BSOD with NOD32 AV on Windows 7

Eset NOD32 Antivirus Version 4.0.437.0 on Windows 7 Ultimate x64 both in german

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\082009-15334-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0281d000 PsLoadedModuleList = 0xfffff800`02a5ae50
Debug session time: Thu Aug 20 23:27:31.767 2009 (GMT+2)
System Uptime: 0 days 1:13:19.751
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002ba2121, 0, bad0b158}

Probably caused by : ntkrnlmp.exe ( nt!ObpCloseHandleTableEntry+51 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002ba2121, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000bad0b158, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in "0x%08lx" verweist auf Speicher in "0x%08lx". Der Vorgang  "%s" konnte nicht auf dem Speicher durchgef hrt werden.

FAULTING_IP: 
nt!ObpCloseHandleTableEntry+51
fffff800`02ba2121 4883bba800000000 cmp     qword ptr [rbx+0A8h],0

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000bad0b158

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ac50e0
 00000000bad0b158 

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x1E

PROCESS_NAME:  ekrn.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880080673a0 -- (.trap 0xfffff880080673a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=fffff8a000001a60
rdx=fffff8a00a73ecc0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ba2121 rsp=fffff88008067530 rbp=fffffa8008364580
 r8=fffffa80054ec040  r9=0000000000001330 r10=0000000000001330
r11=00000000003127a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!ObpCloseHandleTableEntry+0x51:
fffff800`02ba2121 4883bba800000000 cmp     qword ptr [rbx+0A8h],0 ds:00000000`000000a8=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800028cea17 to fffff8000288ef00

STACK_TEXT:  
fffff880`08066b18 fffff800`028cea17 : 00000000`0000001e ffffffff`c0000005 fffff800`02ba2121 00000000`00000000 : nt!KeBugCheckEx
fffff880`08066b20 fffff800`0288e542 : fffff880`080672f8 00000000`bad0b0b0 fffff880`080673a0 fffffa80`08517b60 : nt! ?? ::FNODOBFM::`string'+0x460da
fffff880`080671c0 fffff800`0288d0ba : 00000000`00000000 00000000`bad0b0b0 00000000`00000000 00000000`00000702 : nt!KiExceptionDispatch+0xc2
fffff880`080673a0 fffff800`02ba2121 : fffffa80`08676330 fffff800`02b54123 00000000`00000001 fffffa80`08676330 : nt!KiPageFault+0x23a
fffff880`08067530 fffff800`02ba2094 : 00000000`00001330 fffffa80`08364580 fffff8a0`00001a60 00000000`00001330 : nt!ObpCloseHandleTableEntry+0x51
fffff880`080675c0 fffff800`0288e153 : fffffa80`08517b60 fffff880`08067690 fffffa80`05b14000 00000000`00000000 : nt!ObpCloseHandle+0x94
fffff880`08067610 fffff800`0288a6f0 : fffffa80`0738a161 00000000`00000104 00000000`00001000 00000000`68746170 : nt!KiSystemServiceCopyEnd+0x13
fffff880`080677a8 fffffa80`0738a161 : 00000000`00000104 00000000`00001000 00000000`68746170 fffffa80`00000000 : nt!KiServiceLinkage
fffff880`080677b0 00000000`00000104 : 00000000`00001000 00000000`68746170 fffffa80`00000000 fffff880`08067810 : 0xfffffa80`0738a161
fffff880`080677b8 00000000`00001000 : 00000000`68746170 fffffa80`00000000 fffff880`08067810 fffffa80`07389f00 : 0x104
fffff880`080677c0 00000000`68746170 : fffffa80`00000000 fffff880`08067810 fffffa80`07389f00 fffff880`08067828 : 0x1000
fffff880`080677c8 fffffa80`00000000 : fffff880`08067810 fffffa80`07389f00 fffff880`08067828 fffffa80`08676330 : 0x68746170
fffff880`080677d0 fffff880`08067810 : fffffa80`07389f00 fffff880`08067828 fffffa80`08676330 00000000`03deecb4 : 0xfffffa80`00000000
fffff880`080677d8 fffffa80`07389f00 : fffff880`08067828 fffffa80`08676330 00000000`03deecb4 fffffa80`08676330 : 0xfffff880`08067810
fffff880`080677e0 fffff880`08067828 : fffffa80`08676330 00000000`03deecb4 fffffa80`08676330 00000000`00000cc4 : 0xfffffa80`07389f00
fffff880`080677e8 fffffa80`08676330 : 00000000`03deecb4 fffffa80`08676330 00000000`00000cc4 fffffa80`0738a6ed : 0xfffff880`08067828
fffff880`080677f0 00000000`03deecb4 : fffffa80`08676330 00000000`00000cc4 fffffa80`0738a6ed 00000000`00001000 : 0xfffffa80`08676330
fffff880`080677f8 fffffa80`08676330 : 00000000`00000cc4 fffffa80`0738a6ed 00000000`00001000 00000000`00000000 : 0x3deecb4
fffff880`08067800 00000000`00000cc4 : fffffa80`0738a6ed 00000000`00001000 00000000`00000000 00000000`00000104 : 0xfffffa80`08676330
fffff880`08067808 fffffa80`0738a6ed : 00000000`00001000 00000000`00000000 00000000`00000104 ffffffff`80001330 : 0xcc4
fffff880`08067810 00000000`00001000 : 00000000`00000000 00000000`00000104 ffffffff`80001330 00000000`00000104 : 0xfffffa80`0738a6ed
fffff880`08067818 00000000`00000000 : 00000000`00000104 ffffffff`80001330 00000000`00000104 fffffa80`0738aaaf : 0x1000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ObpCloseHandleTableEntry+51
fffff800`02ba2121 4883bba800000000 cmp     qword ptr [rbx+0A8h],0

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!ObpCloseHandleTableEntry+51

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_0x1E_BADMEMREF_nt!ObpCloseHandleTableEntry+51

BUCKET_ID:  X64_0x1E_BADMEMREF_nt!ObpCloseHandleTableEntry+51

Followup: MachineOwner
---------

 

pls tell about your CPU

 

Hardware Details:

CPU: INTEL Core i7-920 + Noctua NH-U12P SE1366 @ 2,66 GHz
MAINBOARD: ASUS P6T Deluxe Bios Revision 1606
MEMORY: DDR3-RAM KIT 6144 MB, PC3-1333 MHz, CL9, CORSAIR TR3X6G1333C9
VGA DEVICE: EVGA e-GeForce 9600 GT, Retail, 512MB
AUDIO DEVICE: Mainboard Onboard Audio ADI® AD2000B 8 -Channel High Definition Audio CODEC
HARDDISKS: 2x Western Digital Caviar Blue, 640 GB, 16MB Cache in ACHI Mode on INTEL 10CHR
USB CARD READER: CHIEFTEC 25 in 1 internal
DVD - ROM: LG DH16NSR
DVD - RW: LG GH-22NS40
CASE: COOLER MASTER Sileo 500
POWER SUPPLY: ATX 525 Watts, ENERMAX MODU82+

 

Hello,

I have a similar system but have not seen this problem before. By any chance, are you overclocking the CPU or have you changed the wait states for the memory?

Regards,

Aryeh Goretsky

 

Hi,

the CPU is on normal speed, no overclocking. I use the bios default settings. I disabled only some hardware, which I'm not using and set the RAM frequency to 1333MHz otherwise the bios will it recognize only with 1066MHz.

With this settings I had now troubles with windows vista for about 8 month.

In Windows 7 I got the mentioned bluescreen. Maybe there is an issue with standby mode in Windows 7 because the computer was in standby mode before the BSOD. A few minutes after coming back from standby I got the BSOD when checking mails in outlook 2007.

 

Interesting. Today I also received a BSOD on Windows 7 x64 RTM (UK English) shortly after resuming from standby.

NOD32 was in the middle of an update at the time (I know this because I got the "unprotected" message after reboot until it redownloaded the definitions)

 

Hello,

Just the verify, the RAM is stable at 1333MHz?

Have you run the latest version of the Intel Chipset Software Installation Utility, which should install the latest device drivers for the X58 chipset into the operating system?

Regards,

Aryeh Goretsky

 

hi,

yes the memory is stable at 1333MHz.

intel chipset utility for x58 latest version is installed. for all other components is also the latest available driver installed.