Random BSOD, most of them while playing video. ntoskrnl.exe+7cc10

Problem Devices:

Code:

USB Protection Device	ROOT\SYNCROSOFT_PROTECTION_DEVICE\0000	This device cannot start.

Laptop Model: Dell Inspiron N5110 (Since you did not fill in your system specs, this is being provided as it is useful info for those helping)


Security Software:

Code:

zlclient.exe	c:\program files (x86)\zone labs\zonealarm\zlclient.exe	2692	8	200	1380	3.4.2012 12:00	9.2.106.0	1*019,50 kB (1*043*968 bajtů)	18.4.2011 22:57
avastsvc.exe	c:\program files\avast software\avast\avastsvc.exe	1980	8	200	1380	3.4.2012 11:57	6.0.1125.0	41,20 kB (42*184 bajtů)	3.7.2011 15:08
avastui.exe	c:\program files\avast software\avast\avastui.exe	1928	8	200	1380	3.4.2012 12:00	6.0.1125.0	3,30 MB (3*459*712 bajtů)	3.7.2011 15:08
forcefield.exe	c:\program files\checkpoint\zaforcefield\forcefield.exe	1764	8	200	1380	3.4.2012 12:01	1.5.265.2	1,07 MB (1*123*320 bajtů)	15.2.2011 16:26
iswsvc.exe	c:\program files\checkpoint\zaforcefield\iswsvc.exe	2024	8	200	1380	3.4.2012 11:57	1.5.265.2	802,99 kB (822*264 bajtů)	15.2.2011 16:26
sbiectrl.exe	c:\program files\sandboxie\sbiectrl.exe	3068	8	200	1380	3.4.2012 11:59	3.54.0.0	583,73 kB (597*736 bajtů)	24.3.2011 12:25
sbiesvc.exe	c:\program files\sandboxie\sbiesvc.exe	1368	8	200	1380	3.4.2012 11:55	3.54.0.0	93,73 kB (95*976 bajtů)	24.3.2011 12:24

Code:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Kingston\BSODDmpFiles\FarleyCZ\Windows_NT6_BSOD_jcgriff2\040312-30669-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03456000 PsLoadedModuleList = 0xfffff800`0369b670
Debug session time: Tue Apr  3 03:53:54.702 2012 (UTC - 6:00)
System Uptime: 0 days 12:22:19.138
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {0, 0, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.

FAULTING_IP: 
+3937656165623861
00000000`00000000 ??              ???

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000000

ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0

BUGCHECK_STR:  0x1E_0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

EXCEPTION_RECORD:  fffff800049569c8 -- (.exr 0xfffff800049569c8)
ExceptionAddress: fffff800034d58e2 (nt!SwapContext_PatchXRstor)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME:  fffff80004956a70 -- (.trap 0xfffff80004956a70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=fffff80004956cc0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800034d58e2 rsp=fffff80004956c00 rbp=fffff80004956c70
 r8=fffffa80039cc778  r9=0000000000000000 r10=fffffffffffffffe
r11=fffff80003648e80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!SwapContext_PatchXRstor:
fffff800`034d58e2 0fae09          fxrstor [rcx]         ds:fffff800`04956cc0=7f
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800034ca5fe to fffff800034d2c10

STACK_TEXT:  
fffff800`04955aa8 fffff800`034ca5fe : fffff800`04955c10 00000000`00000002 fffff800`04956220 fffff800`034fe830 : nt!KeBugCheck
fffff800`04955ab0 fffff800`034fe4fd : fffff800`036dc0c8 fffff800`0361d030 fffff800`03456000 fffff800`049569c8 : nt!KiKernelCalloutExceptionHandler+0xe
fffff800`04955ae0 fffff800`034fd2d5 : fffff800`0361d0fc fffff800`04955b58 fffff800`049569c8 fffff800`03456000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`04955b10 fffff800`0350e361 : fffff800`049569c8 fffff800`04956220 fffff800`00000000 fffffa80`067bdb60 : nt!RtlDispatchException+0x415
fffff800`049561f0 fffff800`034d22c2 : fffff800`049569c8 fffff800`03648e80 fffff800`04956a70 fffff800`03656cc0 : nt!KiDispatchException+0x135
fffff800`04956890 fffff800`034d0bca : fffffa80`0761cd78 fffff880`016ec3a5 fffffa80`0743a000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff800`04956a70 fffff800`034d58e2 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`07d97950 : nt!KiGeneralProtectionFault+0x10a
fffff800`04956c00 fffff800`034caa1d : fffff800`03648e80 fffff800`03656cc0 00000000`00000000 fffff880`016c9a00 : nt!SwapContext_PatchXRstor
fffff800`04956c40 00000000`00000000 : fffff800`04957000 fffff800`04951000 fffff800`04956c00 00000000`00000000 : nt!KiIdleLoop+0x10d


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiKernelCalloutExceptionHandler+e
fffff800`034ca5fe 90              nop

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!KiKernelCalloutExceptionHandler+e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e

BUCKET_ID:  X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e

Followup: MachineOwner
---------

Loading Dump File [D:\Kingston\BSODDmpFiles\FarleyCZ\Windows_NT6_BSOD_jcgriff2\033112-26691-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03400000 PsLoadedModuleList = 0xfffff800`03645670
Debug session time: Sat Mar 31 03:54:44.251 2012 (UTC - 6:00)
System Uptime: 2 days 0:49:08.294
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffa800a36bd10, 0, fffff88001b9afaf, 0}

Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS

Could not read faulting driver name
Probably caused by : aswSP.SYS ( aswSP+afaf )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800a36bd10, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88001b9afaf, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036af100
 fffffa800a36bd10 

FAULTING_IP: 
aswSP+afaf
fffff880`01b9afaf 41f644241008    test    byte ptr [r12+10h],8

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  AvastSvc.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880098d05e0 -- (.trap 0xfffff880098d05e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8008cc2a60
rdx=fffffa800990f881 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001b9afaf rsp=fffff880098d0770 rbp=fffff880098d0988
 r8=fffffa800990f880  r9=0000000000000150 r10=fffff88001bd4000
r11=fffffa8008d6d580 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
aswSP+0xafaf:
fffff880`01b9afaf 41f644241008    test    byte ptr [r12+10h],8 ds:00000000`00000010=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800034289fc to fffff8000347cc40

STACK_TEXT:  
fffff880`098d0478 fffff800`034289fc : 00000000`00000050 fffffa80`0a36bd10 00000000`00000000 fffff880`098d05e0 : nt!KeBugCheckEx
fffff880`098d0480 fffff800`0347ad6e : 00000000`00000000 fffffa80`0a36bd10 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`098d05e0 fffff880`01b9afaf : fffff880`098d07e8 fffff800`00000001 fffff8a0`00000003 fffffa80`00000000 : nt!KiPageFault+0x16e
fffff880`098d0770 fffff880`098d07e8 : fffff800`00000001 fffff8a0`00000003 fffffa80`00000000 fa8004a7`ca780460 : aswSP+0xafaf
fffff880`098d0778 fffff800`00000001 : fffff8a0`00000003 fffffa80`00000000 fa8004a7`ca780460 00000000`00000801 : 0xfffff880`098d07e8
fffff880`098d0780 fffff8a0`00000003 : fffffa80`00000000 fa8004a7`ca780460 00000000`00000801 00000000`00000000 : 0xfffff800`00000001
fffff880`098d0788 fffffa80`00000000 : fa8004a7`ca780460 00000000`00000801 00000000`00000000 0000000f`ffffffff : 0xfffff8a0`00000003
fffff880`098d0790 fa8004a7`ca780460 : 00000000`00000801 00000000`00000000 0000000f`ffffffff fffffa80`0a36bd00 : 0xfffffa80`00000000
fffff880`098d0798 00000000`00000801 : 00000000`00000000 0000000f`ffffffff fffffa80`0a36bd00 00000000`00000000 : 0xfa8004a7`ca780460
fffff880`098d07a0 00000000`00000000 : 0000000f`ffffffff fffffa80`0a36bd00 00000000`00000000 fffff880`098d09f0 : 0x801


STACK_COMMAND:  kb

FOLLOWUP_IP: 
aswSP+afaf
fffff880`01b9afaf 41f644241008    test    byte ptr [r12+10h],8

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  aswSP+afaf

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSP

IMAGE_NAME:  aswSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4dc929b6

FAILURE_BUCKET_ID:  X64_0x50_aswSP+afaf

BUCKET_ID:  X64_0x50_aswSP+afaf

Followup: MachineOwner
---------

1. Possible causes are Memory problems... Viruses... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
2. Caused by avast! Could be related to network adapter driver corruption, audio driver corruption, or conflicts with other security software.

Make sure your network adapter drivers and audio drivers are up to date:

• Audio IDT Driver 1
  
  
• Audio IDT Driver 2
  
  
• Intel Centrino Wireless 1030 Driver (it says 1000, but it applies to the 1030 as well)
  
  
• Realtek Ethernet Driver

Do the following to determine what is causing your crashes:

• If you are overclocking any hardware, please stop.
  
  
• Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
  
  
• Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
  
  If you swap any memory components, follow these steps for ESD safety:
  
  1. Shut down and turn off your computer.
  2. Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
  3. Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
  4. Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
  
  Once these steps have been followed, it is safe to remove and replace components within your computer.
  
  
• An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
  
  a. Backup your system and user files
  b. Create a system restore point
  c. If you do not have a Windows 7 DVD, Create a system repair disc
  d. In Windows 7:

  • Click the Start Menu
  • Type verifier in Search programs and files (do not hit enter)
  • Right click verifier and click Run as administrator
  • Put a tick in Create custom settings (for code developers) and click next
  • Put a tick in Select individual settings from a full list and click next
  • Set up the individual settings as in the image and click next
    Attachment 205736
  • Put a tick in Select driver names from a list
  • Put a tick next to all non-Microsoft drivers.
  • Click Finish.
  • Restart your computer.

  
  
  If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.
  
  Thanks to zigzag3143 for contributing to the Verifier steps.
  If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
  The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.

Thanks writhziden! :)

No overcloking at all.

I uninstalled soundcard completely. No change, so this option is out.
Same with that stupid Syncrosoft dongle driver. It was needed for some demo version I didn't decide to buy, so no problems here... Also updated Avast.

I did few Verifier tests so far. In last one I limited verified drivers just to GPU, anti-virus and sound drivers. One of the bluescreen I've got lately was caused by nvlddmkm.sys, which seems to be GPU driver.

Problem is, that time on dump files is wrong and dump file still says just that NT kernel, so my system either stopped to make them or it has bad internal time and all of this was coused by GPU.

Last crash happened with GPU drivers up to date, so I'm thinking may be my GPU is out. Painful on the laptop. On the other side it makes sense as lots of those BSODs was while playing video.

Will do sfc now. Will get back with results.

So sfc nothing (will run it few times more though), chkdsk nothing. BSOD still continues. Thistime by nvkflt.sys. Didn't catch the error number.

Problem with that dumps sustaining. Last bump it wrote down is the one I've sent in initial post.

...but I guess we can call it GPU problem pretty safely. Now, any advices? Tried lastest drivers from N-vidia, tried drivers from maufacturer... nothing works.

When you installed the latest drivers, did you uninstall all NVIDIA software first? If not, follow these steps:

1. Download the latest drivers for your display card(s)
2. Click Start Menu
3. Click Control Panel
4. Click Uninstall a program
5. For NVIDIA:
   • Uninstall the NVIDIA Graphics Driver (this should uninstall all NVIDIA software and drivers)
   • Restart your computer
   • Make sure NVIDIA 3D Vision Driver, NVIDIA 3D Vision Video Player, NVIDIA HD Audio Driver, and NVIDIA PhysX System Software are not still listed under Uninstall a program through Control Panel
   • If any remain of the above, uninstall one at a time
   • If asked to restart after uninstalling any of the above, do so, and continue uninstalling any remaining NVIDIA items until all are removed
6. Restart your computer after uninstalling drivers for all display cards
7. Install the latest driver for the display cards once Windows starts

Also, there are some stress tests you can run on the GPU and other hardware that may be helpful:

• Monitor temperatures during the following tests.
  
  Use the following programs to monitor the temperatures.
  • Real Temp is a good CPU temperature monitor.
  • Speccy - System Information - Free Download will monitor all hardware temperatures.
  • HWiNFO, HWiNFO32 & HWiNFO64 - Hardware Information and Analysis Tools can be inaccurate for CPU temperatures, but is a good program for GPU temperature monitoring.
  
  
  • Use FurMark: VGA Stress Test, Graphics Card and GPU Stability Test, Burn-in Test, OpenGL Benchmark and GPU Temperature | oZone3D.Net to test the graphics card GPU. Let it run until the GPU temperatures even out or until the GPU temperatures reach a dangerous level (you can find the max temperature for your card on either the nVidia or AMD sites; if you are not sure, ask us). Then use the |MG| Video Memory Stress Test 1.7.116 Download to test your graphics card memory. Let the memory test run for at least seven passes; the more the better.
    
    
  • Run Hardware - Stress Test With Prime95 to determine any hardware problems. Run all three tests for a few hours each. If you get errors, stop the test and post back here.
    
    
  • Follow the steps for doing a CPU stress test using IntelBurnTest
  
  
• Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
  
  If you swap any memory components, follow these steps for ESD safety:
  
  1. Shut down and turn off your computer.
  2. Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
  3. Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
  4. Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
  
  Once these steps have been followed, it is safe to remove and replace components within your computer.

I know I have now mentioned the Memtest86+ software twice, but since you had not yet done that step, I figured there was no harm in reminding you. :)

Thanks. I definitely will do memtest as i get come CD somewhere.

Question: Is it possible that ZoneAlarm firewall was crashing GPU drivers? Becouse I found people with same configuration (even laptop model), same problem and solved by uninstalling ZoneAlarm that I also used.

So I uninstalled it and no BSODs so far. Fingers crossed, but seems like solved. Will wait few days befor claiming it as solved, but seems optimistic. Will do memtest anyway. Good to know how RAM is doing. :)

FarleyCZ said:

Thanks. I definitely will do memtest as i get come CD somewhere.

Question: Is it possible that ZoneAlarm firewall was crashing GPU drivers? Becouse I found people with same configuration (even laptop model), same problem and solved by uninstalling ZoneAlarm that I also used.

So I uninstalled it and no BSODs so far. Fingers crossed, but seems like solved. Will wait few days befor claiming it as solved, but seems optimistic. Will do memtest anyway. Good to know how RAM is doing. :)

It is quite possibly caused by ZoneAlarm. See below.

writhziden said:

1. Possible causes are Memory problems... Viruses... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
2. Caused by avast! Could be related to network adapter driver corruption, audio driver corruption, or conflicts with other security software.

One of the next steps I was going to suggest was a clean startup to disable ZoneAlarm and Sandboxie and only run avast!

Let us know how the system responds now that ZoneAlarm is removed.

One little BSOD so far, but that was my fault. I accidently unplugged soundcard while playing video. I don't think it's related to previous problem.

But about response, system got a bit quicker. Start time and web browsing especially. I miss the "this program is contacting internet, should I allow?" function, but that speed increase is welcome, so worth it. :)

Still will give it few days and that memtest until claiming it solved, but seems it was the problem.

Alright, let us know how it is performing in a few days. Best wishes!

Yep. Seems like solved. No BSOD's so far. It even solved some soundcard dropouts that were driving me crazy. Who would have thought Zone Alarm couses such a mess.

Thanks for help! :)