Solved

NETIO.SYS Bluescreen in Windows Vista Ultimate (32Bit)

Posted on 2009-05-19
8
4,789 Views
Last Modified: 2012-05-07
Alright, here is a tough one for all you experts out there!

User has a Dell XPS Laptop with Windows Vista Ultimate 32Bit. Latest service packs installed (SP1 currently. I have updated the BIOS, device drivers for video, network, and sound. I have already attempted to apply the Microsoft TLE HotFix for NETIO.SYS that I come across on Google, but it states that the update does not apply to my system.

The blue screen is triggered when he connects in to our company VPN. He often receives it while working within Outlook. I have included the Debug Report below:
*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************
 

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault).  The first number in the

bugcheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

        use .tss on the part before the colon, then kv.

Else if kv shows a trapframe

        use .trap on that value

Else

        .trap on the appropriate frame will show where the trap was taken

        (on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 00000008, EXCEPTION_DOUBLE_FAULT

Arg2: 803d3130

Arg3: 00000000

Arg4: 00000000
 

Debugging Details:

------------------
 
 

BUGCHECK_STR:  0x7f_8
 

CUSTOMER_CRASH_COUNT:  1
 

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
 

PROCESS_NAME:  System
 

CURRENT_IRQL:  2
 

LAST_CONTROL_TRANSFER:  from 8b7b8748 to 82038b4b
 

STACK_TEXT:

8c90f3f4 8b7b8748 85338b10 862912fc 00000000 nt!SeAccessCheckFromState+0x1f

8c90f434 8b7b876e 85338b08 8c90f6c8 85338af8 NETIO!CompareSecurityContexts+0x47

8c90f458 8b7b67a4 00000000 85338b00 8c90f6c8 NETIO!MatchValues+0xee

8c90f470 8b7b6875 85338af8 8c90f6c8 8a16c4d0 NETIO!MatchCondition+0x4b

8c90f48c 8b7b680d 00000000 8c90f824 8c90f748 NETIO!FilterMatch+0x49

8c90f4b0 8b7b68d4 8a16c4d0 8c90f824 8c90f748 NETIO!IndexListClassify+0x25

8c90f4f0 8b7b61bb 00000000 8c90f824 8c90f748 NETIO!FindMatchingEntries+0xd6

8c90f5cc 8b875344 00000030 8c90f824 8c90f748 NETIO!KfdClassify+0x145

8c90f5f4 8b864b72 8c90f824 8c90f748 856936b0 tcpip!WfpAleClassify+0x36

8c90f890 8b8645d8 855e53b0 00000030 8b8bb2c8 tcpip!WfpAlepAuthorizeSend+0x4c0

8c90f9f0 8b87561c 855e53b0 8c900002 00000011 tcpip!WfpAleAuthorizeSend+0x1e0

8c90fa4c 8b873c19 855e53b0 8c900002 00000011 tcpip!WfpAleConnectAcceptIndicate+0

x56

8c90fabc 8b8630c7 8c90fccc 00000011 8c900002 tcpip!ProcessALEForTransportPacket+

0xf3

8c90fb40 8b862c0f 8c90fccc 00000011 8c900002 tcpip!ProcessAleForNonTcpOut+0x5c

8c90fc90 8b861cd4 00000011 00000000 00008a00 tcpip!WfpProcessOutTransportStackIn

dication+0x200

8c90fd14 8b861b28 00000000 80e321f0 8c90fe78 tcpip!IppInspectLocalDatagramsOut+0

xbf

8c90feb8 8b85acab 00000000 00000004 8b8c5c68 tcpip!IppSendDatagramsCommon+0x522

8c90fed8 8b85bb19 8629e3c8 8c90ffd4 85490008 tcpip!IpNlpSendDatagrams+0x4b

8c910120 91429cf2 85281b68 8629e440 85490008 tcpip!UdpSendMessages+0xc07

8c910168 914319be 86885008 85490000 8554d928 tdx!TdxSendDatagramTransportAddress

+0x206

8c910184 820bffd3 8a198440 85490008 85490008 tdx!TdxTdiDispatchInternalDeviceCon

trol+0x5c

8c91019c 9150a4bc 8c91022c 10000000 85445558 nt!IofCallDriver+0x63

WARNING: Stack unwind information not available. Following frames may be wrong.

8c9101b0 9150f69e 8a1d1b68 85490008 854900c0 tmtdi+0x94bc

8c910288 9150f893 854900c0 8c910354 8a1d1b68 tmtdi+0xe69e

8c9102f8 820bffd3 8a1d1b68 85490008 8640f240 tmtdi+0xe893

8c910310 9149f8bf 852bbed0 8515c008 914b9e84 nt!IofCallDriver+0x63

8c91032c 9149f72f 00000000 852bbfcc 000000e3 netbt!TdiSendDatagram+0x14e

8c910370 914ae0d2 852bbed0 ffffffff 000000e3 netbt!UdpSendDatagram+0x14c

8c9103ac 914ae38c 00000000 866e89a0 852bbed0 netbt!DatagramDistribution+0x156

8c9103c4 914aeb34 866e89a0 852bbed0 914b9e84 netbt!SendDgram+0x37

8c9103f0 9149bee8 852bbe02 00000000 00000001 netbt!SendDgramContinue+0xf1

8c910418 914a4951 914aea43 852bbed0 00000000 netbt!CompleteClientReq+0x6a

8c9104a0 9149fcbf 86352218 8c910698 856d088a netbt!QueryFromNet+0x5b3

8c9104cc 9149fc01 86352218 8c910698 856d088a netbt!NameSrvHndlrNotOs+0xa8

8c91051c 9150a421 86352218 00000016 8c910698 netbt!TdiRcvNameSrvHandler+0x2ca

8c9105fc 91429392 852c0cc8 00000016 8c910698 tmtdi+0x9421

8c910724 8b8783b2 851d9478 8c910744 856d0882 tdx!TdxEventReceiveMessagesTranspor

tAddress+0x48e

8c91075c 8b870e12 00000000 00000001 00000000 tcpip!UdpDeliverDatagrams+0x23b

8c9107a8 8b870eb1 8629e440 002960e0 8c9107e4 tcpip!UdpReceiveDatagrams+0x112

8c9107b8 8b86efef 8c9107cc c000023e 00000000 tcpip!UdpNlClientReceiveDatagrams+0

x12

8c9107e4 8b86edb2 8b8c5fdc 8c910838 c000023e tcpip!IppDeliverListToProtocol+0x49
 

8c910804 8b86ecd9 8b8c5c68 00000011 8c910838 tcpip!IppProcessDeliverList+0x2a

8c91085c 8b86e4cc 8b8c5c68 00000011 86365c98 tcpip!IppReceiveHeaderBatch+0x1eb

8c9108ec 914f7404 853af248 00000000 8c910901 tcpip!IpFlcReceivePackets+0xbe1

8c910978 8b74c0b0 02abb1e4 00000000 00000000 wanarp!WanNdisReceivePackets+0x4e2

8c9109ac 8b73e7e3 00203008 8641e810 00000000 ndis!ndisMIndicateNetBufferListsToO

pen+0xab

8c910b38 8b67f57f 8748a0e8 8a203008 00000000 ndis!ndisMDispatchReceiveNetBufferL

ists+0x7c

8c910b54 8b6aad88 8748a0e8 8641e810 00000000 ndis!ndisMTopReceiveNetBufferLists+

0x2c

8c910b70 8b6aad5f 8a1f0808 8641e810 00000000 ndis!ndisFilterIndicateReceiveNetBu

fferLists+0x20

8c910b8c 914cf5a8 8a1f0808 8641e810 00000000 ndis!NdisFIndicateReceiveNetBufferL

ists+0x1b

8c910bc8 8b7512ba 8a1bd158 8641e810 00000000 pacer!PcFilterReceiveNetBufferLists

+0xd2

8c910c14 91012810 0248a0e8 8c910c34 00000001 ndis!ndisMIndicatePacketsToNetBuffe

rLists+0xe9

8c910c38 910129cd 86685220 8c910c50 8564ad80 TM_CFW+0x3810

8c910c54 9101a79b 8564ad80 8564ad80 89e57170 TM_CFW+0x39cd

8c910c70 9101bd46 8564ad80 00000068 85477e58 TM_CFW+0xb79b

8c910d6c 91011998 8564ad80 85477e58 8730b0e8 TM_CFW+0xcd46

8c910d9c 8b771533 89e69128 85477e58 857ef5fc TM_CFW+0x2998

8c910df8 805bb0fb 001724d0 8c910e34 00000001 ndis!ethFilterDprIndicateReceivePac

ket+0x2bf

8c910e38 805bb4ae 027ef008 0000005a 8690b03e ndiswan!IndicateRecvPacket+0x301

8c910e6c 805bc12a 857ef008 856d0800 86881a18 ndiswan!ProcessPPPFrame+0x113

8c910e8c 805b8c81 863e2dc0 856d0800 868819e0 ndiswan!ReceivePPP+0xb3

8c910ebc 8b6a893b 89e51148 00000062 00000062 ndiswan!ProtoCoReceivePacket+0x25d

8c910ef0 8b77800b 85734c18 8c910f38 00000001 ndis!ndisMCoIndicateReceiveNdisPack

etToNdisPacket+0x120

8c910f04 827eb33e 85734c18 8c910f38 00000001 ndis!NdisMCoIndicateReceivePacket+0

x15

8c910f30 827ebc06 86881a18 8690b030 0000000c rasl2tp!IndicateReceived+0x13a

8c910f64 827ed809 8a1a4488 863639d8 85402428 rasl2tp!ReceivePayload+0x29f

8c910fd4 827f2d4f 011a44fc 80fa1a68 8690b030 rasl2tp!L2tpReceive+0x2dd

8c911044 827f2e31 874ff5c8 00000000 00000002 rasl2tp!ReceiveData+0x170

8c911060 91458d48 874ff5c8 00000000 85284e8c rasl2tp!WskReceiveDataGramFromEvent

+0x17

8c911094 9145b69b 9d15ef00 8c9110b0 855e3558 afd!WskProTLEVENTReceiveMessages+0x

150

8c9110cc 9150a421 00000000 00000084 86715830 afd!WskTdiEHReceiveDatagram+0x2c9

8c9111ac 91429392 855e3558 00000016 8c911248 tmtdi+0x9421

8c9112d4 8b8783b2 863dc200 8c9112f4 86697892 tdx!TdxEventReceiveMessagesTranspor

tAddress+0x48e

8c91130c 8b870e12 00000000 00000001 00000000 tcpip!UdpDeliverDatagrams+0x23b

8c911358 8b870eb1 8629e440 00296000 8c911394 tcpip!UdpReceiveDatagrams+0x112
 
 

STACK_COMMAND:  kb
 

FOLLOWUP_IP:

NETIO!CompareSecurityContexts+47

8b7b8748 84c0            test    al,al
 

SYMBOL_STACK_INDEX:  1
 

SYMBOL_NAME:  NETIO!CompareSecurityContexts+47
 

FOLLOWUP_NAME:  MachineOwner
 

MODULE_NAME: NETIO
 

IMAGE_NAME:  NETIO.SYS
 

DEBUG_FLR_IMAGE_TIMESTAMP:  47919103
 

FAILURE_BUCKET_ID:  0x7f_8_NETIO!CompareSecurityContexts+47
 

BUCKET_ID:  0x7f_8_NETIO!CompareSecurityContexts+47
 

Followup: MachineOwner

Open in new window

BlueScreen.JPG
0
Comment
Question by:Cameron_S
  • 4
  • 3
8 Comments
 
LVL 3

Author Comment

by:Cameron_S
ID: 24424376
I should also mention that I have already performed a MemTest, and that came back clean. I have also ran chkdsk as well, with no errors returned.
0
 
LVL 3

Author Comment

by:Cameron_S
ID: 24426741
Updating to max points due to difficulty. Accepting all challengers!
0
 
LVL 87

Expert Comment

by:rindi
ID: 24428919
Does your motherboard's BIOS have any option to set it to "Failsafe" mode? If yes, try that. Also remove as much hardware from the PC to check if there is any issue with something like that. If none of that helps, your mainboard is probably bad.
0
 
LVL 3

Author Comment

by:Cameron_S
ID: 24432267
Rindi,

Thanks for the advice. Actually the mainboard has already been replaced about one month ago as the GPU went out on it. The user was experiencing this error on the old motherboard as well as the new replacement. It is a Dell laptop, so there are no additional cards I can remove from the system and the only things that are plugged in are the standard Mouse/Keyboard/Monitor/Network cable.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Accepted Solution

by:
John Griffith earned 500 total points
ID: 24433149
Hi -
I see the Trend Micro driver tm_cfw.sys in the stack text of the dump file.  
I suggest that you remove Trend Micro Intenet Security from your system using the removal tool written by T.M.
 
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24433207
Sorry, hit submit too soon.
Trend Micro removal - http://esupport.trendmicro.com/9/Uninstalling-Trend-Micro-PC-cillin-Internet-Security-2007.aspx#P86_2140
Upon completion, re-boot.  Reset the Windows Firewall to its default settings -
START | type FirewallSettings.exe into the start search box | click on FirewallSettings.exe above | select the Advanced Tab | click on "Restore Defaults" | Click Apply, OK
Regards. . .  jcgriff2
`
0
 
LVL 3

Author Closing Comment

by:Cameron_S
ID: 31583123
When the user disables the Trend Micro software, he does not experience the issue. I am confident that this is the culprit and will investigate how to resolve it to the user's satisfaction. Excellent work!
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24598213
Thank you.
 
You will probably find that any 3rd party firewall contained in the various Internet Security Suites will cause app crashes, app hangs (like the blue circle on a fading white background in IE) then inevitably followed by BSODs at some future time.  These firewalls interfere with Vista (& Windows 7) NET BIOS ports causing system services to malfunction.  Since  system srvcs run mostly grouped together under single svchost, those pieces that are blocked cause the rest to tumble.  I can say this with conviction after working on thousands of threads related to app crashes and BSODs in the Vista Forum
http://www.techsupportforum.com/members/185203.html
Good Luck to you...
JC
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now