• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4870
  • Last Modified:

NETIO.SYS Bluescreen in Windows Vista Ultimate (32Bit)

Alright, here is a tough one for all you experts out there!

User has a Dell XPS Laptop with Windows Vista Ultimate 32Bit. Latest service packs installed (SP1 currently. I have updated the BIOS, device drivers for video, network, and sound. I have already attempted to apply the Microsoft TLE HotFix for NETIO.SYS that I come across on Google, but it states that the update does not apply to my system.

The blue screen is triggered when he connects in to our company VPN. He often receives it while working within Outlook. I have included the Debug Report below:
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
kb will then show the corrected stack.
Arg2: 803d3130
Arg3: 00000000
Arg4: 00000000
Debugging Details:
LAST_CONTROL_TRANSFER:  from 8b7b8748 to 82038b4b
8c90f3f4 8b7b8748 85338b10 862912fc 00000000 nt!SeAccessCheckFromState+0x1f
8c90f434 8b7b876e 85338b08 8c90f6c8 85338af8 NETIO!CompareSecurityContexts+0x47
8c90f458 8b7b67a4 00000000 85338b00 8c90f6c8 NETIO!MatchValues+0xee
8c90f470 8b7b6875 85338af8 8c90f6c8 8a16c4d0 NETIO!MatchCondition+0x4b
8c90f48c 8b7b680d 00000000 8c90f824 8c90f748 NETIO!FilterMatch+0x49
8c90f4b0 8b7b68d4 8a16c4d0 8c90f824 8c90f748 NETIO!IndexListClassify+0x25
8c90f4f0 8b7b61bb 00000000 8c90f824 8c90f748 NETIO!FindMatchingEntries+0xd6
8c90f5cc 8b875344 00000030 8c90f824 8c90f748 NETIO!KfdClassify+0x145
8c90f5f4 8b864b72 8c90f824 8c90f748 856936b0 tcpip!WfpAleClassify+0x36
8c90f890 8b8645d8 855e53b0 00000030 8b8bb2c8 tcpip!WfpAlepAuthorizeSend+0x4c0
8c90f9f0 8b87561c 855e53b0 8c900002 00000011 tcpip!WfpAleAuthorizeSend+0x1e0
8c90fa4c 8b873c19 855e53b0 8c900002 00000011 tcpip!WfpAleConnectAcceptIndicate+0
8c90fabc 8b8630c7 8c90fccc 00000011 8c900002 tcpip!ProcessALEForTransportPacket+
8c90fb40 8b862c0f 8c90fccc 00000011 8c900002 tcpip!ProcessAleForNonTcpOut+0x5c
8c90fc90 8b861cd4 00000011 00000000 00008a00 tcpip!WfpProcessOutTransportStackIn
8c90fd14 8b861b28 00000000 80e321f0 8c90fe78 tcpip!IppInspectLocalDatagramsOut+0
8c90feb8 8b85acab 00000000 00000004 8b8c5c68 tcpip!IppSendDatagramsCommon+0x522
8c90fed8 8b85bb19 8629e3c8 8c90ffd4 85490008 tcpip!IpNlpSendDatagrams+0x4b
8c910120 91429cf2 85281b68 8629e440 85490008 tcpip!UdpSendMessages+0xc07
8c910168 914319be 86885008 85490000 8554d928 tdx!TdxSendDatagramTransportAddress
8c910184 820bffd3 8a198440 85490008 85490008 tdx!TdxTdiDispatchInternalDeviceCon
8c91019c 9150a4bc 8c91022c 10000000 85445558 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
8c9101b0 9150f69e 8a1d1b68 85490008 854900c0 tmtdi+0x94bc
8c910288 9150f893 854900c0 8c910354 8a1d1b68 tmtdi+0xe69e
8c9102f8 820bffd3 8a1d1b68 85490008 8640f240 tmtdi+0xe893
8c910310 9149f8bf 852bbed0 8515c008 914b9e84 nt!IofCallDriver+0x63
8c91032c 9149f72f 00000000 852bbfcc 000000e3 netbt!TdiSendDatagram+0x14e
8c910370 914ae0d2 852bbed0 ffffffff 000000e3 netbt!UdpSendDatagram+0x14c
8c9103ac 914ae38c 00000000 866e89a0 852bbed0 netbt!DatagramDistribution+0x156
8c9103c4 914aeb34 866e89a0 852bbed0 914b9e84 netbt!SendDgram+0x37
8c9103f0 9149bee8 852bbe02 00000000 00000001 netbt!SendDgramContinue+0xf1
8c910418 914a4951 914aea43 852bbed0 00000000 netbt!CompleteClientReq+0x6a
8c9104a0 9149fcbf 86352218 8c910698 856d088a netbt!QueryFromNet+0x5b3
8c9104cc 9149fc01 86352218 8c910698 856d088a netbt!NameSrvHndlrNotOs+0xa8
8c91051c 9150a421 86352218 00000016 8c910698 netbt!TdiRcvNameSrvHandler+0x2ca
8c9105fc 91429392 852c0cc8 00000016 8c910698 tmtdi+0x9421
8c910724 8b8783b2 851d9478 8c910744 856d0882 tdx!TdxEventReceiveMessagesTranspor
8c91075c 8b870e12 00000000 00000001 00000000 tcpip!UdpDeliverDatagrams+0x23b
8c9107a8 8b870eb1 8629e440 002960e0 8c9107e4 tcpip!UdpReceiveDatagrams+0x112
8c9107b8 8b86efef 8c9107cc c000023e 00000000 tcpip!UdpNlClientReceiveDatagrams+0
8c9107e4 8b86edb2 8b8c5fdc 8c910838 c000023e tcpip!IppDeliverListToProtocol+0x49
8c910804 8b86ecd9 8b8c5c68 00000011 8c910838 tcpip!IppProcessDeliverList+0x2a
8c91085c 8b86e4cc 8b8c5c68 00000011 86365c98 tcpip!IppReceiveHeaderBatch+0x1eb
8c9108ec 914f7404 853af248 00000000 8c910901 tcpip!IpFlcReceivePackets+0xbe1
8c910978 8b74c0b0 02abb1e4 00000000 00000000 wanarp!WanNdisReceivePackets+0x4e2
8c9109ac 8b73e7e3 00203008 8641e810 00000000 ndis!ndisMIndicateNetBufferListsToO
8c910b38 8b67f57f 8748a0e8 8a203008 00000000 ndis!ndisMDispatchReceiveNetBufferL
8c910b54 8b6aad88 8748a0e8 8641e810 00000000 ndis!ndisMTopReceiveNetBufferLists+
8c910b70 8b6aad5f 8a1f0808 8641e810 00000000 ndis!ndisFilterIndicateReceiveNetBu
8c910b8c 914cf5a8 8a1f0808 8641e810 00000000 ndis!NdisFIndicateReceiveNetBufferL
8c910bc8 8b7512ba 8a1bd158 8641e810 00000000 pacer!PcFilterReceiveNetBufferLists
8c910c14 91012810 0248a0e8 8c910c34 00000001 ndis!ndisMIndicatePacketsToNetBuffe
8c910c38 910129cd 86685220 8c910c50 8564ad80 TM_CFW+0x3810
8c910c54 9101a79b 8564ad80 8564ad80 89e57170 TM_CFW+0x39cd
8c910c70 9101bd46 8564ad80 00000068 85477e58 TM_CFW+0xb79b
8c910d6c 91011998 8564ad80 85477e58 8730b0e8 TM_CFW+0xcd46
8c910d9c 8b771533 89e69128 85477e58 857ef5fc TM_CFW+0x2998
8c910df8 805bb0fb 001724d0 8c910e34 00000001 ndis!ethFilterDprIndicateReceivePac
8c910e38 805bb4ae 027ef008 0000005a 8690b03e ndiswan!IndicateRecvPacket+0x301
8c910e6c 805bc12a 857ef008 856d0800 86881a18 ndiswan!ProcessPPPFrame+0x113
8c910e8c 805b8c81 863e2dc0 856d0800 868819e0 ndiswan!ReceivePPP+0xb3
8c910ebc 8b6a893b 89e51148 00000062 00000062 ndiswan!ProtoCoReceivePacket+0x25d
8c910ef0 8b77800b 85734c18 8c910f38 00000001 ndis!ndisMCoIndicateReceiveNdisPack
8c910f04 827eb33e 85734c18 8c910f38 00000001 ndis!NdisMCoIndicateReceivePacket+0
8c910f30 827ebc06 86881a18 8690b030 0000000c rasl2tp!IndicateReceived+0x13a
8c910f64 827ed809 8a1a4488 863639d8 85402428 rasl2tp!ReceivePayload+0x29f
8c910fd4 827f2d4f 011a44fc 80fa1a68 8690b030 rasl2tp!L2tpReceive+0x2dd
8c911044 827f2e31 874ff5c8 00000000 00000002 rasl2tp!ReceiveData+0x170
8c911060 91458d48 874ff5c8 00000000 85284e8c rasl2tp!WskReceiveDataGramFromEvent
8c911094 9145b69b 9d15ef00 8c9110b0 855e3558 afd!WskProTLEVENTReceiveMessages+0x
8c9110cc 9150a421 00000000 00000084 86715830 afd!WskTdiEHReceiveDatagram+0x2c9
8c9111ac 91429392 855e3558 00000016 8c911248 tmtdi+0x9421
8c9112d4 8b8783b2 863dc200 8c9112f4 86697892 tdx!TdxEventReceiveMessagesTranspor
8c91130c 8b870e12 00000000 00000001 00000000 tcpip!UdpDeliverDatagrams+0x23b
8c911358 8b870eb1 8629e440 00296000 8c911394 tcpip!UdpReceiveDatagrams+0x112
8b7b8748 84c0            test    al,al
SYMBOL_NAME:  NETIO!CompareSecurityContexts+47
FOLLOWUP_NAME:  MachineOwner
FAILURE_BUCKET_ID:  0x7f_8_NETIO!CompareSecurityContexts+47
BUCKET_ID:  0x7f_8_NETIO!CompareSecurityContexts+47
Followup: MachineOwner

Open in new window

  • 4
  • 3
1 Solution
Cameron_SAuthor Commented:
I should also mention that I have already performed a MemTest, and that came back clean. I have also ran chkdsk as well, with no errors returned.
Cameron_SAuthor Commented:
Updating to max points due to difficulty. Accepting all challengers!
Does your motherboard's BIOS have any option to set it to "Failsafe" mode? If yes, try that. Also remove as much hardware from the PC to check if there is any issue with something like that. If none of that helps, your mainboard is probably bad.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Cameron_SAuthor Commented:

Thanks for the advice. Actually the mainboard has already been replaced about one month ago as the GPU went out on it. The user was experiencing this error on the old motherboard as well as the new replacement. It is a Dell laptop, so there are no additional cards I can remove from the system and the only things that are plugged in are the standard Mouse/Keyboard/Monitor/Network cable.
John GriffithConsultantCommented:
Hi -
I see the Trend Micro driver tm_cfw.sys in the stack text of the dump file.  
I suggest that you remove Trend Micro Intenet Security from your system using the removal tool written by T.M.
John GriffithConsultantCommented:
Sorry, hit submit too soon.
Trend Micro removal - http://esupport.trendmicro.com/9/Uninstalling-Trend-Micro-PC-cillin-Internet-Security-2007.aspx#P86_2140
Upon completion, re-boot.  Reset the Windows Firewall to its default settings -
START | type FirewallSettings.exe into the start search box | click on FirewallSettings.exe above | select the Advanced Tab | click on "Restore Defaults" | Click Apply, OK
Regards. . .  jcgriff2
Cameron_SAuthor Commented:
When the user disables the Trend Micro software, he does not experience the issue. I am confident that this is the culprit and will investigate how to resolve it to the user's satisfaction. Excellent work!
John GriffithConsultantCommented:
Thank you.
You will probably find that any 3rd party firewall contained in the various Internet Security Suites will cause app crashes, app hangs (like the blue circle on a fading white background in IE) then inevitably followed by BSODs at some future time.  These firewalls interfere with Vista (& Windows 7) NET BIOS ports causing system services to malfunction.  Since  system srvcs run mostly grouped together under single svchost, those pieces that are blocked cause the rest to tumble.  I can say this with conviction after working on thousands of threads related to app crashes and BSODs in the Vista Forum
Good Luck to you...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now