Windows 7 BSOD Windows 7 64bit

[larryzedragon]

Hello there. I am new to this forum and am in need of assistance.

I have had several BSOD's in the last few weeks that all seem to be caused by the same thing, which is unknown to me. It always just happens randomly.

I finally decided to come for some help with the problem.

I have attached a .rar with the dmp file in it and also a dxdiag text file.

I have avg and zone alarm pro running.

I have also recently installed ad aware but that was after the BSODs started occurring.

Any help would be greatly appreciated.

And if you require any more information that I have missed out then feel free to ask.

Cheers

 

[TorrentG]

Hi and welcome.

Uninstall ZoneAlarm and problems are solved.

 

[larryzedragon]

Is that based off any evidence? Or is that just the most likely culprit?

Sorry for doubting you, but I just want to know the exact reason how and why zone alarm would be causing a BSOD

 

[TorrentG]

You've had a 0x7f error involving NETIO.sys. I knew it was caused by ZoneAlarm 100%, as I always do, before I even typed the command to see if you had it:

lmvm vsdatant

So if you want the bsods to stop, uninstall it.

You could doubt all you'd like, but that's not going to be very helpful to fixing the issue.

 

[larryzedragon]

Haha sorry for the doubt. The reply just seemed to be quick off the bat

Uninstalling zonealarm now.

Cheers for the help, hopefully I won't be having anymore BSODs in the near future

 

[TorrentG]

No doubt, you're welcome. Yep, was going very quickly as there were a few threads waiting that I've answered. They're answered now so I have some time. The crash you posted:

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\Temp\Rar$DI01.767\112810-25615-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02e60000 PsLoadedModuleList = 0xfffff800`0309de50
Debug session time: Sun Nov 28 00:26:39.204 2010 (UTC - 5:00)
System Uptime: 0 days 5:03:09.592
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 6f8, fffff80002e98d28}

Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002e98d28

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ecfca9 to fffff80002ed0740

STACK_TEXT:  
fffff880`02f69ce8 fffff800`02ecfca9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02f69cf0 fffff800`02ece172 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f69e30 fffff800`02e98d28 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`0a3a8ff0 fffff800`02e98f07 : fffffa80`04cb27c8 00000000`00000001 00000000`00000000 00000000`00000000 : nt!SepTokenFromAccessInformation+0x20
fffff880`0a3a9020 fffff880`01406c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x9f
fffff880`0a3a9710 fffff880`0140494f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`0a3a9780 fffff880`014069b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`0a3a97d0 fffff880`01406845 : fffffa80`045da170 fffffa80`0758b3d0 fffff880`0a3a99f8 fffff880`0a3aa130 : NETIO!FilterMatch+0x95
fffff880`0a3a9820 fffff880`01407ccb : 00000000`00000000 00000000`00000000 fffff880`0a3aa130 fffff880`0a3a99e0 : NETIO!IndexListClassify+0x69
fffff880`0a3a98a0 fffff880`01640417 : fffff880`0a3a9d78 fffff880`0a3a9d78 fffff880`0a3aaab0 fffffa80`07ca2580 : NETIO!KfdClassify+0xa4e
fffff880`0a3a9c10 fffff880`0163983e : fffff880`01748690 00000000`00000000 fffffa80`06e9a010 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`0a3a9c50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!CompareSecurityContexts+6a
fffff880`01406c5a 448b442470      mov     r8d,dword ptr [rsp+70h]

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NETIO!CompareSecurityContexts+6a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4bbe946f

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

Followup: MachineOwner
---------

2: kd> lmvm vsdatant
start             end                 module name
fffff880`02cd5000 fffff880`02d68000   vsdatant   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\vsdatant.sys
    Image name: vsdatant.sys
    Timestamp:        Mon May 03 13:44:42 2010 (4BDF0B8A)
    CheckSum:         0007DC77
    ImageSize:        00093000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Not related in any way at all, but update that PowerISO...

http://www.PowerISO.com