Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD - ntoskrnl.exe

26 Dec 2010   #11
DeanP

Win 7 Pro x64 SP1 OS X Snow Leopard 10.6.7
 
 

Quote:
My security system is ZoneAlarm Extreme. It's my Firewall/Anti-Virus/Anti-Spyware.
Uninstall ZoneAlarm Extreme and use Microsoft Security Essentials.
Link to MS Security Essentials - http://www.microsoft.com/security_essentials/

Quote:
I noticed that a lot of people are having the same problem regarding ntoskrnl.exe. What exactly is it and why is it so hard to just point to a specific cause?
ntoskrnl.exe is a Windows .exe file and it's not the definite cause of BSOD.

Quote:
Ok, I'm still having trouble with the BSOD. It hasn't happened 10 times in a day like before, but it's been happening every other day. It feels entirely random as I cannot pinpoint what software or program might be causing this. I followed all the directions the first time and I'm not sure what I can do! I have no viruses or spywares on my computer because I scan regularly with Zone Alarm Extreme Security. Does this have anything to do with my registry? I have no programs that "cleans" it out. Please help!

Thanks and happy holidays!
Once you have turned on Driver Verifier as yowanvista requested. Get a BSOD after Driver Verifier is on and then turn it off. Upload the dumps after turning off Driver Verifier.

If you cannot access in Windows Mode to turn off Driver Verifier - use Safe Mode.


My System SpecsSystem Spec
.
26 Dec 2010   #12
reventon

Windows 7 x64, Windows XP SP3, Fedora
 
 

Hi,

The cause is clear here:
Code:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
    the operating system. The only supported way to extend a kernel
    mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff8000300bc40
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ed824a to fffff80002e83740

STACK_TEXT:  
fffff800`04508018 fffff800`02ed824a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`0300bc40 : nt!KeBugCheckEx
fffff800`04508020 fffff800`02e23569 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff800`04508060 fffff800`02e2394d : fffff800`04508000 fffff800`0450e000 00000000`00000000 00000000`00000000 : nt!RtlEnoughStackSpaceForStackCapture+0x15
fffff800`04508090 fffff800`02f46c2b : 00000000`00000001 fffffa80`0760c910 fffff800`045081c0 00000000`00000000 : nt!RtlWalkFrameChain+0x59
fffff800`045080c0 fffff880`04463264 : fffffa80`0760c900 fffff880`044b6110 00000000`00000002 00000000`00000000 : nt!RtlCaptureStackBackTrace+0x4b
fffff800`045080f0 fffffa80`0760c900 : fffff880`044b6110 00000000`00000002 00000000`00000000 00000000`00000000 : vsdatant+0x11264
fffff800`045080f8 fffff880`044b6110 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0760c900
fffff800`04508100 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vsdatant+0x64110
fffff800`04508108 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vsdatant+11264
fffff880`04463264 ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  vsdatant+11264

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdf0b8a

FAILURE_BUCKET_ID:  X64_0xc4_91_vsdatant+11264

BUCKET_ID:  X64_0xc4_91_vsdatant+11264

Followup: MachineOwner
---------
The Driver Verifier detected a violation in Zone Alarm's driver. Therefore ZA needs to be removed:
Quote:
Zone Alarm Removal tool -> http://download.zonealarm.com/bin/fr...cpes_clean.exe (run in Safe Mode without Networking)

Then reset the Windows Firewall to its default settings -
START -> type cmd.exe -> right-click -> run as administrator -> type netsh advfirewall reset press enter
I think you will find that doing so will solve all your problems.
My System SpecsSystem Spec
26 Dec 2010   #13
James Park

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by reventon View Post
Hi,

The cause is clear here:
Code:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
    the operating system. The only supported way to extend a kernel
    mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffff8000300bc40
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_91

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002ed824a to fffff80002e83740

STACK_TEXT:  
fffff800`04508018 fffff800`02ed824a : 00000000`000000c4 00000000`00000091 00000000`00000002 fffff800`0300bc40 : nt!KeBugCheckEx
fffff800`04508020 fffff800`02e23569 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4904
fffff800`04508060 fffff800`02e2394d : fffff800`04508000 fffff800`0450e000 00000000`00000000 00000000`00000000 : nt!RtlEnoughStackSpaceForStackCapture+0x15
fffff800`04508090 fffff800`02f46c2b : 00000000`00000001 fffffa80`0760c910 fffff800`045081c0 00000000`00000000 : nt!RtlWalkFrameChain+0x59
fffff800`045080c0 fffff880`04463264 : fffffa80`0760c900 fffff880`044b6110 00000000`00000002 00000000`00000000 : nt!RtlCaptureStackBackTrace+0x4b
fffff800`045080f0 fffffa80`0760c900 : fffff880`044b6110 00000000`00000002 00000000`00000000 00000000`00000000 : vsdatant+0x11264
fffff800`045080f8 fffff880`044b6110 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`0760c900
fffff800`04508100 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vsdatant+0x64110
fffff800`04508108 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vsdatant+11264
fffff880`04463264 ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  vsdatant+11264

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdf0b8a

FAILURE_BUCKET_ID:  X64_0xc4_91_vsdatant+11264

BUCKET_ID:  X64_0xc4_91_vsdatant+11264

Followup: MachineOwner
---------
The Driver Verifier detected a violation in Zone Alarm's driver. Therefore ZA needs to be removed:
Quote:
Zone Alarm Removal tool -> http://download.zonealarm.com/bin/fr...cpes_clean.exe (run in Safe Mode without Networking)

Then reset the Windows Firewall to its default settings -
START -> type cmd.exe -> right-click -> run as administrator -> type netsh advfirewall reset press enter
I think you will find that doing so will solve all your problems.
Thanks for the help! Am I to remove Zone Alarm Extreme Security forever or can I just download it from ZA and install it again? I rather not get another security program because I paid for a licence already.
My System SpecsSystem Spec
.

26 Dec 2010   #14
DeanP

Win 7 Pro x64 SP1 OS X Snow Leopard 10.6.7
 
 

Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

My System SpecsSystem Spec
26 Dec 2010   #15
James Park

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by DeanP View Post
Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone
I personally never used Microsoft Security Essentials. How does it compare to other security suites like Zone Alarm, Kaspersky, Avast, ect. I'm very careful to keep my PC running without viruses/spywares and fast. I'm just a bit concerned about switching since MSE is "free" and so far most free security suites I've used in the past has huge leaks.
My System SpecsSystem Spec
26 Dec 2010   #16
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by James Park View Post
Quote   Quote: Originally Posted by DeanP View Post
Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone
I personally never used Microsoft Security Essentials. How does it compare to other security suites like Zone Alarm, Kaspersky, Avast, ect. I'm very careful to keep my PC running without viruses/spywares and fast. I'm just a bit concerned about switching since MSE is "free" and so far most free security suites I've used in the past has huge leaks.

MSE is a decent AV app. It is substantially better than Kaspersky, Avast, Symantec, etc in terms of resources used, frequency of BSOD's and protection.


Ken J
My System SpecsSystem Spec
26 Dec 2010   #17
James Park

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by zigzag3143 View Post
Quote   Quote: Originally Posted by James Park View Post
Quote   Quote: Originally Posted by DeanP View Post
Uninstall forever and use MS Security Essentials. If I was you I would ask for a refund for the Zonealarm license.

Sent from my iPhone
I personally never used Microsoft Security Essentials. How does it compare to other security suites like Zone Alarm, Kaspersky, Avast, ect. I'm very careful to keep my PC running without viruses/spywares and fast. I'm just a bit concerned about switching since MSE is "free" and so far most free security suites I've used in the past has huge leaks.

MSE is a decent AV app. It is substantially better than Kaspersky, Avast, Symantec, etc in terms of resources used, frequency of BSOD's and protection.


Ken J
Alright thanks! I'll take yalls word. I wonder if I could get a partial refund after using ZA for 5 months. If ZA is really what's causing the problem, their software engineers has to do some patching.
My System SpecsSystem Spec
26 Dec 2010   #18
DeanP

Win 7 Pro x64 SP1 OS X Snow Leopard 10.6.7
 
 

MS Security Essentials is free, it does speed up your computer booting and does not cause a lot of BSOD.
My System SpecsSystem Spec
Reply

 BSOD - ntoskrnl.exe




Thread Tools




Similar help and support threads
Thread Forum
0x00000124 ntoskrnl.exe ntoskrnl.exe+4a63cc BSOD Error runninganygame
i keep getting BSOD when playing game new graphics i dont know where to start when its comes to BSOD stuff 110414-10576-01.dmp 11/4/2014 10:48:39 PM 0x00000124 00000000`00000000 fffffa80`0af318f8 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+4a63cc ...
BSOD Help and Support
BSOD Address:ntoskrnl.exe+75bc0; dxgmms1.sys,ntoskrnl.exe,Ntfs.sys
Hi, to make things easier for you,below is the Bug Check String, Driver, and crash address SYSTEM_SERVICE_EXCEPTION___dxgmms1.sys___ntoskrnl.exe+75bc0 MEMORY_MANAGEMENT_______ntoskrnl.exe____ntoskrnl.exe+75bc0 SYSTEM_SERVICE_EXCEPTION___ntoskrnl.exe____ntoskrnl.exe+75bc0...
BSOD Help and Support
BSOD when goes sleep, ntoskrnl.exe+e96d2/ntoskrnl.exe+81e7a
When I put my pc in sleep mode it often crashes: the screen goes normally in sleep mode, but the pc continues to stay awake for several minutes than BSOD & restart or BSOD & shut off. Thanks to BlueScreenView I found what is seemingly the guilty process, but I don't know what to do now. Thanks...
BSOD Help and Support
BSOD ntoskrnl.exe , All the Time !! Crash Address ntoskrnl.exe+80640
Jan 2014 //------------------------------------------- How to Solve : 1- I've uninstalled my windows and recover my laptop with recovery DVD to it's original factory state.(original windows :)) 2- Never installed Norton internet security again , I'm using Microsoft Security Essentials now. 3-...
BSOD Help and Support
Random BSOD Reporting ntoskrnl.exe+75c40 & ntoskrnl.exe+7efc0
I'm getting random Blue Screens and can't figure out why. I'm not running any hardcore programs. I'm mostly just using Microsoft Office and Firefox. The BSOD's seem to happen when I'm in Outlook, Excel or Firefox. Haven't been able to determine exactly which at the time as I'm moving back and...
BSOD Help and Support
BSOD Ntoskrnl.exe+7efc0 and Ntoskrnl.exe+75c40
I keep getting a BSOD (Critical_Object_Termination) but have no idea what is causing the issue. I tried in vain to debug my own minidump files but ended up getting nowhere. So far i have run MemTest over the weekend with 107 passes. I also ran Prime95 64-bit for 4 hours on each of the FFT tests...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:49.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App