BSOD on 2K3 Server

Discussion in 'ESET Smart Security' started by JackMauro, Sep 15, 2008.

Thread Status:
Not open for further replies.
  1. JackMauro

    JackMauro Registered Member

    Jul 30, 2008
    After installing ESS 669 on 2K3 server standard, it start crashing randomly, the server is not in production and it has only DNS server activated.

    The BSOD seems to be raised by EPFWNDIS.SYS.

    Is this happened to anybody else? The network card is an Asus USB 54G, there also is a Microsoft Loopback adapter (needed to start the network before DNS Server starts). The system is just a test, so i can reinstall it and do any action it may require to solve the problem. Yesterday i've updated ESS to 672 release, since then it haven't crashed yet, but the longest uptime it had was 24 hours so who know?

    Thank you all.

    This is the BugCheck analisys:

    icrosoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    Loading Dump File [C:\WINDOWS\MEMORY.DMP]
    Kernel Complete Dump File: Full address space is available

    Symbol search path is: SRV*c:\symbols*
    Executable search path is:
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 3790.srv03_sp2_gdr.070304-2240
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
    Debug session time: Sat Sep 13 23:52:58.000 2008 (GMT+2)
    System Uptime: 0 days 23:49:02.806
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    * *
    * Bugcheck Analysis *
    * *

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, d0000002, 0, 0}

    *** ERROR: Symbol file could not be found. Defaulted to export symbols for Epfwndis.sys -
    *** ERROR: Module load completed but symbols could not be loaded for zd1211u.sys
    Probably caused by : Epfwndis.sys ( Epfwndis+2f49 )

    Followup: MachineOwner

    0: kd>
    0: kd> !analyze -v
    * *
    * Bugcheck Analysis *
    * *

    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arg1: 00000000, memory referenced
    Arg2: d0000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 00000000, address which referenced memory

    Debugging Details:

    READ_ADDRESS: 00000000


    00000000 ?? o_O

    PROCESS_NAME: Firefox.e



    MANAGED_STACK: !dumpstack -EE
    OS Thread Id: 0x0 (0)
    TEB information is not available so a stack size of 0xFFFF is assumed
    Current frame:
    ChildEBP RetAddr Caller,Callee

    TRAP_FRAME: f78a6340 -- (.trap 0xfffffffff78a6340)
    ErrCode = 00000000
    eax=84d2fd5c ebx=84d2f6e8 ecx=00000000 edx=8631d130 esi=84d2f720 edi=8631d130
    eip=00000000 esp=f78a63b4 ebp=f78a6404 iopl=0 nv up ei pl zr na pe nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
    00000000 ?? o_O
    Resetting default scope

    LAST_CONTROL_TRANSFER: from 00000000 to 80836de5

    00000000 ?? o_O

    f78a6340 00000000 badb0d00 8631d130 0000000e nt!KiTrap0E+0x2a7
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    f78a63b0 f725d3bc 865ad148 84d2f720 8631d130 0x0
    f78a6404 f7689f49 8631d130 f78a6434 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x654
    f78a642c f768ac35 84d2f720 00000000 861909d8 Epfwndis+0x2f49
    f78a644c f768ac6a 865ad148 861909d8 00000002 Epfwndis!PsGetThreadProcessId+0x8bb
    f78a6460 f76890e3 865ad148 861909d8 865ad148 Epfwndis!PsGetThreadProcessId+0x8f0
    f78a6480 f76893bf 865ad26c 861909d8 00000000 Epfwndis+0x20e3
    f78a64b4 f725d749 84d2f058 8630edd8 85cd3dd3 Epfwndis+0x23bf
    f78a651c ba4e5eed 86579280 f78a6c38 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x246
    f78a6db0 ba4f9b87 85d22000 f78a6dfc 00000001 zd1211u+0x17eed
    f78a6e18 8083ffb5 00000000 86413008 867116f8 zd1211u+0x2bb87
    f78a6e48 f67cfdc4 86413008 850feda0 861df028 nt!IopfCompleteRequest+0xcd
    f78a6eb0 f67d0a45 86361200 00000000 8083a19b USBPORT!USBPORT_CompleteTransfer+0x38c
    f78a6ee0 f67d1558 026e6f44 861df0e0 861df0e0 USBPORT!USBPORT_DoneTransfer+0x137
    f78a6f18 f67d2d58 861df028 8083a19b 861df230 USBPORT!USBPORT_FlushDoneTransferList+0x168
    f78a6f44 f67e0ef2 861df028 8083a19b 861df028 USBPORT!USBPORT_DpcWorker+0x224
    f78a6f80 f67e106a 861df028 00000001 ffdffa40 USBPORT!USBPORT_IsrDpcWorker+0x380
    f78a6f9c 8083d99a 861df64c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166
    f78a6ff4 80839833 ba032d10 00000000 00000000 nt!KiRetireDpcList+0xca
    f78a6ff8 ba032d10 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x37
    80839833 00000000 0000000a 0083850f bb830000 0xba032d10


    f7689f49 ff7508 push dword ptr [ebp+8]


    SYMBOL_NAME: Epfwndis+2f49

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: Epfwndis

    IMAGE_NAME: Epfwndis.sys



    BUCKET_ID: 0xD1_CODE_AV_NULL_IP_Epfwndis+2f49

    Followup: MachineOwner

    0: kd>
  2. JackMauro

    JackMauro Registered Member

    Jul 30, 2008
    The problem continue with 3.0.672 too... something seems wrong between usb wireless integrated dongle and eset ndis driver... i try some other AV/PF.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.