HP SP3 BSOD event id 1003

By newtech11 ยท 16 replies
Apr 25, 2010
  1. Compaq Presario 061
    Windows XP Media Center Edition Service Pack 3 (build 2600)
    2.40 gigahertz AMD Athlon 64
    128 kilobyte primary memory cache
    512 kilobyte secondary memory cache
    Board: ASUSTek Computer INC. NAGAMI2 2.00
    Bus Clock: 199 megahertz
    BIOS: Phoenix Technologies, LTD 3.11 09/19/2006
    1472 Megabytes Usable Installed Memory
    NVIDIA GeForce 6150 LE [Display adapter]
    DELL E177FP [Monitor] (17.1"vis, s/n WH3186650R3S, June 2006)
    AntiVir Desktop Version
    COMODO Internet Security Version 4, 0, 141438, 825 (firewall only)


    I have been having blue screen issues with a HP desktop with the above specs both while simply browsing the web only using both IE and FFX and while downloading files using Bittorrent. Exhaustive scans online and standalone offline have not shown any virus/rootkit activity (forums, Avira, HiJack) and memtest has been run with no errors. The blue screen is random but consistent even after a complete OS wipe and reinstall. Event viewer shows event ID 1003 primarily.

    I have include a skydrive link with the minidumps for analysis and can provide a kernal dump if needed.

    Any help with this trbl would be appreciated.


    P.S. Also ran Windows Memory Diagnostic for 8hrs no errors recorded, pagefile is 2300mb, clean install appr 1.5 wks,

    skydrive link

    Event Type: Error
    Event Source: System Error
    Event Category: (102)
    Event ID: 1003
    Date: 4/24/2010
    Time: 9:36:43 AM
    User: N/A
    Computer: DGE2D
    Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    0000: 53 79 73 74 65 6d 20 45 System E
    0008: 72 72 6f 72 20 20 45 72 rror Er
    0010: 72 6f 72 20 63 6f 64 65 ror code
    0018: 20 31 30 30 30 30 30 37 1000007
    0020: 66 20 20 50 61 72 61 6d f Param
    0028: 65 74 65 72 73 20 30 30 eters 00
    0030: 30 30 30 30 30 38 2c 20 000008,
    0038: 38 30 30 34 32 30 30 30 80042000
    0040: 2c 20 30 30 30 30 30 30 , 000000
    0048: 30 30 2c 20 30 30 30 30 00, 0000
    0050: 30 30 30 30 0000
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    I read the five most recently dated minidumps and all are the same error code 0x0000007F: UNEXPECTED_KERNEL_MODE_TRAP
    One of three types of problems occurred in kernel-mode: (1) Hardware failures. (2) Software problems. (3) A bound trap (i.e., a condition that the kernel is not allowed to have or intercept). Hardware failures are the most common and, of these, memory hardware failures are the most common.

    Your issue is with your Avira security software.

    One file cited the Avira firewall TDI driver avfwot.sys as the cause of your system crashes.

    The remaining four all cited the Avira Packet filtering kernel driver avfwim.sys which belongs to their product Antivir Workstation as the cause of your system crashes.

    You could try the following:

    1. Uninstall and reinstall your Avira softwware.

    2. Update all things Avira.

    3. Contact Avira and let them know of your crashes, that your minidumps were read, and give them the drivers specifically cited as the cause. I believe they also have an active community.

    * Also, in the future please use the Zip option provided here. It will be easier for all of us. Thanks. :)
  3. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    Thank you so much for responding and providing the analysis. I will go to Avira immediately and submit the info you discovered. When I get a response I will pass it on to the forum. Also, I'll make sure to use the attachment feature in the future.

    Thanks again and I'll follow up soon.
  4. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    After posting in the Avira forum, I received a response advising that I uninstall the Avira Firewall completely. I already had it disabled but it seems with the new Avira 10 there are many problems with the firewall and many more users reporting similar BSOD trbl. I will uninstall today and advise both forums on Friday if my BSODs have stopped.

    Thanks for pointing me in the right direction Route44 and thanks to TechSpot for a responsive forum.
  5. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    You are welcome. We're glad to be of help. And thanks for the response. Avira is a fine product but new releases always seem to have issues. Your information will help others.
  6. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    Update: Ive had two more BSOD since I've uninstalled the avira firewall module. I was able to get a minidump of the last one to post for analysis to know for sure if it is the previously identified elements or something else. If it turns out to be Avira again I will have to totally discontinue using the software because I cant get anything done with these errors happening.

    Thanks for your help again

    Attached Files:

  7. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    Did you have both the Avira firewalll and the Comodo firewall installed at the same time?
  8. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    When Avira Premium Security Suite installs it will install all the modules (fwall, mailguard, av,etc) then you can disable what you dont want to use which is what i did since I use Comodo. Now due to this recent trbl with BSODs, I've learned that the Avira modules can be individually uninstalled which Ive now done by removing mailguard and the firewall modules. This hasnt cleared my trbl though which is why I asked for the latest minidump to be checked so I can be sure that Avira is still the culprit or if it is now something altogether different crashing this computer.

    So, yes I did have both Avira and Comodo installed initially although Avira Firewall was disabled and has only proven to be a problem recently but not over the past two years since using both software with the same configuration.
  9. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    The Comodo firewall driver inspect.sys is cited as the cause for your system crashes.

    It was also specifically noted that it has prevented two Novatel Wireless drivers, NWVNdis.sys and nwusbmdm.sys, from loading.
  10. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    You guys will have to let me know if it looks like these could be separate distinct trbls or somehow related to Avira install/uninstall, or some third party issue/system trbl. This HP is a very new installation and was previously checked up and down for malware. Also I noticed after any and every crash the system will behave strangely until at least two or three restarts/shutdowns which might explain why Comodo was blocking other drivers all of a sudden. After disconnecting/reconnecting all peripherals/external drives and unplugging power, the system seems back to normal and Comodo no longer interferes with the loading of other drivers (specifically - " The Comodo firewall driver inspect.sys is cited as the cause for your system crashes. It was also specifically noted that it has prevented two Novatel Wireless drivers, NWVNdis.sys and nwusbmdm.sys, from loading."

    Final note: I have also observed that the BSOD will occur more frequently when I run utorrent 1.85 version. This could occur any time between 5mins to 18hrs after the program is first started. I know that utorrent is up to 2.01 at the moment but this older version is still considered to be very stable especially compared to whats out now. At other times when utorrent is not running the BSOD will occur randomly. Before anyone says aha! that is the problem, please know that I have been using all three programs Avira(pre/post firewall), Comodo, utorrent) for 2years plus with no issues whatsoever. These problems are very recent and I can confirm this on two separate make and model computers running XP Pro SP3 32 bit with the same programs. Things went crazy between the 2 of them around the same time frame 2-3 months ago (they are not networked) which is what made me recommission this HP because my Toshiba Tecra M2 seemed to be affected the worst (BSODs constantly). The only common factor between the 2 computers I could discern was Avira, Commodo, and Utorrent (used occasionally). I deduced that it had to be a program that gets updates for both to go nuts around the same time but I couldnt confirm this until I found someone to interpret the minidumps for me. The computer that is totally back to normal on its own without me doing anything to it is my Dell D400 running Avira 9 that was suffering the exact same issues at the same time. Again possibly pointing to an updating program once virus activity was ruled out.

    If there are any more suggestions on how I can get to the root cause of these errors I will try them. If it would help things I did a hijackthis posted below for you to check out and I have regrouped all of the HP minidumps (about 8 pre-AviraFirewall uninstall plus Kernel dump and 2 post-AviraFirewall uninstall) and Toshiba minidumps separately if you feel like comparing them to see a pattern. If this is not possible and there are no more suggestions I will just dump the whole OS and start over without Avira or Comodo and see what happens. Lastly, there is similar hardware in both computers (Nvidia cards) just to keep in mind in case someone spots something relevant.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:38:52 AM, on 5/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Documents and Settings\Compaq_Administrator\My Documents\Homer\Homer.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    c:\program files\sprint\sprint smartview\phoenix.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\GetDiz\GetDiz.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
    O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Shortcut to Homer.exe.lnk = C:\Documents and Settings\SuperTech2010\My Documents\Homer\Homer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270411042921
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270411032359
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

    End of file - 9129 bytes

    Route44, Im not trying to be rude but the Tshba and Kernel dumps are over the forum limit for attachments so I'll have to use the skydrive again. All links together in the next post
  11. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    Hijack This logs need to be read over at the Virus and Malware removal forum. I certainly would not attempt to give advice on something I have little working experience with.
  12. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

  13. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    The middle link's folder refused to open up. The first one had a number of older minidump files and so at this point I did not bother to read.

    The third zipped file I was able to read and it is the error 0x7F: UNEXPECTED_KERNEL_MODE_TRAP
    One of three types of problems occurred in kernel-mode: (1) Hardware failures. (2) Software problems. (3) A bound trap (i.e., a condition that the kernel is not allowed to have or intercept). Hardware failures are the most common cause and, of these, memory hardware failures are the most common.

    The driver cited as the cause of the crashes is a Packet filtering kernel driver avfwim.sys which is a driver file from Avira
  14. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    i have ftpd the latest kernel dump 5.5.2010 to Avira for analysis. Since uninstalling the Avira firewall module a few days ago, the minidumps are now pointing to different driviers as the cause of the BSOD (NDVNdis.sys, tcpip.sys) which leads me to believe that something else altogether could be happening and the machine is either falsely identifying Avira or Avira is just a contributing factor. I will let you know what they say.

    In the meantime, is there anything else I can do to get a deeper diagnosis of the BSOD from this computer?


    P.S. FFX works for me, but use IE to dwnld from skydrive, there is no pswd or signin required

    http://cid-f06ad253dc81080a.skydrive.live.com/browse.aspx/HP 5.5.2010 kernel?authkey=UOM2yMDUeqQ$

    Attached Files:

  15. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    All three errors are 0x7F which was defined in my previous post.

    All three cited Nwvndis.sys witch is a NDIS Driver for Wireless Modems by Novatel Wireless as the cause of your crashes. Go to Asus' website, find your exact model of motherboard and update the latest drivers.

    By the way tcpip.sys is a Windows driver that has to do with networking/internet protocol.
  16. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    Update - After completely uninstalling Comodo, Avira, and updating to the latest Nvidia driver for this HP system I was still getting the BSOD. Since the last memory dumps now said the trbl was the Novatel driver I uninstalled that too. Its been about 5 days now and the BSOD seemed to have stopped. I ran utorrent a few times as a test (as this process seemed to precipitate the BSODs often) and everything is still okay. I will now reinstall Comodo first, then if no more trouble Avira. It is very strange that the Novatel wireless network adapter is the actual trbl since Ive been using it for years in several computers but if it is I will accept it and move to something else. I just dont know why the dumps were pointing to everything else first as the culprit.

    I'll write back on Tuesday if everythings still ok.
  17. newtech11

    newtech11 TS Rookie Topic Starter Posts: 16

    After some more testing, it seems my systems are stable now. Even though initially the errors were pointing to the antivirus and firewall pgms, the culprit looks to be the NDIS part of the Sprint Wireless Network Adapter software. I had been using Sprint Connection Manager with periodic updates for about 3 years with no problems until recently and it was heck figuring out this was the BSOD origin. But after some trial and error, I realized that I had been using the RAS (remote access server) part of the program and not the NDIS (Network Driver Interface Specification) Network Adapter part for the majority of the time and only recently began using NDIS. With regular web surfing I had no problems with the NDIS but after using utorrent for a few days I would get the BSOD. Once I went back to the RAS even with heavy utorrent usage no problems. Since Ive spent way too much time figuring this out already Im not delving deeper into why NDIS cant hold up for me under heavy load, I will just continue to use the RAS instead.

    Thanks for your help and hopefully this thread will provide some value to someone else in the future.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...