HP SP3 BSOD event id 1003

Status
Not open for further replies.

newtech11

Posts: 11   +0
Compaq Presario 061
Windows XP Media Center Edition Service Pack 3 (build 2600)
2.40 gigahertz AMD Athlon 64
128 kilobyte primary memory cache
512 kilobyte secondary memory cache
Board: ASUSTek Computer INC. NAGAMI2 2.00
Bus Clock: 199 megahertz
BIOS: Phoenix Technologies, LTD 3.11 09/19/2006
1472 Megabytes Usable Installed Memory
NVIDIA GeForce 6150 LE [Display adapter]
DELL E177FP [Monitor] (17.1"vis, s/n WH3186650R3S, June 2006)
AntiVir Desktop Version 10.0.1.43
COMODO Internet Security Version 4, 0, 141438, 825 (firewall only)


Hello,

I have been having blue screen issues with a HP desktop with the above specs both while simply browsing the web only using both IE and FFX and while downloading files using Bittorrent. Exhaustive scans online and standalone offline have not shown any virus/rootkit activity (forums, Avira, HiJack) and memtest has been run with no errors. The blue screen is random but consistent even after a complete OS wipe and reinstall. Event viewer shows event ID 1003 primarily.

I have include a skydrive link with the minidumps for analysis and can provide a kernal dump if needed.

Any help with this trbl would be appreciated.

Thanks

P.S. Also ran Windows Memory Diagnostic for 8hrs no errors recorded, pagefile is 2300mb, clean install appr 1.5 wks,




skydrive link
http://cid-f06ad253dc81080a.skydrive.live.com/browse.aspx/HP?authkey=Hvp!ZIaEx3A$


Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 4/24/2010
Time: 9:36:43 AM
User: N/A
Computer: DGE2D
Description:
Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 37 1000007
0020: 66 20 20 50 61 72 61 6d f Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 30 38 2c 20 000008,
0038: 38 30 30 34 32 30 30 30 80042000
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 30 30 30 30 00, 0000
0050: 30 30 30 30 0000
 
I read the five most recently dated minidumps and all are the same error code 0x0000007F: UNEXPECTED_KERNEL_MODE_TRAP
One of three types of problems occurred in kernel-mode: (1) Hardware failures. (2) Software problems. (3) A bound trap (i.e., a condition that the kernel is not allowed to have or intercept). Hardware failures are the most common and, of these, memory hardware failures are the most common.

Your issue is with your Avira security software.

One file cited the Avira firewall TDI driver avfwot.sys as the cause of your system crashes.

The remaining four all cited the Avira Packet filtering kernel driver avfwim.sys which belongs to their product Antivir Workstation as the cause of your system crashes.

You could try the following:

1. Uninstall and reinstall your Avira softwware.

2. Update all things Avira.

3. Contact Avira and let them know of your crashes, that your minidumps were read, and give them the drivers specifically cited as the cause. I believe they also have an active community.


* Also, in the future please use the Zip option provided here. It will be easier for all of us. Thanks. :)
 
Thank you so much for responding and providing the analysis. I will go to Avira immediately and submit the info you discovered. When I get a response I will pass it on to the forum. Also, I'll make sure to use the attachment feature in the future.

Thanks again and I'll follow up soon.
 
After posting in the Avira forum, I received a response advising that I uninstall the Avira Firewall completely. I already had it disabled but it seems with the new Avira 10 there are many problems with the firewall and many more users reporting similar BSOD trbl. I will uninstall today and advise both forums on Friday if my BSODs have stopped.

Thanks for pointing me in the right direction Route44 and thanks to TechSpot for a responsive forum.
 
You are welcome. We're glad to be of help. And thanks for the response. Avira is a fine product but new releases always seem to have issues. Your information will help others.
 
Update: Ive had two more BSOD since I've uninstalled the avira firewall module. I was able to get a minidump of the last one to post for analysis to know for sure if it is the previously identified elements or something else. If it turns out to be Avira again I will have to totally discontinue using the software because I cant get anything done with these errors happening.

Thanks for your help again
 

Attachments

  • Mini042910-01.dmp
    88 KB · Views: 2
Did you have both the Avira firewalll and the Comodo firewall installed at the same time?
 
When Avira Premium Security Suite installs it will install all the modules (fwall, mailguard, av,etc) then you can disable what you dont want to use which is what i did since I use Comodo. Now due to this recent trbl with BSODs, I've learned that the Avira modules can be individually uninstalled which Ive now done by removing mailguard and the firewall modules. This hasnt cleared my trbl though which is why I asked for the latest minidump to be checked so I can be sure that Avira is still the culprit or if it is now something altogether different crashing this computer.

So, yes I did have both Avira and Comodo installed initially although Avira Firewall was disabled and has only proven to be a problem recently but not over the past two years since using both software with the same configuration.
 
The Comodo firewall driver inspect.sys is cited as the cause for your system crashes.

It was also specifically noted that it has prevented two Novatel Wireless drivers, NWVNdis.sys and nwusbmdm.sys, from loading.
 
You guys will have to let me know if it looks like these could be separate distinct trbls or somehow related to Avira install/uninstall, or some third party issue/system trbl. This HP is a very new installation and was previously checked up and down for malware. Also I noticed after any and every crash the system will behave strangely until at least two or three restarts/shutdowns which might explain why Comodo was blocking other drivers all of a sudden. After disconnecting/reconnecting all peripherals/external drives and unplugging power, the system seems back to normal and Comodo no longer interferes with the loading of other drivers (specifically - " The Comodo firewall driver inspect.sys is cited as the cause for your system crashes. It was also specifically noted that it has prevented two Novatel Wireless drivers, NWVNdis.sys and nwusbmdm.sys, from loading."

Final note: I have also observed that the BSOD will occur more frequently when I run utorrent 1.85 version. This could occur any time between 5mins to 18hrs after the program is first started. I know that utorrent is up to 2.01 at the moment but this older version is still considered to be very stable especially compared to whats out now. At other times when utorrent is not running the BSOD will occur randomly. Before anyone says aha! that is the problem, please know that I have been using all three programs Avira(pre/post firewall), Comodo, utorrent) for 2years plus with no issues whatsoever. These problems are very recent and I can confirm this on two separate make and model computers running XP Pro SP3 32 bit with the same programs. Things went crazy between the 2 of them around the same time frame 2-3 months ago (they are not networked) which is what made me recommission this HP because my Toshiba Tecra M2 seemed to be affected the worst (BSODs constantly). The only common factor between the 2 computers I could discern was Avira, Commodo, and Utorrent (used occasionally). I deduced that it had to be a program that gets updates for both to go nuts around the same time but I couldnt confirm this until I found someone to interpret the minidumps for me. The computer that is totally back to normal on its own without me doing anything to it is my Dell D400 running Avira 9 that was suffering the exact same issues at the same time. Again possibly pointing to an updating program once virus activity was ruled out.

If there are any more suggestions on how I can get to the root cause of these errors I will try them. If it would help things I did a hijackthis posted below for you to check out and I have regrouped all of the HP minidumps (about 8 pre-AviraFirewall uninstall plus Kernel dump and 2 post-AviraFirewall uninstall) and Toshiba minidumps separately if you feel like comparing them to see a pattern. If this is not possible and there are no more suggestions I will just dump the whole OS and start over without Avira or Comodo and see what happens. Lastly, there is similar hardware in both computers (Nvidia cards) just to keep in mind in case someone spots something relevant.

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:38:52 AM, on 5/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Compaq_Administrator\My Documents\Homer\Homer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\program files\sprint\sprint smartview\phoenix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\GetDiz\GetDiz.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Shortcut to Homer.exe.lnk = C:\Documents and Settings\SuperTech2010\My Documents\Homer\Homer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270411042921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270411032359
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

--
End of file - 9129 bytes


Route44, Im not trying to be rude but the Tshba and Kernel dumps are over the forum limit for attachments so I'll have to use the skydrive again. All links together in the next post
 
Hijack This logs need to be read over at the Virus and Malware removal forum. I certainly would not attempt to give advice on something I have little working experience with.
 
The middle link's folder refused to open up. The first one had a number of older minidump files and so at this point I did not bother to read.

The third zipped file I was able to read and it is the error 0x7F: UNEXPECTED_KERNEL_MODE_TRAP
One of three types of problems occurred in kernel-mode: (1) Hardware failures. (2) Software problems. (3) A bound trap (i.e., a condition that the kernel is not allowed to have or intercept). Hardware failures are the most common cause and, of these, memory hardware failures are the most common.


The driver cited as the cause of the crashes is a Packet filtering kernel driver avfwim.sys which is a driver file from Avira
 
I have ftpd the latest kernel dump 5.5.2010 to Avira for analysis. Since uninstalling the Avira firewall module a few days ago, the minidumps are now pointing to different driviers as the cause of the BSOD (NDVNdis.sys, tcpip.sys) which leads me to believe that something else altogether could be happening and the machine is either falsely identifying Avira or Avira is just a contributing factor. I will let you know what they say.

In the meantime, is there anything else I can do to get a deeper diagnosis of the BSOD from this computer?

Thanks

P.S. FFX works for me, but use IE to dwnld from skydrive, there is no pswd or signin required

http://cid-f06ad253dc81080a.skydrive.live.com/browse.aspx/HP 5.5.2010 kernel?authkey=UOM2yMDUeqQ$
 

Attachments

  • Mini050510-01.dmp
    64 KB · Views: 1
  • Mini050210-01.dmp
    88 KB · Views: 1
All three errors are 0x7F which was defined in my previous post.

All three cited Nwvndis.sys witch is a NDIS Driver for Wireless Modems by Novatel Wireless as the cause of your crashes. Go to Asus' website, find your exact model of motherboard and update the latest drivers.

By the way tcpip.sys is a Windows driver that has to do with networking/internet protocol.
 
Update - After completely uninstalling Comodo, Avira, and updating to the latest Nvidia driver for this HP system I was still getting the BSOD. Since the last memory dumps now said the trbl was the Novatel driver I uninstalled that too. Its been about 5 days now and the BSOD seemed to have stopped. I ran utorrent a few times as a test (as this process seemed to precipitate the BSODs often) and everything is still okay. I will now reinstall Comodo first, then if no more trouble Avira. It is very strange that the Novatel wireless network adapter is the actual trbl since Ive been using it for years in several computers but if it is I will accept it and move to something else. I just dont know why the dumps were pointing to everything else first as the culprit.

I'll write back on Tuesday if everythings still ok.
 
After some more testing, it seems my systems are stable now. Even though initially the errors were pointing to the antivirus and firewall pgms, the culprit looks to be the NDIS part of the Sprint Wireless Network Adapter software. I had been using Sprint Connection Manager with periodic updates for about 3 years with no problems until recently and it was heck figuring out this was the BSOD origin. But after some trial and error, I realized that I had been using the RAS (remote access server) part of the program and not the NDIS (Network Driver Interface Specification) Network Adapter part for the majority of the time and only recently began using NDIS. With regular web surfing I had no problems with the NDIS but after using utorrent for a few days I would get the BSOD. Once I went back to the RAS even with heavy utorrent usage no problems. Since Ive spent way too much time figuring this out already Im not delving deeper into why NDIS cant hold up for me under heavy load, I will just continue to use the RAS instead.

Thanks for your help and hopefully this thread will provide some value to someone else in the future.
 
Status
Not open for further replies.
Back