Solved BSOD during Nod32 scan Unknown Image

[bogartbc]

A few days ago my internet was shutting off. By shutting off I mean the network icon in windows showed a not connected icon. My router and cable modem still showed connection and activity. I ran Malwarebyte and Avast scans; Memory, Full, Boot-time. Nothing was found. The Root-kit scan for Avast would only scan my running processes found listed in Task Manager while on my Notebook the Root-kit scans the whole system. I thought something was fishy when I compared my two systems Avast scans. I posted at Avast about this with them telling me to run some scan programs they use if Avast fails; GMER and Combofix. None of these scans picked up anything except Combofix. It found a locked registry file and orphaned registry file which I was instructed to remove using a drop script. Everything seemed fine. I uninstalled Avast then installed Eset Nod32 trial in case Avast is malfunctioning or just unable to find a virus. Nod32 found 3 win32 toolbar virus in 3 folders within the the Windows folder, it cleaned these out. I then ran Sophos Anti-Rootkit scan due to Avast's own scan's issues as detailed above. Clean as well.


Last night I did my weekly Virus and mal/spy ware scans. Just before Nod32 finished it's scan I went to the corner store and came back to a BSOD. I checked the dump file which listed ntoskrnl.exe and 0x109. Now Ive had issues with Nvidia GPU drivers for any driver newer than 306.97; TDRs twice (310.70) and gfx artifacts (310.90). At the time I was using 313.96 beta. I uninstalled and reverted back to 306.97. I ran mem test using 1 of my 2 ram dimms, this did 12 passes without errors. I plan to run the other one tonight while I sleep.


Here is what is caught my eye and seems odd to me. This morning I loaded up the same dump file which still lists the same bug 0x109 but now lists Unknown Image instead of ntoskrnl.exe. I do not know how to read dump files. I just look up the error and file listed to give me an idea of what is wrong so I can run some basic tests. Maybe someone here can help me out with figuring out what is wrong.

 

[bogartbc]

Here is the SF dump zip as requested.

 

[Arc]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red]BugCheck 109[/COLOR], {a3a039d8a57db850, b3b7465ef7fbf496, fffff88002f4d5c0, 2}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

According to Carrona.org, STOP 0x00000109: CRITICAL_STRUCTURE_CORRUPTION
Usual causes: Device driver, Breakpoint set with no debugger attached, Hardware (Memory in particular)

Your crash dumps are not showing any finite probable cause. In such a situation, it is better to enable Driver Verifier to monitor the drivers.
Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

   Information

Why Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.

How Can we know that DV is enabled:
It will make the system bit of slow, laggy.

   Warning

Before enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.

If there is no points, make a System Restore Point manually before enabling DV.

   Tip

• If you fail to get on the Desktop because of DV, Boot into Advanced Boot Options > Safe mode. Disable DV there. Now boot normally again, and try following the instruction of enabling DV again.
• If you cannot boot in Safe mode too, do a System Restore to a point you made earlier.

Test your RAM modules for possible errors.
How to Test and Diagnose RAM Issues with Memtest86+
Run memtest for at least 8 passes, preferably overnight.

Let us know the results, with the subsequent crash dumps, if any.

 

[bogartbc]

I enabled Driver Verifier, the PC went to a BSOD within a few minutes. I ran Memtest before you asked as it is always the first thing suggested. I have done this test before when dealing with a GPU issue. I ran each dimm separately in the same slot 0. Both Dimms did over 8 passes, 12 and 14, without errors or the program freezing. Both were still running tests when I came back to the PC. Just glancing ast the dump shows it was my Nvidia driver. However you may see something which I do not so I won't get ahead of this process by attempting any fixes.

 

[Arc]

fffff880`0a6066e8  fffff880`02fb4510Unable to load image ehdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ehdrv.sys
[COLOR=Red]*** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys
 ehdrv+0x19510[/COLOR]

Description here: Driver Reference Table - ehdrv.sys

Uninstall ESET/Nod32. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.

Let us know the results.

 

[bogartbc]

Both Scan came up empyt, nothing was found.

 

[Arc]

Good news

If there is any further BSODs, let us know.

 

[bogartbc]

I started getting a few BSoDs tonight. I was updating my router's firmware, restoring factory defaults and restoring my settings. I had a few issues reconnecting to the net and accessing my router. I tried restarting to see if it helped clear up my connection issues. The first restart I had two Bsods, Windows logs only recorded one. The first was bad pool header, the second was a memory management. The 3rd started logged fine. I fiddled around with the router some more and got access to the net. Avast Free updated and I restarted again to complete the update. Again I had two Bsod with only 1 being recorded, I missed the ifno for the 4th one, 3rd try windows loaded. I fixed my router issues and restored my settings from a backup and fixed my dns due to flushing it. I was curious so I restarted again but had no Bsod. Im not sure whats up with it only crashing when I had router/net issues and not when it was running fine.

Here is the SF winrar, sorry my winzip trial ran out. I also attached a .tmp dump found in my main driver directory. The time stamp leads me to believe it is related to one of the Bsods.

 

[Arc]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff8a000f7a1b8, 1, fffff88004136c4d, 0}

*** WARNING: Unable to verify timestamp for[URL="http://www.carrona.org/drivers/driver.php?id=aswSP.SYS"] aswSP.SYS[/URL]
*** ERROR: Module load completed but symbols could not be loaded for [URL="http://www.carrona.org/drivers/driver.php?id=aswSP.SYS"]aswSP.SYS[/URL]

Could not read faulting driver name
Probably caused by : [URL="http://www.carrona.org/drivers/driver.php?id=aswSP.SYS"]aswSP.SYS[/URL] ( aswSP+1dc4d )

Followup: MachineOwner
---------

Uninstall Avast using Avast Uninstall Utility. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.

Download, install and update those, and then run full system scans with both of them, one by one.

Let us know the results.

 

[bogartbc]

Whats with my luck and virus scanners hah. Did you check both dump logs dated March 11 or just one? Im curious if both bsods logs recorded avast as a problem

 

[Arc]

Use MSE, there will be no proble. And it is the same in the both.