plz help regarding my bsod problem

thesantvijay · Nov 23, 2013

help me ...i am attaching file as u said....but not able to generate system health report...will add soon...till then if u kindly find out problem from bsod report...it will be great helpView attachment eco.zip

jcgriff2 · Nov 24, 2013

Hi-

Try to install W7 SP1 - Learn how to install Windows 7 Service Pack 1 (SP1)

Regards. . .

jcgriff2

thesantvijay · Nov 24, 2013

i will update it...then let you know ....thanx

thesantvijay · Nov 25, 2013

i am still facing bsod error...i updated it to sp1....
i am attaching health report along with new eco.zip file.
one more thing bsod is more frequent when i am using vpn.

kindly help me
regards

TomasD · Nov 25, 2013

Hello,

your initial BSOD's seems to be related to ESET Smart Security, while the newer ones are originating from your OpenVPN client. It might be they are conflicting with each other, resulting into a BSOD.

Do you think you could upgrade both of these applications to the most recent versions or remove OpenVPN completely temporary to see if it resolves the issue? In addition, could you please compress C:\WINDOWS\MEMORY.DMP file and upload it to SkyDrive or some other public host? It's possible this log would provide more information than just a Mini Kernel Dumps you attached before.

thesantvijay · Nov 26, 2013

Yes sir you are right whenever I use vpn this problem used to come. But earlier I was using vpn without any problem so what happens now and that so with same antivirus. when problem appeared i changed my antivirus for while to bitdefender but problem persisit. Then i reinstall windows and put eset again. As it looks like BSOD problem is mainly due to VPN then how to resolve it...Should i change my antivirus or need to do somethng with vpn..
i am uploading memory.dmp file

https://skydrive.live.com/redir?resid=CDE6CB748459C51C!107

TomasD · Nov 26, 2013

Thanks, I will check the dump a bit later, once I'm at home.

Meanwhile, could you please download and install the most recent version of OpenVPN?

x BlueRobot · Nov 26, 2013

Debugging Analysis:

Code:

BugCheck D1, {fffffa80096cd003, 2, 0, fffffa80088064cf}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

The problem seems to have happened as a result of a invalid page fault, a driver has referenced a non-paged pool address (fffffa80096cd003). Page faults will not be serviced at IRQL Level 2.

Code:

FAULTING_IP: 
+0
fffffa80`088064cf 0fb602          movzx   eax,byte ptr [rdx]

According to the Intel Developer Manual, this instruction causes a exception if a page fault occurs (Page 1032).

Code:

0: kd> r @rdx
rdx=fffffa80096cd003

Code:

0: kd> r @eax
eax=89ed870

Code:

fffff880089ed8b0 -- (.trap 0xfffff880089ed8b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000052d rbx=0000000000000000 rcx=0000000000000519
rdx=fffffa80096cd003 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa80088064cf rsp=fffff880089eda40 rbp=fffffa80096ccac6
 r8=0000000000000002  r9=0000000000001300 r10=0000000000000531
r11=fffffa80096ccaee r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
fffffa80`088064cf 0fb602          movzx   eax,byte ptr [rdx] ds:fffffa80`096cd003=??
Resetting default scope

The movzx instruction is used to move data from one register to another, with a padding of zeros. The Data Segment also contains the address of the rax register.

Code:

0: kd> .formats 89ed870
Evaluate expression:
  Hex:     00000000`089ed870

Code:

0: kd> lmvm epfw

start             end                 module name
fffff880`06d73000 fffff880`06da4000   epfw       (no symbols)           
    Loaded symbol image file: epfw.sys
    Image path: \SystemRoot\system32\DRIVERS\epfw.sys
    Image name: epfw.sys
    Timestamp:        Tue Jun 28 08:30:10 2011 (4E098302)
    CheckSum:         0003466B
    ImageSize:        00031000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

This driver is related to ESET, please remove the program with the ESET Removal Tool, or find a updated version of the program.

Code:

0: kd> lmvm EpfwLWF

start             end                 module name
fffff880`0435a000 fffff880`04367000   EpfwLWF    (no symbols)           
    Loaded symbol image file: EpfwLWF.sys
    Image path: \SystemRoot\system32\DRIVERS\EpfwLWF.sys
    Image name: EpfwLWF.sys
    Timestamp:        Mon Jul 11 17:19:38 2011 (4E1B229A)
    CheckSum:         0000BEB6
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

This is related to ESET ESS/NOD32, the same principle applies as above with the other driver.

The VPN program was also running at the time of the crash too, have you tried it with Microsoft Security Essentials?

thesantvijay · Nov 26, 2013

yes it occur only at time vpn is running...may be eset is creating some conflict with it.....sholuld i use MSE...is it good antivirus protection

x BlueRobot · Nov 26, 2013

I do believe there is some conflict between the two programs, MSE is a good security program to use, most people tend to use with it with the free version of Malwarebytes. I also have the free version of SuperAntiSpyware. Malwarebytes and SAS doesn't conflict with MSE, since they are on demand scanners and not real-time protection programs.

Malwarebytes : Free anti-malware download

Remember to untick the free trail during the installation process.

thesantvijay · Nov 27, 2013

i uninstalled eset..now running MSE, SAS and MALWAREBYTES
lets see what happens next.....
will inform you later

thanx

x BlueRobot · Nov 27, 2013

Okay, that's good to know, will look forward to an update.

thesantvijay · Nov 28, 2013

now my system is stable.....thank u so much

x BlueRobot · Nov 28, 2013

Welcome, glad to be help :dsmile:

thesantvijay · Nov 28, 2013

bsod problem again occurred after 2 days...this time due to tcpip.sys..may be due to MSE ans SAS both running same time

i am uploading dump file

thesantvijay · Nov 28, 2013

well i stopped SAS...only running MSE this time but BSOD again occured

x BlueRobot · Nov 28, 2013

I'm having a look at the dump file now, could you also upload another Kernel Memory dump? The same process as before.

x BlueRobot · Nov 28, 2013

Code:

BugCheck D1, {fffff881031f9ad0, 2, 1, fffff88001c3cc9f}

Probably caused by : tcpip.sys ( tcpip!UdpSendMessagesOnPathCreation+17f )

Code:

 fffff881031f9ad0 Nonpaged pool

Code:

 .trap 0xfffff88009f97930
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff881031f9a80 rbx=0000000000000000 rcx=fffffa8003c2a001
rdx=fffff881031f9ad0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001c3cc9f rsp=fffff88009f97ac0 rbp=fffffa80086b1080
 r8=0000000000000963  r9=0000000000000000 r10=fffffa8008d9aab0
r11=0000fffffffff000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
tcpip!UdpSendMessagesOnPathCreation+0x17f:
fffff880`01c3cc9f 40883a          mov     byte ptr [rdx],dil ds:fffff881`031f9ad0=??

So the function referenced a non-paged pool address stored in the rdx register, and then attempted to transfer the address of dil into the rdx register.

Code:

2: kd> r @dil
dil=0

Code:

2: kd> r.
Last set context:
rdx=fffff881`031f9ad0  dil=00000000`00000000

It seems like a NULL pointer, and a invalid page fault.

Code:

2: kd> knL
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr           Call Site
00 fffff880`09f97ac0 fffff880`01c3d40e tcpip!UdpSendMessagesOnPathCreation+0x17f
01 fffff880`09f97e40 fffff880`01c3d955 tcpip!UdpSendMessages+0x1ee
02 fffff880`09f98230 fffff800`02c8e878 tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
03 fffff880`09f98260 fffff880`01c3d9e8 nt!KeExpandKernelStackAndCalloutEx+0xd8
04 fffff880`09f98340 fffff880`0330ce9e tcpip!UdpTlProviderSendMessages+0x78
05 fffff880`09f983c0 fffff880`0330cad3 afd!AfdTLFastDgramSend+0xbe
06 fffff880`09f98460 fffff880`032f004c afd!AfdFastDatagramSend+0x2e3
07 fffff880`09f98560 fffff800`02fa0a33 afd!AfdFastIoDeviceControl+0x103c
08 fffff880`09f988d0 fffff800`02fa1526 nt!IopXxxControlFile+0x373
09 fffff880`09f98a00 fffff800`02c81e13 nt!NtDeviceIoControlFile+0x56
0a fffff880`09f98a70 00000000`7707132a nt!KiSystemServiceCopyEnd+0x13
0b 00000000`001cea98 00000000`00000000 0x7707132a

Again, it seems to be networking related. I'll suggest running Driver Verifier for at least 24 hours, and enabling all the options apart from Low Resources Simulation.

thesantvijay · Nov 28, 2013

i am out of station for some time...will back on 10th December....then I will run driver verifier
I will let you know then...thanx for ur help

x BlueRobot · Nov 28, 2013

Welcome, and no hurry it's fine :dsmile:

plz help regarding my bsod problem

Member

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Member

Member

Attachments

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Member

Sysnative Staff, BSOD Kernel Dump Senior Analyst

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Member

Attachments

Member

Administrator

Administrator

Member

Administrator

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)