Random BSOD

[gfuchikami]

My new computer has been having random BSODs occurring sometimes once a day to every couple of days. I've run the Windows memory tests and it seems OK. I was told by ZT tech support I'd have to reinstall the OS. Please let me know what you think.

The computer's about 3 months old from Costco running Windows 7 Home Premium 64-bit with the OEM OS as pre-installed when I bought it. I've only done Windows updates on it which seems to have been mostly definition update files for Windows security. Attached is the zip file with the dump files requested. Thank you!

 

[zigzag3143]

My new computer has been having random BSODs occurring sometimes once a day to every couple of days. I've run the Windows memory tests and it seems OK. I was told by ZT tech support I'd have to reinstall the OS. Please let me know what you think.

The computer's about 3 months old from Costco running Windows 7 Home Premium 64-bit with the OEM OS as pre-installed when I bought it. I've only done Windows updates on it which seems to have been mostly definition update files for Windows security. Attached is the zip file with the dump files requested. Thank you!

More often than not BSOD's caused by NETIO.sys are becasue of Zone Alarm firewalls.

I would remove it and replace with Microsoft Security Essentials, and the win 7 firewall.


Ken J

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\070210-21356-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at end of path element
Symbol search path is: SRV*C:\symbols;*http://msdl.microsoft.com/download/symbols ;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`03250000 PsLoadedModuleList = 0xfffff800`0348de50
Debug session time: Sat Jul  3 03:12:45.933 2010 (GMT-4)
System Uptime: 0 days 0:58:01.041
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
.............................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 6f8, fffff800032c5c91}

Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff800032c5c91

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'kbdhid' and 'kbdhid.sys' overlap

BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800032bfb69 to fffff800032c0600

STACK_TEXT:  
fffff800`04a5dd28 fffff800`032bfb69 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff800`04a5dd30 fffff800`032be032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`04a5de70 fffff800`032c5c91 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`09834fd0 fffff800`03288f02 : fffffa80`0a568080 00000000`00000001 00000000`00000000 fffffa80`07d517c8 : nt!SeAccessCheckWithHint+0x301
fffff880`098350b0 fffff880`0159ec5a : fffff1f2`00001365 000006af`00000944 ffffe7dc`00001868 00000360`000003d5 : nt!SeAccessCheckFromState+0x102
fffff880`098357a0 fffff880`0159c94f : ffffe91c`c0000022 fffffab4`00000000 ffffeedc`00001630 ffffff98`fffffb35 : NETIO!CompareSecurityContexts+0x6a
fffff880`09835810 fffff880`0159e9b5 : ffffe3d9`0000195d 000002d6`ffffff7d ffffeb73`00001589 00000004`fffff7bb : NETIO!MatchValues+0xef
fffff880`09835860 fffff880`0159e845 : fffffa80`09befc00 fffffa80`0a5b32d0 fffff880`09835a88 fffff880`098361c0 : NETIO!FilterMatch+0x95
fffff880`098358b0 fffff880`0159fccb : 00000000`00000000 00000000`00000000 fffff880`098361c0 fffff880`09835a70 : NETIO!IndexListClassify+0x69
fffff880`09835930 fffff880`016404d0 : fffff880`098361c0 fffff880`09835e08 fffff880`09836b40 fffffa80`0a5f5770 : NETIO!KfdClassify+0xa4e
fffff880`09835ca0 fffff880`0163977e : fffff880`01748690 00000000`00000000 fffffa80`098f9010 00000000`00000000 : tcpip!WfpAleClassify+0x50
fffff880`09835ce0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!CompareSecurityContexts+6a
fffff880`0159ec5a 448b442470      mov     r8d,dword ptr [rsp+70h]

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NETIO!CompareSecurityContexts+6a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff800032c5c91

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'kbdhid' and 'kbdhid.sys' overlap

BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800032bfb69 to fffff800032c0600

STACK_TEXT:  
fffff800`04a5dd28 fffff800`032bfb69 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff800`04a5dd30 fffff800`032be032 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`04a5de70 fffff800`032c5c91 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`09834fd0 fffff800`03288f02 : fffffa80`0a568080 00000000`00000001 00000000`00000000 fffffa80`07d517c8 : nt!SeAccessCheckWithHint+0x301
fffff880`098350b0 fffff880`0159ec5a : fffff1f2`00001365 000006af`00000944 ffffe7dc`00001868 00000360`000003d5 : nt!SeAccessCheckFromState+0x102
fffff880`098357a0 fffff880`0159c94f : ffffe91c`c0000022 fffffab4`00000000 ffffeedc`00001630 ffffff98`fffffb35 : NETIO!CompareSecurityContexts+0x6a
fffff880`09835810 fffff880`0159e9b5 : ffffe3d9`0000195d 000002d6`ffffff7d ffffeb73`00001589 00000004`fffff7bb : NETIO!MatchValues+0xef
fffff880`09835860 fffff880`0159e845 : fffffa80`09befc00 fffffa80`0a5b32d0 fffff880`09835a88 fffff880`098361c0 : NETIO!FilterMatch+0x95
fffff880`098358b0 fffff880`0159fccb : 00000000`00000000 00000000`00000000 fffff880`098361c0 fffff880`09835a70 : NETIO!IndexListClassify+0x69
fffff880`09835930 fffff880`016404d0 : fffff880`098361c0 fffff880`09835e08 fffff880`09836b40 fffffa80`0a5f5770 : NETIO!KfdClassify+0xa4e
fffff880`09835ca0 fffff880`0163977e : fffff880`01748690 00000000`00000000 fffffa80`098f9010 00000000`00000000 : tcpip!WfpAleClassify+0x50
fffff880`09835ce0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!CompareSecurityContexts+6a
fffff880`0159ec5a 448b442470      mov     r8d,dword ptr [rsp+70h]

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NETIO!CompareSecurityContexts+6a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

Followup: MachineOwner
---------

 

[gfuchikami]

OK, thank you... I'll try that and see if it stops doing it.

 

[richc46]

As always Ken has given good advice, it does indeed look like it was caused by Zone Alarm. You may however try this hot fix, in lieu of uninstalling, if you want to continue using ZA
http://support.microsoft.com/kb/981180

 

[gfuchikami]

Well, so far so good; seems like Ken may have nailed this on the head. My only question is will using MS Security Essentials be as good as running ZA Extreme Security Suite which is what I had installed or should I reinstall ZA and apply the hotfix? Thanks very much!

 

[richc46]

Ill answer by saying that I use MSE, the Windows Firewall and Malwarebytes, because I think it is the best combo, for Windows 7. Uninstall ZA and use the Windows Firewall.
When you begin to use it, be sure to set up outgoing protection, by default it is off.