BSOD - ntoskrnl.exe

My security system is ZoneAlarm Extreme. It's my Firewall/Anti-Virus/Anti-Spyware.

Uninstall ZoneAlarm Extreme and use Microsoft Security Essentials.
Link to MS Security Essentials - http://www.microsoft.com/security_essentials/

I noticed that a lot of people are having the same problem regarding ntoskrnl.exe. What exactly is it and why is it so hard to just point to a specific cause?

ntoskrnl.exe is a Windows .exe file and it's not the definite cause of BSOD.

Ok, I'm still having trouble with the BSOD. It hasn't happened 10 times in a day like before, but it's been happening every other day. It feels entirely random as I cannot pinpoint what software or program might be causing this. I followed all the directions the first time and I'm not sure what I can do! I have no viruses or spywares on my computer because I scan regularly with Zone Alarm Extreme Security. Does this have anything to do with my registry? I have no programs that "cleans" it out. Please help!

Thanks and happy holidays!

Once you have turned on Driver Verifier as yowanvista requested. Get a BSOD after Driver Verifier is on and then turn it off. Upload the dumps after turning off Driver Verifier.

If you cannot access in Windows Mode to turn off Driver Verifier - use Safe Mode.

Hi,

The cause is clear here:

Code:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
    the operating system. The only supported way to extend a kernel
    mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff8000300bc40
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ed824a to fffff80002e83740

STACK_TEXT:  
fffff800`04508018 fffff800`02ed824a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`0300bc40 : nt!KeBugCheckEx
fffff800`04508020 fffff800`02e23569 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff800`04508060 fffff800`02e2394d : fffff800`04508000 fffff800`0450e000 00000000`00000000 00000000`00000000 : nt!RtlEnoughStackSpaceForStackCapture+0x15
fffff800`04508090 fffff800`02f46c2b : 00000000`00000001 fffffa80`0760c910 fffff800`045081c0 00000000`00000000 : nt!RtlWalkFrameChain+0x59
fffff800`045080c0 fffff880`04463264 : fffffa80`0760c900 fffff880`044b6110 00000000`00000002 00000000`00000000 : nt!RtlCaptureStackBackTrace+0x4b
fffff800`045080f0 fffffa80`0760c900 : fffff880`044b6110 00000000`00000002 00000000`00000000 00000000`00000000 : vsdatant+0x11264
fffff800`045080f8 fffff880`044b6110 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0760c900
fffff800`04508100 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vsdatant+0x64110
fffff800`04508108 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vsdatant+11264
fffff880`04463264 ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  vsdatant+11264

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdf0b8a

FAILURE_BUCKET_ID:  X64_0xc4_91_vsdatant+11264

BUCKET_ID:  X64_0xc4_91_vsdatant+11264

Followup: MachineOwner
---------

The Driver Verifier detected a violation in Zone Alarm's driver. Therefore ZA needs to be removed:

Zone Alarm Removal tool -> http://download.zonealarm.com/bin/fr...cpes_clean.exe (run in Safe Mode without Networking)

Then reset the Windows Firewall to its default settings -
START -> type cmd.exe -> right-click -> run as administrator -> type netsh advfirewall reset press enter

I think you will find that doing so will solve all your problems.

reventon said:

Hi,

The cause is clear here:

Code:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
    the operating system. The only supported way to extend a kernel
    mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff8000300bc40
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ed824a to fffff80002e83740

STACK_TEXT:  
fffff800`04508018 fffff800`02ed824a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`0300bc40 : nt!KeBugCheckEx
fffff800`04508020 fffff800`02e23569 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff800`04508060 fffff800`02e2394d : fffff800`04508000 fffff800`0450e000 00000000`00000000 00000000`00000000 : nt!RtlEnoughStackSpaceForStackCapture+0x15
fffff800`04508090 fffff800`02f46c2b : 00000000`00000001 fffffa80`0760c910 fffff800`045081c0 00000000`00000000 : nt!RtlWalkFrameChain+0x59
fffff800`045080c0 fffff880`04463264 : fffffa80`0760c900 fffff880`044b6110 00000000`00000002 00000000`00000000 : nt!RtlCaptureStackBackTrace+0x4b
fffff800`045080f0 fffffa80`0760c900 : fffff880`044b6110 00000000`00000002 00000000`00000000 00000000`00000000 : vsdatant+0x11264
fffff800`045080f8 fffff880`044b6110 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0760c900
fffff800`04508100 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vsdatant+0x64110
fffff800`04508108 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vsdatant+11264
fffff880`04463264 ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  vsdatant+11264

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdf0b8a

FAILURE_BUCKET_ID:  X64_0xc4_91_vsdatant+11264

BUCKET_ID:  X64_0xc4_91_vsdatant+11264

Followup: MachineOwner
---------

The Driver Verifier detected a violation in Zone Alarm's driver. Therefore ZA needs to be removed:

Zone Alarm Removal tool -> http://download.zonealarm.com/bin/fr...cpes_clean.exe (run in Safe Mode without Networking)

Then reset the Windows Firewall to its default settings -
START -> type cmd.exe -> right-click -> run as administrator -> type netsh advfirewall reset press enter

I think you will find that doing so will solve all your problems.

Thanks for the help! Am I to remove Zone Alarm Extreme Security forever or can I just download it from ZA and install it again? I rather not get another security program because I paid for a licence already.

Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone

DeanP said:

Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone

I personally never used Microsoft Security Essentials. How does it compare to other security suites like Zone Alarm, Kaspersky, Avast, ect. I'm very careful to keep my PC running without viruses/spywares and fast. I'm just a bit concerned about switching since MSE is "free" and so far most free security suites I've used in the past has huge leaks.

James Park said:

DeanP said:

Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone

I personally never used Microsoft Security Essentials. How does it compare to other security suites like Zone Alarm, Kaspersky, Avast, ect. I'm very careful to keep my PC running without viruses/spywares and fast. I'm just a bit concerned about switching since MSE is "free" and so far most free security suites I've used in the past has huge leaks.

MSE is a decent AV app. It is substantially better than Kaspersky, Avast, Symantec, etc in terms of resources used, frequency of BSOD's and protection.


Ken J

zigzag3143 said:

James Park said:

DeanP said:

Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone

I personally never used Microsoft Security Essentials. How does it compare to other security suites like Zone Alarm, Kaspersky, Avast, ect. I'm very careful to keep my PC running without viruses/spywares and fast. I'm just a bit concerned about switching since MSE is "free" and so far most free security suites I've used in the past has huge leaks.

MSE is a decent AV app. It is substantially better than Kaspersky, Avast, Symantec, etc in terms of resources used, frequency of BSOD's and protection.


Ken J

Alright thanks! I'll take yalls word. I wonder if I could get a partial refund after using ZA for 5 months. If ZA is really what's causing the problem, their software engineers has to do some patching.

MS Security Essentials is free, it does speed up your computer booting and does not cause a lot of BSOD.