Solved B320 with frequent "blue screen" crashing

[luisgui]

I have a new Lenovo IdeaCentre B320 (purchased Feb. 15/2012) which has frequent "blue screen" crashes, it exits Windows 7 and restarts itself. These crashes sometimes occur on average every hour or even every half hour, but there are days that this failure is not as frequent. Please, what I can do to prevent this annoying failure from happening?

Windows 7 SP1 HP LatAam ES 64
OEM version
Age of system (hardware) = Manufactured 2011-08-12
I have not re-installed the OS.

I have attached the zipped files as instructed here.

 

[Vir Gnarus]

All of these are identical in that some usb device is suffering problems when attempting to unload itself (which occurs during removal of device or disabling it). Unfortunately there's no clear-cut answer I can personally derive from these minidumps, but I have managed to garner some suspects.

In the stack of the faulting thread that suffered the problem, I saw that it's most likely a bluetooth dongle or device. In addition, I also saw both Avast and Zone Alarm. Avast drivers are pretty fresh at being dated from Feb 23, but Zone Alarm is from way back in May 2011. You'll want to see what you can do about correcting that (update Zone Alarm). Note that I've personally experienced and witnessed others suffer conflict issues with Zone Alarm and their device drivers and/or antivirus drivers, so there may be the case where even if you update the drivers for your USB/bluetooth device AND Zone Alarm and STILL get these problems that you'll have to cut out something until the bug is fixed (be it Zone alarm or the device's drivers).


Analysts:

Callstack for trap frame of all the crashdumps showed usbccgp.sys in it, which is for USB devices. The symbols for all the functions explains that it's attempting to remove a device and clean up afterwards. Unfortunately these minidumps didn't manage to retain the IRP associated with the faulting thread, otherwise one could simply grab it and use !irp on it as well as !devobj and !devstack on whatever device object(s) happen to show up in it. This isn't the case. Instead, I did the rough thing and dumped the whole raw stack for the thread to find clues. The following showed up in various parts of it:

3: kd> !thread
GetPointerFromAddress: unable to read from fffff80002f11000
THREAD fffffa8003cd9040  Cid 0004.0040  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
IRP List:
    Unable to read nt!_IRP @ fffffa800c187bd0 [COLOR=DarkOrange][I]< could've given us our answer.[/I] :([/COLOR]
Not impersonating
GetUlongFromAddress: unable to read from fffff80002e50ba4
Owning Process            fffffa8003cc7040       Image:         System
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      307095       
Context Switch Count      27678          IdealProcessor: 1             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address nt!ExpWorkerThread (0xfffff80002ce8ef0)
Stack Init fffff880031c4c70 Current fffff880031c4470
Base [COLOR=Red]fffff880031c5000[/COLOR] Limit [COLOR=Blue]fffff880031bf000[/COLOR] Call 0
Priority 13 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`031c4548 fffff800`02f4cccf : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!memcmp+0x90
fffff880`031c4550 fffff800`030a9cbb : 00000000`00000048 00000000`00000002 00000000`00000048 fffff880`031c4668 : nt!WmipFindGEByGuid+0x3f
fffff880`031c4580 fffff800`030a9fc3 : 00000000`00000048 00000000`00000002 00000000`00000048 fffff8a0`0357bba8 : nt!WmipDisableCollectionForRemovedGuid+0x2b
fffff880`031c45f0 fffff800`030aa033 : 00000000`00000001 fffff8a0`0357bba8 00000000`00000040 fffff8a0`0b1e9c00 : nt!WmipGenerateRegistrationNotification+0x83
fffff880`031c4650 fffff800`030aa072 : 00000000`00000000 00000000`00000001 fffffa80`045c5470 fffffa80`0c176770 : nt!WmipRemoveDataSourceByDS+0x13
fffff880`031c4680 fffff800`02f31662 : fffffa80`045c5470 fffffa80`00000001 fffffa80`045c5470 00000000`00000000 : nt!WmipRemoveDataSource+0x22
fffff880`031c46b0 fffff800`03103694 : 00000000`00000005 00000000`00000005 fffffa80`045c5470 fffff880`094ac000 : nt! ?? ::NNGAKEGL::`string'+0x1e649
fffff880`031c46f0 fffff800`0310936e : fffffa80`0c1768c8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDeregisterDevice+0x64
fffff880`031c4720 fffff880`094a20f1 : fffffa80`0c1768c8 00000000`00000001 fffffa80`0c187bd0 00000000`00000002 : nt!IoWMIRegistrationControl+0xde
fffff880`031c4750 fffff880`094a459d : fffffa80`03eb2060 fffffa80`0c1768c8 fffffa80`0c187ee0 fffffa80`0c187bd0 : usbccgp!PrepareParentFDOForRemove+0xc5
fffff880`031c47a0 fffff880`094a40f0 : fffffa80`0c187b02 fffffa80`0c187bd0 fffffa80`0c1768c8 badbadba`badbadba : usbccgp!FdoRemoveDevice+0x5d
fffff880`031c47d0 fffff880`094b5ae1 : fffffa80`0c187bd0 fffffa80`0c1768c0 fffffa80`0c1768c8 fffffa80`0c1768c8 : usbccgp!DispatchFdoPnp+0x298
fffff880`031c4840 fffff880`094a1683 : 00000000`0000001b fffffa80`0c1768c0 fffffa80`0000021b fffffa80`0c187bd0 : usbccgp!USBC_PnP+0x89
fffff880`031c4880 fffff800`02f49af9 : fffffa80`0c176770 00000000`c0000000 fffff880`031c4901 fffffa80`0c187bd0 : usbccgp!USBC_Dispatch+0x233
fffff880`031c4900 fffff800`030c7f71 : fffffa80`0bb78060 00000000`00000000 fffffa80`0bf9b010 00000000`00000801 : nt!IopSynchronousCall+0xc5
fffff880`031c4970 fffff800`02ddb133 : fffff8a0`030d3050 fffff8a0`030d3050 00000000`00000018 00000000`00000000 : nt!IopRemoveDevice+0x101
fffff880`031c4a30 fffff800`030c7ac4 : fffffa80`0bf9b010 00000000`00000000 00000000`00000002 00000000`00000000 : nt!PnpRemoveLockedDeviceNode+0x1a3
fffff880`031c4a80 fffff800`030c7bd0 : 00000000`00000000 fffffa80`03cd9000 fffff8a0`09b4b0a0 00000000`00000000 : nt!PnpDeleteLockedDeviceNode+0x44
fffff880`031c4ab0 fffff800`030c7cc9 : fffffa80`09f59902 fffffa80`09f599a0 00000000`00000001 fffffa80`09f59900 : nt!PnpDeleteLockedDeviceNodes+0xa0
fffff880`031c4b20 fffff800`02ce9001 : fffff800`030c7c50 fffff800`02e7f2b8 fffffa80`03cd9000 00000000`00000000 : nt!PnpDelayedRemoveWorker+0x79
fffff880`031c4b70 fffff800`02f79fee : 9460bad1`d10f483f fffffa80`03cd9040 00000000`00000080 fffffa80`03cc7040 : nt!ExpWorkerThread+0x111
fffff880`031c4c00 fffff800`02cd05e6 : fffff880`02fd7180 fffffa80`03cd9040 fffff880`02fe1fc0 6878b58d`8ebcf7e7 : nt!PspSystemThreadStartup+0x5a
fffff880`031c4c40 00000000`00000000 : fffff880`031c5000 fffff880`031bf000 fffff880`031c4470 00000000`00000000 : nt!KiStartSystemThread+0x16

3: kd> dps [COLOR=Blue]fffff880031bf000 [/COLOR][COLOR=Red]fffff880031c5000[/COLOR] [COLOR=DarkOrange][I]< enter in reverse because stacks build downwards.[/I][/COLOR]

...

fffff880`031c3248  fffff880`06bdc8a1Unable to load image \SystemRoot\system32\DRIVERS\vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
 vsdatant+0x8e8a1 [COLOR=DarkOrange][I]< Zone Alarm[/I][/COLOR]

...

fffff880`031c3600  fffff880`06ec7640Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
 aswSP+0x40640 [COLOR=DarkOrange][I]< Avast[/I][/COLOR]

...

fffff880`031c3bb8  fffff880`0a4a4700 rfcomm!WppAutoLogTrace+0x148 [COLOR=DarkOrange]< [/COLOR][I][COLOR=DarkOrange]rfcomm[/COLOR]

...

[/I]3: kd> lmvm [COLOR=DarkOrange]rfcomm[/COLOR]
start             end                 module name
fffff880`0a48c000 fffff880`0a4b8000   rfcomm     (pdb symbols)          c:\localsymbols\rfcomm.pdb\000C0978304A4467B746E4C694F31CC31\rfcomm.pdb
    Loaded symbol image file: rfcomm.sys
    Mapped memory image file: c:\localsymbols\rfcomm.sys\4A5BCC202c000\rfcomm.sys
    Image path: \SystemRoot\system32\DRIVERS\rfcomm.sys
    Image name: rfcomm.sys
    Timestamp:        Mon Jul 13 20:06:56 2009 (4A5BCC20)
    CheckSum:         00032F30
    ImageSize:        0002C000
    File version:     6.1.7600.16385
    Product version:  6.1.7600.16385
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.6 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     rfcomm.sys
    OriginalFilename: rfcomm.sys
    ProductVersion:   6.1.7600.16385
    FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)
    FileDescription:  [COLOR=DarkOrange]Bluetooth RFCOMM Driver[/COLOR]
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

 

[luisgui]

Thanks, Vir Gnarus, for your quick response and analysis of my problem. It has given me some lights, and I'm finally doing something actively to maybe fix it, or at least clear the scene: As currently I have no keyboard or mouse nor any other bluetooth devices, I have turned off the bluetooth feature. As I have suspicions about the driver of the integrated camera, and as I am not interested in several camera and touchscreen applications that come preinstalled Lenovo (bloat-ware as: Eyesight blabla..., FunZone, VeriTouch, games, etc.) I uninstalled them (but not the Rescue System, the LVT nor the Boot Optimizer). Currently, the camera does not interest me very much, perhaps later, maybe for Skype.

 

[Vir Gnarus]

Have you done anything regarding Zone Alarm (update/remove it)? Also, given that you have no bluetooth devices, yet generic bluetooth drivers from Windows did show up here, it'd be best - in addition to dealing with Zone Alarm - to go to the Lenovo website and see about updating the chipset drivers for your system. It may refer to them as CPU drivers or Motherboard drivers, or anything pertaining to USB or bluetooth.

 

[luisgui]

It seems the problem was solved by turning off the bluetooth feature, as during several days after that, the BSOD has not happened again. Thanks.

 

[Vir Gnarus]

Glad to hear. You'll still want to keep all your drivers updated and fresh, as a just-in-case for future potential conflicts. Otherwise, good to hear everything's ok.