BSOD

Discussion in 'ESET Smart Security' started by zugolosian, Dec 17, 2007.

Thread Status:
Not open for further replies.
  1. zugolosian
    Offline

    zugolosian Registered Member

    Hi, i have analyzed a few of the minidumps and it says this

    Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [F:\Nigel\minidump\Mini112307-52.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
    Debug session time: Fri Nov 23 15:41:42.968 2007 (GMT+13)
    System Uptime: 0 days 0:00:38.656
    Loading Kernel Symbols
    ...................................................................... .......................................
    Loading User Symbols
    Loading unloaded module list
    ..
    ********************************************************************** *********
    * *
    * Bugcheck Analysis *
    * *
    ********************************************************************** *********

    Use !analyze -v to get detailed debugging information.

    BugCheck 100000D1, {10, 2, 0, 85da0fea}



    Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultStack+27fc )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    ********************************************************************** *********
    * *
    * Bugcheck Analysis *
    * *
    ********************************************************************** *********

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000010, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 85da0fea, address which referenced memory

    Debugging Details:
    ------------------




    READ_ADDRESS: 00000010

    CURRENT_IRQL: 2

    FAULTING_IP:
    +ffffffff85da0fea
    85da0fea 8b4810 mov ecx,dword ptr [eax+10h]

    CUSTOMER_CRASH_COUNT: 52

    DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

    BUGCHECK_STR: 0xD1

    PROCESS_NAME: Idle

    LAST_CONTROL_TRANSFER: from 80555efc to 85da0fea

    STACK_TEXT:
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    80555ebc 80555efc 00000000 85dba3a8 00000000 0x85da0fea
    80555ecc 85d8e512 85d8e502 86673001 85d8e510 nt!KiDoubleFaultStack+0x27fc
    00000000 00000000 00000000 00000000 00000000 0x85d8e512


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!KiDoubleFaultStack+27fc
    80555efc 28fa sub dl,bh

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt!KiDoubleFaultStack+27fc

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 45e54690

    FAILURE_BUCKET_ID: 0xD1_nt!KiDoubleFaultStack+27fc

    BUCKET_ID: 0xD1_nt!KiDoubleFaultStack+27fc

    Followup: MachineOwner
    ---------
    I am informed this is related to Eset smart security as it only seems to happen when installed. Can you help? or do i just un-install
    MSI Motherboard 661-fm
    3ghz P4 processor
    1gb ram
    Seagate 120gb hard drive
  2. zugolosian
    Offline

    zugolosian Registered Member

    Can someone PLEASE help me hereo_O
  3. roanhn
    Offline

    roanhn Registered Member

    Back to nod32 2.7 and other firewall, ess 3.0 is buggy.
    I have too many different bugs (bsods, firewall didnt start, antivirus didnt start, cant read configuration ...) so i decided to uninstall it (reinstall ess didnt help).
Thread Status:
Not open for further replies.