VISTA BSOD After Installing ESET

[ukandy]

Installing the security suite, now keep getting BSOD errors...

Dump DeBug

Code:

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Andy\Desktop\Mini052808-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Vista Kernel Version 6000 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Wed May 28 04:02:16.553 2008 (GMT+1)
System Uptime: 0 days 0:07:27.210
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 8, 0}

Unable to load image \SystemRoot\system32\DRIVERS\Epfwndis.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Epfwndis.sys
*** ERROR: Module load completed but symbols could not be loaded for Epfwndis.sys
Unable to load image \SystemRoot\system32\DRIVERS\BLKWGU.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BLKWGU.sys
*** ERROR: Module load completed but symbols could not be loaded for BLKWGU.sys
Probably caused by : Epfwndis.sys ( Epfwndis+2f49 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
 00000000 

CURRENT_IRQL:  2

FAULTING_IP: 
+0
00000000 ??              ???

PROCESS_NAME:  RapidShareManag

CUSTOMER_CRASH_COUNT:  6

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xD1

TRAP_FRAME:  89e9b9e0 -- (.trap 0xffffffff89e9b9e0)
ErrCode = 00000010
eax=84b1b058 ebx=00000b01 ecx=84b1b6ac edx=00000000 esi=860b30e8 edi=00000001
eip=00000000 esp=89e9ba54 ebp=89e9ba90 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
00000000 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from 00000000 to 81c8fd84

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000 ??              ???

STACK_TEXT:  
89e9b9e0 00000000 badb0d00 00000000 86211616 nt!KiTrap0E+0x2ac
WARNING: Frame IP not in any known module. Following frames may be wrong.
89e9ba50 81bc831b 84767810 84b1b058 860b30e8 0x0
89e9ba90 8d55df49 00000000 89e9bac0 00000001 ndis!ndisMIndicatePacketsToNetBufferLists+0x140
89e9bab8 8d55ec65 84b1b058 00000000 86211008 Epfwndis+0x2f49
89e9bad8 8d55ec9a 84767810 86211008 00000002 Epfwndis+0x3c65
89e9baec 8d55d0e3 84767810 86211008 84767810 Epfwndis+0x3c9a
89e9bb0c 8d55d3bf 84767934 86211008 00000000 Epfwndis+0x20e3
89e9bb40 81be865e 84b1b718 864ffe28 849aac97 Epfwndis+0x23bf
89e9bbb0 961b8596 00000000 89e9bcb4 00000001 ndis!ethFilterDprIndicateReceivePacket+0x2f7
89e9be2c 961cd057 84922000 89e9be78 00000001 BLKWGU+0x1b596
89e9be94 81cacb3b 00000000 877d83a0 84b88c58 BLKWGU+0x30057
89e9bec8 8d47b2ba 81c91f34 853af008 00000000 nt!IopfCompleteRequest+0x13d
89e9bf04 8d47b906 865ab028 877d83a0 8730e1c0 USBPORT!USBPORT_Core_iCompleteDoneTransfer+0x6cb
89e9bf34 8d481509 865ab028 39585043 865abbf0 USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x4f5
89e9bf60 8d4785b9 865ab028 865abbf0 865ab002 USBPORT!USBPORT_Core_UsbIocDpc_Worker+0x122
89e9bf88 81ca93ae 865abbfc 34776478 00000000 USBPORT!USBPORT_Xdpc_Worker+0x273
89e9bff4 81c90ecd 9a24dd10 00000000 00000000 nt!KiRetireDpcList+0x147
89e9bff8 9a24dd10 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x3d
81c90ecd 00000000 0000001a 00c1850f bb830000 0x9a24dd10


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Epfwndis+2f49
8d55df49 ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  Epfwndis+2f49

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Epfwndis

IMAGE_NAME:  Epfwndis.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  480f2d21

FAILURE_BUCKET_ID:  0xD1_CODE_AV_NULL_IP_Epfwndis+2f49

BUCKET_ID:  0xD1_CODE_AV_NULL_IP_Epfwndis+2f49

Followup: MachineOwner
---------

[Marcos]

Does it happen occasionaly or on a regular basis? If you are able to reproduce it, would it be possible to set Windows to create complete memory dumps? When created, we'd need you to zip it and upload it somewhere to an ftp server (I can grant you access to ours).