T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 23, 2013 #1 help me ...i am attaching file as u said....but not able to generate system health report...will add soon...till then if u kindly find out problem from bsod report...it will be great helpView attachment eco.zip
help me ...i am attaching file as u said....but not able to generate system health report...will add soon...till then if u kindly find out problem from bsod report...it will be great helpView attachment eco.zip
jcgriff2 Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.) Staff member Joined Feb 19, 2012 Posts 21,541 Location New Jersey Shore Nov 24, 2013 #2 Hi- Try to install W7 SP1 - Learn how to install Windows 7 Service Pack 1 (SP1) Regards. . . jcgriff2
Hi- Try to install W7 SP1 - Learn how to install Windows 7 Service Pack 1 (SP1) Regards. . . jcgriff2
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 24, 2013 #3 i will update it...then let you know ....thanx
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 25, 2013 #4 i am still facing bsod error...i updated it to sp1.... i am attaching health report along with new eco.zip file. one more thing bsod is more frequent when i am using vpn. kindly help me regards Attachments health report.pdf 1.9 MB · Views: 1 eco.zip 1.6 MB · Views: 1
i am still facing bsod error...i updated it to sp1.... i am attaching health report along with new eco.zip file. one more thing bsod is more frequent when i am using vpn. kindly help me regards
TomasD Sysnative Staff, BSOD Kernel Dump Senior Analyst Staff member Joined May 7, 2013 Posts 461 Location Kaunas, Lithuania Nov 25, 2013 #5 Hello, your initial BSOD's seems to be related to ESET Smart Security, while the newer ones are originating from your OpenVPN client. It might be they are conflicting with each other, resulting into a BSOD. Do you think you could upgrade both of these applications to the most recent versions or remove OpenVPN completely temporary to see if it resolves the issue? In addition, could you please compress C:\WINDOWS\MEMORY.DMP file and upload it to SkyDrive or some other public host? It's possible this log would provide more information than just a Mini Kernel Dumps you attached before.
Hello, your initial BSOD's seems to be related to ESET Smart Security, while the newer ones are originating from your OpenVPN client. It might be they are conflicting with each other, resulting into a BSOD. Do you think you could upgrade both of these applications to the most recent versions or remove OpenVPN completely temporary to see if it resolves the issue? In addition, could you please compress C:\WINDOWS\MEMORY.DMP file and upload it to SkyDrive or some other public host? It's possible this log would provide more information than just a Mini Kernel Dumps you attached before.
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 26, 2013 #6 Yes sir you are right whenever I use vpn this problem used to come. But earlier I was using vpn without any problem so what happens now and that so with same antivirus. when problem appeared i changed my antivirus for while to bitdefender but problem persisit. Then i reinstall windows and put eset again. As it looks like BSOD problem is mainly due to VPN then how to resolve it...Should i change my antivirus or need to do somethng with vpn.. i am uploading memory.dmp file https://skydrive.live.com/redir?resid=CDE6CB748459C51C!107
Yes sir you are right whenever I use vpn this problem used to come. But earlier I was using vpn without any problem so what happens now and that so with same antivirus. when problem appeared i changed my antivirus for while to bitdefender but problem persisit. Then i reinstall windows and put eset again. As it looks like BSOD problem is mainly due to VPN then how to resolve it...Should i change my antivirus or need to do somethng with vpn.. i am uploading memory.dmp file https://skydrive.live.com/redir?resid=CDE6CB748459C51C!107
TomasD Sysnative Staff, BSOD Kernel Dump Senior Analyst Staff member Joined May 7, 2013 Posts 461 Location Kaunas, Lithuania Nov 26, 2013 #7 Thanks, I will check the dump a bit later, once I'm at home. Meanwhile, could you please download and install the most recent version of OpenVPN?
Thanks, I will check the dump a bit later, once I'm at home. Meanwhile, could you please download and install the most recent version of OpenVPN?
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 26, 2013 #8 Debugging Analysis: Code: BugCheck D1, {fffffa80096cd003, 2, 0, fffffa80088064cf} Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 ) The problem seems to have happened as a result of a invalid page fault, a driver has referenced a non-paged pool address (fffffa80096cd003). Page faults will not be serviced at IRQL Level 2. Code: FAULTING_IP: +0 fffffa80`088064cf 0fb602 movzx eax,byte ptr [rdx] According to the Intel Developer Manual, this instruction causes a exception if a page fault occurs (Page 1032). Code: 0: kd> r @rdx rdx=fffffa80096cd003 Code: 0: kd> r @eax eax=89ed870 Code: fffff880089ed8b0 -- (.trap 0xfffff880089ed8b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000000000052d rbx=0000000000000000 rcx=0000000000000519 rdx=fffffa80096cd003 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa80088064cf rsp=fffff880089eda40 rbp=fffffa80096ccac6 r8=0000000000000002 r9=0000000000001300 r10=0000000000000531 r11=fffffa80096ccaee r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po cy fffffa80`088064cf 0fb602 movzx eax,byte ptr [rdx] ds:fffffa80`096cd003=?? Resetting default scope The movzx instruction is used to move data from one register to another, with a padding of zeros. The Data Segment also contains the address of the rax register. Code: 0: kd> .formats 89ed870 Evaluate expression: Hex: 00000000`089ed870 Code: 0: kd> lmvm epfw start end module name fffff880`06d73000 fffff880`06da4000 epfw (no symbols) Loaded symbol image file: epfw.sys Image path: \SystemRoot\system32\DRIVERS\epfw.sys Image name: epfw.sys Timestamp: Tue Jun 28 08:30:10 2011 (4E098302) CheckSum: 0003466B ImageSize: 00031000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 This driver is related to ESET, please remove the program with the ESET Removal Tool, or find a updated version of the program. Code: 0: kd> lmvm EpfwLWF start end module name fffff880`0435a000 fffff880`04367000 EpfwLWF (no symbols) Loaded symbol image file: EpfwLWF.sys Image path: \SystemRoot\system32\DRIVERS\EpfwLWF.sys Image name: EpfwLWF.sys Timestamp: Mon Jul 11 17:19:38 2011 (4E1B229A) CheckSum: 0000BEB6 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 This is related to ESET ESS/NOD32, the same principle applies as above with the other driver. The VPN program was also running at the time of the crash too, have you tried it with Microsoft Security Essentials?
Debugging Analysis: Code: BugCheck D1, {fffffa80096cd003, 2, 0, fffffa80088064cf} Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 ) The problem seems to have happened as a result of a invalid page fault, a driver has referenced a non-paged pool address (fffffa80096cd003). Page faults will not be serviced at IRQL Level 2. Code: FAULTING_IP: +0 fffffa80`088064cf 0fb602 movzx eax,byte ptr [rdx] According to the Intel Developer Manual, this instruction causes a exception if a page fault occurs (Page 1032). Code: 0: kd> r @rdx rdx=fffffa80096cd003 Code: 0: kd> r @eax eax=89ed870 Code: fffff880089ed8b0 -- (.trap 0xfffff880089ed8b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000000000052d rbx=0000000000000000 rcx=0000000000000519 rdx=fffffa80096cd003 rsi=0000000000000000 rdi=0000000000000000 rip=fffffa80088064cf rsp=fffff880089eda40 rbp=fffffa80096ccac6 r8=0000000000000002 r9=0000000000001300 r10=0000000000000531 r11=fffffa80096ccaee r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po cy fffffa80`088064cf 0fb602 movzx eax,byte ptr [rdx] ds:fffffa80`096cd003=?? Resetting default scope The movzx instruction is used to move data from one register to another, with a padding of zeros. The Data Segment also contains the address of the rax register. Code: 0: kd> .formats 89ed870 Evaluate expression: Hex: 00000000`089ed870 Code: 0: kd> lmvm epfw start end module name fffff880`06d73000 fffff880`06da4000 epfw (no symbols) Loaded symbol image file: epfw.sys Image path: \SystemRoot\system32\DRIVERS\epfw.sys Image name: epfw.sys Timestamp: Tue Jun 28 08:30:10 2011 (4E098302) CheckSum: 0003466B ImageSize: 00031000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 This driver is related to ESET, please remove the program with the ESET Removal Tool, or find a updated version of the program. Code: 0: kd> lmvm EpfwLWF start end module name fffff880`0435a000 fffff880`04367000 EpfwLWF (no symbols) Loaded symbol image file: EpfwLWF.sys Image path: \SystemRoot\system32\DRIVERS\EpfwLWF.sys Image name: EpfwLWF.sys Timestamp: Mon Jul 11 17:19:38 2011 (4E1B229A) CheckSum: 0000BEB6 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 This is related to ESET ESS/NOD32, the same principle applies as above with the other driver. The VPN program was also running at the time of the crash too, have you tried it with Microsoft Security Essentials?
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 26, 2013 #9 yes it occur only at time vpn is running...may be eset is creating some conflict with it.....sholuld i use MSE...is it good antivirus protection
yes it occur only at time vpn is running...may be eset is creating some conflict with it.....sholuld i use MSE...is it good antivirus protection
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 26, 2013 #10 I do believe there is some conflict between the two programs, MSE is a good security program to use, most people tend to use with it with the free version of Malwarebytes. I also have the free version of SuperAntiSpyware. Malwarebytes and SAS doesn't conflict with MSE, since they are on demand scanners and not real-time protection programs. Malwarebytes : Free anti-malware download Remember to untick the free trail during the installation process.
I do believe there is some conflict between the two programs, MSE is a good security program to use, most people tend to use with it with the free version of Malwarebytes. I also have the free version of SuperAntiSpyware. Malwarebytes and SAS doesn't conflict with MSE, since they are on demand scanners and not real-time protection programs. Malwarebytes : Free anti-malware download Remember to untick the free trail during the installation process.
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 27, 2013 #11 i uninstalled eset..now running MSE, SAS and MALWAREBYTES lets see what happens next..... will inform you later thanx
i uninstalled eset..now running MSE, SAS and MALWAREBYTES lets see what happens next..... will inform you later thanx
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 27, 2013 #12 Okay, that's good to know, will look forward to an update.
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 28, 2013 #13 now my system is stable.....thank u so much
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 28, 2013 #14 Welcome, glad to be help :dsmile:
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 28, 2013 #15 bsod problem again occurred after 2 days...this time due to tcpip.sys..may be due to MSE ans SAS both running same time i am uploading dump file Attachments Windows7_Vista_jcgriff2.rar 484.6 KB · Views: 3
bsod problem again occurred after 2 days...this time due to tcpip.sys..may be due to MSE ans SAS both running same time i am uploading dump file
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 28, 2013 #16 well i stopped SAS...only running MSE this time but BSOD again occured
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 28, 2013 #17 I'm having a look at the dump file now, could you also upload another Kernel Memory dump? The same process as before.
I'm having a look at the dump file now, could you also upload another Kernel Memory dump? The same process as before.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 28, 2013 #18 Code: BugCheck D1, {fffff881031f9ad0, 2, 1, fffff88001c3cc9f} Probably caused by : tcpip.sys ( tcpip!UdpSendMessagesOnPathCreation+17f ) Code: fffff881031f9ad0 Nonpaged pool Code: .trap 0xfffff88009f97930 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff881031f9a80 rbx=0000000000000000 rcx=fffffa8003c2a001 rdx=fffff881031f9ad0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88001c3cc9f rsp=fffff88009f97ac0 rbp=fffffa80086b1080 r8=0000000000000963 r9=0000000000000000 r10=fffffa8008d9aab0 r11=0000fffffffff000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip!UdpSendMessagesOnPathCreation+0x17f: fffff880`01c3cc9f 40883a mov byte ptr [rdx],dil ds:fffff881`031f9ad0=?? So the function referenced a non-paged pool address stored in the rdx register, and then attempted to transfer the address of dil into the rdx register. Code: 2: kd> r @dil dil=0 Code: 2: kd> r. Last set context: rdx=fffff881`031f9ad0 dil=00000000`00000000 It seems like a NULL pointer, and a invalid page fault. Code: 2: kd> knL *** Stack trace for last set context - .thread/.cxr resets it # Child-SP RetAddr Call Site 00 fffff880`09f97ac0 fffff880`01c3d40e tcpip!UdpSendMessagesOnPathCreation+0x17f 01 fffff880`09f97e40 fffff880`01c3d955 tcpip!UdpSendMessages+0x1ee 02 fffff880`09f98230 fffff800`02c8e878 tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15 03 fffff880`09f98260 fffff880`01c3d9e8 nt!KeExpandKernelStackAndCalloutEx+0xd8 04 fffff880`09f98340 fffff880`0330ce9e tcpip!UdpTlProviderSendMessages+0x78 05 fffff880`09f983c0 fffff880`0330cad3 afd!AfdTLFastDgramSend+0xbe 06 fffff880`09f98460 fffff880`032f004c afd!AfdFastDatagramSend+0x2e3 07 fffff880`09f98560 fffff800`02fa0a33 afd!AfdFastIoDeviceControl+0x103c 08 fffff880`09f988d0 fffff800`02fa1526 nt!IopXxxControlFile+0x373 09 fffff880`09f98a00 fffff800`02c81e13 nt!NtDeviceIoControlFile+0x56 0a fffff880`09f98a70 00000000`7707132a nt!KiSystemServiceCopyEnd+0x13 0b 00000000`001cea98 00000000`00000000 0x7707132a Again, it seems to be networking related. I'll suggest running Driver Verifier for at least 24 hours, and enabling all the options apart from Low Resources Simulation.
Code: BugCheck D1, {fffff881031f9ad0, 2, 1, fffff88001c3cc9f} Probably caused by : tcpip.sys ( tcpip!UdpSendMessagesOnPathCreation+17f ) Code: fffff881031f9ad0 Nonpaged pool Code: .trap 0xfffff88009f97930 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff881031f9a80 rbx=0000000000000000 rcx=fffffa8003c2a001 rdx=fffff881031f9ad0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88001c3cc9f rsp=fffff88009f97ac0 rbp=fffffa80086b1080 r8=0000000000000963 r9=0000000000000000 r10=fffffa8008d9aab0 r11=0000fffffffff000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc tcpip!UdpSendMessagesOnPathCreation+0x17f: fffff880`01c3cc9f 40883a mov byte ptr [rdx],dil ds:fffff881`031f9ad0=?? So the function referenced a non-paged pool address stored in the rdx register, and then attempted to transfer the address of dil into the rdx register. Code: 2: kd> r @dil dil=0 Code: 2: kd> r. Last set context: rdx=fffff881`031f9ad0 dil=00000000`00000000 It seems like a NULL pointer, and a invalid page fault. Code: 2: kd> knL *** Stack trace for last set context - .thread/.cxr resets it # Child-SP RetAddr Call Site 00 fffff880`09f97ac0 fffff880`01c3d40e tcpip!UdpSendMessagesOnPathCreation+0x17f 01 fffff880`09f97e40 fffff880`01c3d955 tcpip!UdpSendMessages+0x1ee 02 fffff880`09f98230 fffff800`02c8e878 tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15 03 fffff880`09f98260 fffff880`01c3d9e8 nt!KeExpandKernelStackAndCalloutEx+0xd8 04 fffff880`09f98340 fffff880`0330ce9e tcpip!UdpTlProviderSendMessages+0x78 05 fffff880`09f983c0 fffff880`0330cad3 afd!AfdTLFastDgramSend+0xbe 06 fffff880`09f98460 fffff880`032f004c afd!AfdFastDatagramSend+0x2e3 07 fffff880`09f98560 fffff800`02fa0a33 afd!AfdFastIoDeviceControl+0x103c 08 fffff880`09f988d0 fffff800`02fa1526 nt!IopXxxControlFile+0x373 09 fffff880`09f98a00 fffff800`02c81e13 nt!NtDeviceIoControlFile+0x56 0a fffff880`09f98a70 00000000`7707132a nt!KiSystemServiceCopyEnd+0x13 0b 00000000`001cea98 00000000`00000000 0x7707132a Again, it seems to be networking related. I'll suggest running Driver Verifier for at least 24 hours, and enabling all the options apart from Low Resources Simulation.
T thesantvijay Member Joined Nov 23, 2013 Posts 10 Nov 28, 2013 #19 i am out of station for some time...will back on 10th December....then I will run driver verifier I will let you know then...thanx for ur help
i am out of station for some time...will back on 10th December....then I will run driver verifier I will let you know then...thanx for ur help
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,252 Location %systemroot% Nov 28, 2013 #20 Welcome, and no hurry it's fine :dsmile: