it may take very long to complete.
:ar: Especially read part three of the tutorial, which explains you to test each RAM stick in all DIMM slots to filter out failing slots.

Suppose you have got the result like that:

test|Slot1|Slot2
RAM1| Error | Error
RAM2|Good|Good

It is a RAM, a bad RAM.

But if you have got a result like that:

test|Slot1|Slot2
RAM1| Error |Good
RAM2| Error |Good

It is a motherboard issue. The particular slot is bad.

----------

The dump file after that points to this;

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER ([COLOR=Red][B]c2[/B][/COLOR])
The current thread is making a bad pool request.  Typically this is at a  bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000000000000[COLOR=Red][B]07[/B][/COLOR], Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 00000000454e434c, Memory contents of the pool block
Arg4: fffffa80140e8320, Address of the block of pool being deallocated

Debugging Details:
------------------

fffffa80140e8310 doesn't look like a valid small pool allocation, checking to see
if the entire page is actually part of a large page allocation...

GetUlongFromAddress: unable to read from fffff80003266a38

POOL_ADDRESS:  fffffa80140e8320 Nonpaged pool

BUGCHECK_STR:  0xc2_7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800031f3be9 to fffff800030c0c00

STACK_TEXT:  
fffff880`09346628 fffff800`031f3be9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`454e434c : nt!KeBugCheckEx
fffff880`09346630 fffff880`04926ebd : 00000000`00001433  fffffa80`140e8320 fffffa80`0dcb7118 00000000`00001433 :  nt!ExDeferredFreePool+0x1201
fffff880`093466e0 fffff880`049267df : fffffa80`0dcb7118  00000000`00000000 fffffa80`0dd57c4c 00000000`00000000 :  rdyboost!ST_STORE<SMD_TRAITS>::StReleaseRegion+0x59
fffff880`09346740 fffff880`049254ce : fffffa80`0dcb70b0  00000000`00000001 fffffa80`0dcb70b0 00000000`00000001 :  rdyboost!ST_STORE<SMD_TRAITS>::StDmCleanup+0x183
fffff880`09346780 fffff880`04924a27 : fffffa80`0dcb70b0  00000000`00000001 fffffa80`0dcb70b0 fffff880`09346b60 :  rdyboost!SMKM_STORE<SMD_TRAITS>::SmStCleanup+0x7a
fffff880`093467c0 fffff880`0492498a : fffff880`049478f0  00000000`00000008 fffffa80`0dcb70b0 fffff880`04947870 :  rdyboost!SMKM_STORE_MGR<SMD_TRAITS>::SmStoreMgrCallback+0x4b
fffff880`09346800 fffff880`0494b4b8 : fffff880`04947870  fffff880`09346b60 00000000`00000000 fffffa80`19fcd070 :  rdyboost!SMKM_STORE_MGR<SMD_TRAITS>::SmCleanup+0x9a
fffff880`09346830 fffff880`0492cb26 : fffffa80`19fcd070  fffffa80`19fcd070 00000000`00000000 00000000`00000000 :  rdyboost!SmdRBContextShutdown+0x94
fffff880`09346870 fffff800`033def37 : 00000000`00000000  fffffa80`19db48f0 fffffa80`19db4a08 fffffa80`19fcd070 :  rdyboost!SmdDispatchDeviceControl+0x3ce
fffff880`093468d0 fffff800`033df796 : 00000000`00000000  00000000`00000000 00000000`00000000 00000000`00000000 :  nt!IopXxxControlFile+0x607
fffff880`09346a00 fffff800`030bfe93 : 00000000`00000000  0000007f`ffffffff fffffa80`19b6fa50 00000980`00000000 :  nt!NtDeviceIoControlFile+0x56
fffff880`09346a70 00000000`772b138a : 00000000`00000000  00000000`00000000 00000000`00000000 00000000`00000000 :  nt!KiSystemServiceCopyEnd+0x13
00000000`01e5ea78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772b138a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
rdyboost!ST_STORE<SMD_TRAITS>::StReleaseRegion+59
fffff880`04926ebd 4c892cf7        mov     qword ptr [rdi+rsi*8],r13

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  rdyboost!ST_STORE<SMD_TRAITS>::StReleaseRegion+59

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: rdyboost

IMAGE_NAME:  rdyboost.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7982e

FAILURE_BUCKET_ID:  X64_0xc2_7_[COLOR=Red][B]rdyboost![/B][/COLOR]ST_STORE_SMD_TRAITS_::StReleaseRegion+59

BUCKET_ID:  X64_0xc2_7_rdyboost!ST_STORE_SMD_TRAITS_::StReleaseRegion+59

Followup: MachineOwner
---------

Looking at the parameters this shows to be a 0xC2_07, probably caused by a driver called rdyboost.sys.
More info :ar: Bug Check 0xC2_07.

----------

But rdyboost.sys is a Windows driver, and it shouldn't fail on it's own. To solve this we'll have to look at your most recent dump file.

----------

That one shows this;

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red][B]BugCheck C5[/B][/COLOR], {fffff810026616b0, 2, 0, fffff80002606a4e}

[COLOR=Red][B]Probably caused by : Pool_Corruption[/B][/COLOR] ( nt!ExDeferredFreePool+192 )

Followup: Pool_corruption
---------

Usual cause: Corrupt memory, corrupt driver.
More info :ar: Bug Check 0xC5.

----------

So there are two dump files, of which one falsely points to a Windows driver, and the other one has a high chance to be caused by a corrupted driver.

To pinpoint which driver is the corrupt one, please do the following;
Please follow this;

Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

   Information

Why Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.

How Can we know that DV is enabled:
It will make the system bit of slow, laggy.

   Warning

Before enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.

If there is no points, make a System Restore Point manually before enabling DV.

   Tip

• If you fail to get on the Desktop because of DV, Boot into Advanced Boot Options > Safe mode. Disable DV there. Now boot normally again, and try following the instruction of enabling DV again.
• If you cannot boot in Safe mode too, do a System Restore to a point you made earlier.

----------

:info:
Do note that I haven't looked at the dump files from the SF Diagnostic Tool because they are mostly doubles from your initial upload or outdated.
Once Driver Verifier has crashed your system we will have "fresh" dump files to work with, being able to provide better, more accurate assistance with your problem

----------

To rule out any flaws in the Windows drivers, or to fix them if they are present, please preform the following scan;
Please use the SFC /SCANNOW command as displayed in option two of this tutorial.

1. Click on the rb:.
2. Open an elevated command prompt.
3. Type "SFC /SCANNOW" without the quotations.
4. Let SFC do it's thing, and then prompted to, restart.
   
   If SFC found and repaired anything, please do the following:
5. When restarted, open an elevated command prompt.
6. Type (or copy) the following, this will create a .txt file on your desktop;
   findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
7. In your next reply, please attach this file using the method displayed in this tutorial.

Good luck and keep us posted,
Nommy