VISTA BSOD After Installing ESET

Discussion in 'ESET Smart Security' started by ukandy, May 27, 2008.

Thread Status:
Not open for further replies.
  1. ukandy

    ukandy Registered Member

    May 27, 2008
    Installing the security suite, now keep getting BSOD errors...

    Dump DeBug
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    Loading Dump File [C:\Users\Andy\Desktop\Mini052808-06.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    Symbol search path is: SRV*c:\websymbols*
    Executable search path is: 
    Windows Vista Kernel Version 6000 MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 6000.16584.x86fre.vista_gdr.071023-1545
    Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
    Debug session time: Wed May 28 04:02:16.553 2008 (GMT+1)
    System Uptime: 0 days 0:07:27.210
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    Use !analyze -v to get detailed debugging information.
    BugCheck D1, {0, 2, 8, 0}
    Unable to load image \SystemRoot\system32\DRIVERS\Epfwndis.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for Epfwndis.sys
    *** ERROR: Module load completed but symbols could not be loaded for Epfwndis.sys
    Unable to load image \SystemRoot\system32\DRIVERS\BLKWGU.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for BLKWGU.sys
    *** ERROR: Module load completed but symbols could not be loaded for BLKWGU.sys
    Probably caused by : Epfwndis.sys ( Epfwndis+2f49 )
    Followup: MachineOwner
    2: kd> !analyze -v
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000008, value 0 = read operation, 1 = write operation
    Arg4: 00000000, address which referenced memory
    Debugging Details:
    READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
    Unable to read MiSystemVaType memory at 81d117e0
    00000000 ??              ???
    PROCESS_NAME:  RapidShareManag
    TRAP_FRAME:  89e9b9e0 -- (.trap 0xffffffff89e9b9e0)
    ErrCode = 00000010
    eax=84b1b058 ebx=00000b01 ecx=84b1b6ac edx=00000000 esi=860b30e8 edi=00000001
    eip=00000000 esp=89e9ba54 ebp=89e9ba90 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    00000000 ??              ???
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from 00000000 to 81c8fd84
    00000000 ??              ???
    89e9b9e0 00000000 badb0d00 00000000 86211616 nt!KiTrap0E+0x2ac
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    89e9ba50 81bc831b 84767810 84b1b058 860b30e8 0x0
    89e9ba90 8d55df49 00000000 89e9bac0 00000001 ndis!ndisMIndicatePacketsToNetBufferLists+0x140
    89e9bab8 8d55ec65 84b1b058 00000000 86211008 Epfwndis+0x2f49
    89e9bad8 8d55ec9a 84767810 86211008 00000002 Epfwndis+0x3c65
    89e9baec 8d55d0e3 84767810 86211008 84767810 Epfwndis+0x3c9a
    89e9bb0c 8d55d3bf 84767934 86211008 00000000 Epfwndis+0x20e3
    89e9bb40 81be865e 84b1b718 864ffe28 849aac97 Epfwndis+0x23bf
    89e9bbb0 961b8596 00000000 89e9bcb4 00000001 ndis!ethFilterDprIndicateReceivePacket+0x2f7
    89e9be2c 961cd057 84922000 89e9be78 00000001 BLKWGU+0x1b596
    89e9be94 81cacb3b 00000000 877d83a0 84b88c58 BLKWGU+0x30057
    89e9bec8 8d47b2ba 81c91f34 853af008 00000000 nt!IopfCompleteRequest+0x13d
    89e9bf04 8d47b906 865ab028 877d83a0 8730e1c0 USBPORT!USBPORT_Core_iCompleteDoneTransfer+0x6cb
    89e9bf34 8d481509 865ab028 39585043 865abbf0 USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x4f5
    89e9bf60 8d4785b9 865ab028 865abbf0 865ab002 USBPORT!USBPORT_Core_UsbIocDpc_Worker+0x122
    89e9bf88 81ca93ae 865abbfc 34776478 00000000 USBPORT!USBPORT_Xdpc_Worker+0x273
    89e9bff4 81c90ecd 9a24dd10 00000000 00000000 nt!KiRetireDpcList+0x147
    89e9bff8 9a24dd10 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x3d
    81c90ecd 00000000 0000001a 00c1850f bb830000 0x9a24dd10
    8d55df49 ??              ???
    SYMBOL_NAME:  Epfwndis+2f49
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: Epfwndis
    IMAGE_NAME:  Epfwndis.sys
    FAILURE_BUCKET_ID:  0xD1_CODE_AV_NULL_IP_Epfwndis+2f49
    BUCKET_ID:  0xD1_CODE_AV_NULL_IP_Epfwndis+2f49
    Followup: MachineOwner
  2. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    Does it happen occasionaly or on a regular basis? If you are able to reproduce it, would it be possible to set Windows to create complete memory dumps? When created, we'd need you to zip it and upload it somewhere to an ftp server (I can grant you access to ours).
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.