[SOLVED] Random BSOD's periodically - Win7 x86

Hi,

Many different bug checks.

IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

Code: 
0: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff800`00b9c6f8 fffff800`02cc6129 : 00000000`0000000a fffff788`00000320 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
fffff800`00b9c700 fffff800`02cc4da0 : 00000000`0000003e 00000000`00000002 00000000`00000000 00000000`00000004 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c840 fffff800`02cd0687 : fffff800`00b96080 fffff800`02e41e80 00000000`00000001 00000000`00000000 : nt!KiPageFault+0x260 ([COLOR=#ff0000]TrapFrame @ fffff800`00b9c840[/COLOR])
fffff800`00b9c9d0 fffff800`02c12895 : fffff800`02c38460 fffff800`00b9cb80 fffff800`02c38460 fffffa80`00000000 : [COLOR=#0000cd]nt!KeUpdateSystemTime+0x307[/COLOR]
fffff800`00b9cad0 fffff800`02cc30d3 : 00000000`00000000 fffff800`00b9cb80 00000000`00000001 fffffa80`02fb53b0 : hal!HalpHpetClockInterrupt+0x8d
fffff800`00b9cb00 fffff880`011e97f2 : fffff800`02ccf709 00000000`002b6a01 fffffa80`02ada5c8 fffff800`02e4fcc0 : nt!KiInterruptDispatchNoLock+0x163 (TrapFrame @ fffff800`00b9cb00)
fffff800`00b9cc98 fffff800`02ccf709 : 00000000`002b6a01 fffffa80`02ada5c8 fffff800`02e4fcc0 00000000`00000001 : amdppm!C1Halt+0x2
fffff800`00b9cca0 fffff800`02cbe85c : fffff800`02e41e80 fffff800`00000000 00000000`00000000 fffff800`02d7e420 : nt!PoIdle+0x52a
fffff800`00b9cd80 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cd40 00000000`00000000 : nt!KiIdleLoop+0x2c

Code: 
0: kd> .trap fffff800`00b9c840
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000075c0f178 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000008 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd0687 rsp=fffff80000b9c9d0 rbp=fffff78800000320
 r8=0000000000000000  r9=fffff80002e3ff18 r10=0000000000000000
r11=fffff80000b9ca20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
[COLOR=#0000cd]nt!KeUpdateSystemTime+0x307[/COLOR]:
fffff800`02cd0687 8b5d00          [COLOR=#800080]mov[/COLOR]     [COLOR=#006400]ebx[/COLOR],dword ptr [[COLOR=#ff8c00]rbp[/COLOR]] ss:0018:fffff788`00000320=????????

There was a failure moving the value stored in the rbp register to the ebx register. Hard to say what exactly went wrong here as I can't get a proper page table dump:

Code: 
0: kd> !pte fffff78800000320
                                           VA fffff78800000320
PXE at FFFFF6FB7DBEDF78    PPE at FFFFF6FB7DBEF100    PDE at FFFFF6FB7DE20000    PTE at FFFFF6FBC4000000
Unable to get PXE FFFFF6FB7DBEDF78

My guess is either rbp was invalid or the lower 32 bit ebx was the problem.

Looking at the faulting instruction, it was from - nt!KeUpdateSystemTime+0x307. We hit a pagefault trying to update the system time after the processor (core 0) received an IPI to wake up and update the system time.

Code: 
0: kd> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           Call Site
fffff800`00b9c9d0 fffff800`02c12895 nt!KeUpdateSystemTime+0x307
fffff800`00b9cad0 fffff800`02cc30d3 hal!HalpHpetClockInterrupt+0x8d
fffff800`00b9cb00 fffff880`011e97f2 nt!KiInterruptDispatchNoLock+0x163
fffff800`00b9cc98 fffff800`02ccf709 [COLOR=#ff0000]amdppm!C1Halt+0x2[/COLOR] [COLOR=#4b0082]// Responding to interrupt and waking up from idle.[/COLOR]
fffff800`00b9cca0 fffff800`02cbe85c nt!PoIdle+0x52a
fffff800`00b9cd80 00000000`00000000 nt!KiIdleLoop+0x2c


The other bug checks are 0x3D and 0x7F which are showing exceptions occurring when interrupts are being serviced.

Just to grasp at a few straws, I dumped the raw stack and here's what I saw:

Code: 
fffff800`00b9c0f8  fffff880`0f1ccba0 nvlddmkm+0x1b1ba0
fffff800`00b9c100  fffff800`00b9c130
fffff800`00b9c108  fffff880`0f285e3f nvlddmkm+0x26ae3f
fffff800`00b9c110  fffffa80`03fe8000
fffff800`00b9c118  fffff880`03f8c69d dxgmms1!VidSchiUpdateCurrentIsrFrameTime+0x95
fffff800`00b9c1c8  00000000`000186a0
fffff800`00b9c1d0  fffff800`02e41e80 nt!KiInitialPCR+0x180
fffff800`00b9c1e0  00000000`00000000
fffff800`00b9c1e8  fffff800`02cd0687 nt!KeUpdateSystemTime+0x307
fffff800`00b9c210  00000000`00000001
fffff800`00b9c218  fffff800`02cc6b80 nt!KeBugCheckEx
fffff800`00b9c630  fffff880`01787930 tcpip!gTupleState+0x4b0
fffff800`00b9c638  fffff880`015382b0 NETIO!WfpSysTimerCallback
fffff800`00b9c640  fffff880`017878e8 tcpip!gTupleState+0x468
fffff800`00b9c648  fffff880`0177c5f0 tcpip!LruContextLoose+0x4b0
fffff800`00b9c650  fffff880`015382b0 NETIO!WfpSysTimerCallback
fffff800`00b9c658  fffff880`0177c5a8 tcpip!LruContextLoose+0x468
fffff800`00b9c660  fffff880`0177b530 tcpip!endpointLruContext+0x4b0
fffff800`00b9c668  fffff880`015382b0 NETIO!WfpSysTimerCallback
fffff800`00b9c670  fffff880`0177b4e8 tcpip!endpointLruContext+0x468

So until now I really had nothing to go on, but now I see some network stuff (Network I/O Subsystem working to set up a DPC timer object probably), and nVidia video driver calls as the Direct X MMS is updating the Interrupt Service Routine frame time. With this said, I can check the loaded modules list for anything that may be causing NETBIOS conflicts. After checking the modules list, I saw both avast! + Panda installed. Uh oh!

One of the biggest problems as far as antiviruses go in terms of conflicts, is if there is more than one antivirus or anti-malware software installed on the system. In the most basic example, I will use avast! and Panda. Let's say you have both installed and running, this is not a good scenario at all. Why? Most/if not all modern day antivirus software are allowed direct access (come and go, whenever they want) to the kernel because an antivirus installs interceptors of system events within the kernel code, which passes intercepted data to the antivirus engine for analysis. This data is network packets, files, and other various critical data.

Uninstall avast! + Panda and replace with MSE ASAP as they are both conflicting with each other. The reason why I say uninstall both is because I don't recommend even keeping one of those two.

avast! removal - avast! Uninstall Utility | Download aswClear for avast! Removal

Panda removal - http://www.pandasecurity.com/resources/sop/UNINSTALLER_08.exe

MSE - Microsoft Security Essentials - Microsoft Windows

Regards,

Patrick
 
thanks for your extensive annalysis Patrick! Avast was installed, this morning changed to panda (previously uninstalled Avast) because I suspected the culprit could be Avast.
But never this PC ran with 2 AV at the same time
 
Here I am reviving this one-year-old thread... My client never felt safe with MSE, so he uninstalled it and installed other antiviruses... Result, of course: more BSOD's. Despite that, I would really appreciate if you guys can take a look at these new dumps I got from that computer... just to be 100% sure the AV is the culprit.
There's also a kernel dump, just in case you want to go deeper.
I had uploaded to Mega because the files were too large, even though I compressed them.

Minidumps:
https://mega.nz/#!QAwnWSBA!uzCvQ0lneZk_CO0LbYA0elvB3eFsKLrClHJ-xj7fmS8

Kernel dump:
https://mega.nz/#!8FIAwC4T!gkUYRLHkL1ZZ66nQUXRkTaVCb3riqmEjINZv8-kxSKY


Thanks a lot,

a grateful argentinian
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top