Vista BSOD on ESET updates (suspect)

Hey All,

I know there have been several threads on this forum about BSOD already and that they have been addressed due to NIC driver issues, and I'm wondering if I fall into the same problem. The only time I get a BSOD, I suspect, is only when certain updates are downloaded applied.

When a BSOD has happened the last 2 times where I was watching, I notice the that the ESET signature files were updated, but the BSOD does not happen for every update that has been pushed.

Any known issues with NVidia nForce SLI 590 Motherboards and Nvidia nForce Gigabit ethernet drivers?

The updates that I have noticed the crash on were October 31, 1:07PM EDT, and November 2, 8:44PM EST.

When I woke up this morning, I had logged into my computer reporting a BSOD, but then BSOD on me again during login (making the earlier BSOD report lost) as I suspect that that ESET was attempting to do a login update process at 6:00AM EST November 4th.

Each BSOD are not always the same, but usually has codes of 1E or 3B. If anyone has suggestions, I would love to hear about it.

 

Are you generating memory dumps so you can see what is faulting? If it is an issue with nvidia drivers, the fault should be generated from the same hardware drivers each time then that is your most likely culprit. If they are coming from a whole mess of different drivers or services then it is more likely that you have bad memory causing the problem. If they are all coming from the ekrn service then odds are you have some kind of issue with Nod that needs to be sorted out.

 

The problem is that all the crash dump files identify different problems all the time.

Ntfs.sys
Ntkrnlmp.exe
win32k.sys
tcpip.sys

and some of these problems are followed after follow ekrn.exe.


Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80001efe47b, fffffa600f5b21f0, 0}
Probably caused by : ntkrnlmp.exe ( nt!IopSynchronousServiceTail+1db )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80001efe47b, Address of the exception record for the exception that caused the bugcheck
Arg3: fffffa600f5b21f0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!IopSynchronousServiceTail+1db
fffff800`01efe47b 48894808 mov qword ptr [rax+8],rcx

CONTEXT: fffffa600f5b21f0 -- (.cxr 0xfffffa600f5b21f0)
rax=effffa800dd8e418 rbx=0000000000000001 rcx=fffffa800d2d0ba0
rdx=fffffa800dd8e418 rsi=fffffa8009614050 rdi=fffffa800d2d0b80
rip=fffff80001efe47b rsp=fffffa600f5b2a50 rbp=0000000000000001
r8=fffffa800dd8e060 r9=0000000000000001 r10=5000ef6f30420000
r11=fffffa6000c33000 r12=fffffa800cd34910 r13=fffffa80096140a0
r14=0000000000000590 r15=00000000022824dc
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!IopSynchronousServiceTail+0x1db:
fffff800`01efe47b 48894808 mov qword ptr [rax+8],rcx ds:002b:effffa80`0dd8e420=?
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: ekrn.exe

CURRENT_IRQL: 0

DEVICE_OBJECT: fffffa800d2d0ff8

LAST_CONTROL_TRANSFER: from fffff80001efd43f to fffff80001efe47b

STACK_TEXT:
fffffa60`0f5b2a50 fffff800`01efd43f : fffffa80`0d2d0ff8 00000000`00000000 fffffa80`09614050 fffffa60`0f5b2ca0 : nt!IopSynchronousServiceTail+0x1db
fffffa60`0f5b2ab0 fffff800`01c70df3 : fffffa80`0d39c401 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWriteFile+0x7ee
fffffa60`0f5b2bb0 00000000`75423917 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0038f0b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75423917


FOLLOWUP_IP:
nt!IopSynchronousServiceTail+1db
fffff800`01efe47b 48894808 mov qword ptr [rax+8],rcx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!IopSynchronousServiceTail+1db

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 48d1ba35

STACK_COMMAND: .cxr 0xfffffa600f5b21f0 ; kb

FAILURE_BUCKET_ID: X64_0x3B_nt!IopSynchronousServiceTail+1db

BUCKET_ID: X64_0x3B_nt!IopSynchronousServiceTail+1db

Followup: MachineOwner

 

Just to note that this is a fresh rebuild of the OS.

 

Burn yourself a memtest CD and let that sit and run through at least 3 passes. The symptoms point to a memory failure being the most likely culprit.

 

Already did the memory test a few times with the Vista tool, changing it to complex testing with 5 passes. Nothing ever gets found. I'll run it again since I'm at work. Just did a remote desktop to my computer to launch the app. I'll report back if it finds anything.

 

i guess the default memory test isn't that complex, because it was finished under 15 minutes...

Problem Event Name: MemDiagV1
Range of memory size: 4097
Launch type: Manual
Schedule type: Immediate
Completion type: Pass
Test type: Standard
Failed tests: 0
Range of number of bad pages: 0
Test duration in seconds: 780
OS Version: 6.0.6001.2.1.0.256.6
Locale ID: 4105

 

Ok,

So 3 rounds with Windows Memory Tester on complex mode, 6 hours of Memtest86+ and 6 hours on Orthos found no problem. Not a RAM issue.

 

Check out eventvwr.msc, especially the system log, and see if you are getting any critical warnings or failures there that might point you in some direction.

 

When you installed the nForce driver package after the nVidia LAN drivers installed did you say NO to installing the nVidia Network Manager? If you did install the nVidia Network Manager chances are that is the root source of your crashes that occur when NOD32/64 updates. You should try uninstalling JUST the nVidia Network Manager and ascertain if that solves your problems..

More info on the buggy nVidia Network Manger is here

http://blogs.technet.com/markrussinovich/archive/2008/06/02/3065065.aspx

SaphireX

 

Thanks for the info SaphireX, but I already new that the nVidia network manager was a peice of crap so no i didn't install it.

I just installed the drivers for the network card (as well as the other chipset drivers it comes with,) which is why I'm wondering if nVidia's LAN drivers are affected by this problem.

Event viewer is clean too, just that VMware couldn't connect to my windows xp vmx (which I didn't want it to do anyways.)

Any more ideas as to where to look? Should I keep posting BSOD errors as I get them?

 

Hmm.... since you already ran Memtest86 and the built-in Vista Mem test and had no issues.

The randomness and/or trigger appearing to be NOD when updating makes this a difficult puzzle to un-ravel.

You could try temporarily turning off NOD updates on a night beforehand then the next day (since NOD usually updates daily and start Process Monitor after booting up then manually force an update to NOD which might also cause the BSOD and Process Monitor might capture the
thread(s) responsible for it

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Other than that --

1. Do you have any software that runs at startup that might be accessing the net during bootup before logon that might be a "suspect"?

2. Possible SATA data cables that are loose or might not be any good?

3. Overheating?

4. Dig deeper in the Event Log and look a all of the windows events listed below the Applications and Services Logs in the Microsoft --> Windows Logs some 30+ logs in particular the Diagnostic Logs, Code Integrity, Resource Logs, Winsock Catalog Change...

5. PSU? is it possible that a given rail is failing to supply adequate amps on demand under stress?

6. Lastly try un-installing NOD and doing a fresh install ?

Just some thoughts as I have not experienced any critical issues with NOD-64bit version or any BSOD's and I have an nForce EVGA 780i board running Vista Ultimate 64 w/8GB RAM (see sig)..... with the exception of a couple of NOD updates that were sour (caused some web page slowdowns) from ESET that after rebooting went away...

SaphireX

SaphireX