plz help regarding my bsod problem

i am still facing bsod error...i updated it to sp1....
i am attaching health report along with new eco.zip file.
one more thing bsod is more frequent when i am using vpn.


kindly help me
regards
 

Attachments

Hello,

your initial BSOD's seems to be related to ESET Smart Security, while the newer ones are originating from your OpenVPN client. It might be they are conflicting with each other, resulting into a BSOD.

Do you think you could upgrade both of these applications to the most recent versions or remove OpenVPN completely temporary to see if it resolves the issue? In addition, could you please compress C:\WINDOWS\MEMORY.DMP file and upload it to SkyDrive or some other public host? It's possible this log would provide more information than just a Mini Kernel Dumps you attached before.
 
Yes sir you are right whenever I use vpn this problem used to come. But earlier I was using vpn without any problem so what happens now and that so with same antivirus. when problem appeared i changed my antivirus for while to bitdefender but problem persisit. Then i reinstall windows and put eset again. As it looks like BSOD problem is mainly due to VPN then how to resolve it...Should i change my antivirus or need to do somethng with vpn..
i am uploading memory.dmp file


https://skydrive.live.com/redir?resid=CDE6CB748459C51C!107
 
Debugging Analysis:

Code: 
[COLOR=#ff0000]BugCheck D1[/COLOR], {[COLOR=#008000]fffffa80096cd003[/COLOR], [COLOR=#0000ff]2[/COLOR], 0, [COLOR=#ffa500]fffffa80088064cf[/COLOR]}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

The problem seems to have happened as a result of a invalid page fault, a driver has referenced a non-paged pool address (fffffa80096cd003). Page faults will not be serviced at IRQL Level 2.

Code: 
FAULTING_IP: 
+0
fffffa80`088064cf 0fb602          movzx   eax,byte ptr [rdx]

According to the Intel Developer Manual, this instruction causes a exception if a page fault occurs (Page 1032).

Code: 
0: kd> [COLOR=#008000]r @rdx[/COLOR]
rdx=fffffa80096cd003

Code: 
0: kd> [COLOR=#008000]r @eax[/COLOR]
eax=89ed870

Code: 
fffff880089ed8b0 -- ([COLOR=#008000].trap 0xfffff880089ed8b0[/COLOR])
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000052d rbx=0000000000000000 rcx=0000000000000519
[COLOR=#ff0000]rdx=fffffa80096cd003[/COLOR] rsi=0000000000000000 rdi=0000000000000000
rip=fffffa80088064cf rsp=fffff880089eda40 rbp=fffffa80096ccac6
 r8=0000000000000002  r9=0000000000001300 r10=0000000000000531
r11=fffffa80096ccaee r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
[COLOR=#ffa500]fffffa80`088064cf[/COLOR] 0fb602          [COLOR=#0000cd]movzx[/COLOR]   eax,byte ptr [[COLOR=#ff0000]rdx[/COLOR]] ds:fffffa80`096cd003=??
Resetting default scope

The movzx instruction is used to move data from one register to another, with a padding of zeros. The Data Segment also contains the address of the rax register.

Code: 
0: kd> [COLOR=#008000].formats 89ed870[/COLOR]
Evaluate expression:
  Hex:     [COLOR=#ff0000]00000000[/COLOR]`089ed870

Code: 
0: kd> [COLOR=#008000]lmvm epfw[/COLOR]

start             end                 module name
fffff880`06d73000 fffff880`06da4000   epfw       (no symbols)           
    Loaded symbol image file: epfw.sys
    Image path: \SystemRoot\system32\DRIVERS\epfw.sys
    Image name: epfw.sys
    Timestamp:        [COLOR=#ff0000]Tue Jun 28 08:30:10 2011[/COLOR] (4E098302)
    CheckSum:         0003466B
    ImageSize:        00031000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

This driver is related to ESET, please remove the program with the ESET Removal Tool, or find a updated version of the program.

Code: 
0: kd> [COLOR=#008000]lmvm EpfwLWF[/COLOR]

start             end                 module name
fffff880`0435a000 fffff880`04367000   EpfwLWF    (no symbols)           
    Loaded symbol image file: EpfwLWF.sys
    Image path: \SystemRoot\system32\DRIVERS\EpfwLWF.sys
    Image name: EpfwLWF.sys
    Timestamp:        [COLOR=#ff0000]Mon Jul 11 17:19:38 2011[/COLOR] (4E1B229A)
    CheckSum:         0000BEB6
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

This is related to ESET ESS/NOD32, the same principle applies as above with the other driver.

[TD="class: small"]

[/TD]

The VPN program was also running at the time of the crash too, have you tried it with Microsoft Security Essentials?
 
yes it occur only at time vpn is running...may be eset is creating some conflict with it.....sholuld i use MSE...is it good antivirus protection
 
I do believe there is some conflict between the two programs, MSE is a good security program to use, most people tend to use with it with the free version of Malwarebytes. I also have the free version of SuperAntiSpyware. Malwarebytes and SAS doesn't conflict with MSE, since they are on demand scanners and not real-time protection programs.

Malwarebytes : Free anti-malware download

Remember to untick the free trail during the installation process.
 
I'm having a look at the dump file now, could you also upload another Kernel Memory dump? The same process as before.
 
Code: 
[COLOR=#ff0000]BugCheck D1[/COLOR], {[COLOR=#008000]fffff881031f9ad0[/COLOR], 2, 1, fffff88001c3cc9f}

Probably caused by : tcpip.sys ( tcpip!UdpSendMessagesOnPathCreation+17f )

Code: 
 fffff881031f9ad0 Nonpaged pool

Code: 
 [COLOR=#008000].trap 0xfffff88009f97930[/COLOR]
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff881031f9a80 rbx=0000000000000000 rcx=fffffa8003c2a001
[COLOR=#ff0000]rdx=fffff881031f9ad0[/COLOR] rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001c3cc9f rsp=fffff88009f97ac0 rbp=fffffa80086b1080
 r8=0000000000000963  r9=0000000000000000 r10=fffffa8008d9aab0
r11=0000fffffffff000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
tcpip!UdpSendMessagesOnPathCreation+0x17f:
fffff880`01c3cc9f 40883a          [COLOR=#0000cd]mov[/COLOR]     byte ptr [rdx],dil ds:fffff881`031f9ad0=??

So the function referenced a non-paged pool address stored in the rdx register, and then attempted to transfer the address of dil into the rdx register.

Code: 
2: kd> [COLOR=#008000]r @dil[/COLOR]
dil=[COLOR=#ff0000]0[/COLOR]

Code: 
2: kd>[COLOR=#008000] r.[/COLOR]
Last set context:
rdx=fffff881`031f9ad0  dil=00000000`00000000

It seems like a NULL pointer, and a invalid page fault.

Code: 
2: kd> [COLOR=#008000]knL[/COLOR]
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr           Call Site
00 fffff880`09f97ac0 fffff880`01c3d40e tcpip!UdpSendMessagesOnPathCreation+0x17f
01 fffff880`09f97e40 fffff880`01c3d955 tcpip!UdpSendMessages+0x1ee
02 fffff880`09f98230 fffff800`02c8e878 tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
03 fffff880`09f98260 fffff880`01c3d9e8 nt!KeExpandKernelStackAndCalloutEx+0xd8
04 fffff880`09f98340 fffff880`0330ce9e tcpip!UdpTlProviderSendMessages+0x78
05 fffff880`09f983c0 fffff880`0330cad3 afd!AfdTLFastDgramSend+0xbe
06 fffff880`09f98460 fffff880`032f004c afd!AfdFastDatagramSend+0x2e3
07 fffff880`09f98560 fffff800`02fa0a33 afd!AfdFastIoDeviceControl+0x103c
08 fffff880`09f988d0 fffff800`02fa1526 nt!IopXxxControlFile+0x373
09 fffff880`09f98a00 fffff800`02c81e13 nt!NtDeviceIoControlFile+0x56
0a fffff880`09f98a70 00000000`7707132a nt!KiSystemServiceCopyEnd+0x13
0b 00000000`001cea98 00000000`00000000 0x7707132a

Again, it seems to be networking related. I'll suggest running Driver Verifier for at least 24 hours, and enabling all the options apart from Low Resources Simulation.
 
i am out of station for some time...will back on 10th December....then I will run driver verifier
I will let you know then...thanx for ur help
 
Back
Top