Hi,
Dump blames ESET - remove it using this removal tool: How do I manually uninstall my ESET security product? - ESET Knowledgebase
Install MSE as replacement: Virus, Spyware & Malware Protection | Microsoft Security Essentials
Dean
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88001094fa9, fffff88002fff4d8, fffff88002ffed40}
Unable to load image \SystemRoot\system32\DRIVERS\eamon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys
Probably caused by : luafv.sys ( luafv!LuafvPreClose+56 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88001094fa9, The address that the exception occurred at
Arg3: fffff88002fff4d8, Exception Record Address
Arg4: fffff88002ffed40, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
fltmgr!GetContextFromStreamList+99
fffff880`01094fa9 488b4820 mov rcx,qword ptr [rax+20h]
EXCEPTION_RECORD: fffff88002fff4d8 -- (.exr 0xfffff88002fff4d8)
ExceptionAddress: fffff88001094fa9 (fltmgr!GetContextFromStreamList+0x0000000000000099)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88002ffed40 -- (.cxr 0xfffff88002ffed40)
rax=0030000000300000 rbx=0000000000000000 rcx=0030000000300011
rdx=fffffa8002b62070 rsi=fffffa8003c65658 rdi=fffffa8003c65600
rip=fffff88001094fa9 rsp=fffff88002fff710 rbp=fffffa8002b62070
r8=fffffa8004950010 r9=fffff88002fff8b8 r10=fffffa8003c65608
r11=fffff88002fff700 r12=fffff88002fff8b8 r13=fffffa80035d7040
r14=fffffa8004950010 r15=fffffa8002b62070
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
fltmgr!GetContextFromStreamList+0x99:
fffff880`01094fa9 488b4820 mov rcx,qword ptr [rax+20h] ds:002b:00300000`00300020=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eae0e0
ffffffffffffffff
FOLLOWUP_IP:
luafv!LuafvPreClose+56
fffff880`04baf8a2 85c0 test eax,eax
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff88001094533 to fffff88001094fa9
STACK_TEXT:
fffff880`02fff710 fffff880`01094533 : fffffa80`03c65600 fffffa80`03c65600 fffffa80`00000000 fffffa80`04950010 : fltmgr!GetContextFromStreamList+0x99
fffff880`02fff790 fffff880`04baf8a2 : fffffa80`03c65600 00000000`00000000 fffff8a0`02850b80 0000007f`fffffff8 : fltmgr!FltGetStreamHandleContext+0x43
fffff880`02fff7c0 fffff880`01092027 : 00000000`00000000 fffffa80`03c65600 fffffa80`049505f0 00000000`00000000 : luafv!LuafvPreClose+0x56
fffff880`02fff8b0 fffff880`01092be9 : fffff880`02fffa00 fffff800`02df0e02 00000000`00000000 fffff800`02e05800 : fltmgr!FltpPerformPreCallbacks+0x2f7
fffff880`02fff9b0 fffff880`010916c7 : fffffa80`03b9dac0 fffffa80`035d7040 fffffa80`032a6880 00000000`00000000 : fltmgr!FltpPassThrough+0x2d9
fffff880`02fffa30 fffff880`0382db07 : fffffa80`03b9dac0 fffff800`02c9da86 00000000`00000000 fffffa80`03734030 : fltmgr!FltpDispatch+0xb7
fffff880`02fffa90 fffffa80`03b9dac0 : fffff800`02c9da86 00000000`00000000 fffffa80`03734030 fffff8a0`02f80900 : eamon+0x5b07
fffff880`02fffa98 fffff800`02c9da86 : 00000000`00000000 fffffa80`03734030 fffff8a0`02f80900 fffffa80`034040c0 : 0xfffffa80`03b9dac0
fffff880`02fffaa0 fffff800`02f8a5ce : fffffa80`02b62070 00000000`00000001 fffffa80`03b9dac0 fffffa80`0494d6b0 : nt!IopAllocateIrpMustSucceed+0x16
fffff880`02fffad0 fffff800`02c7b8b4 : 00000000`00000000 00000000`00000000 fffffa80`02511c90 00000000`00000000 : nt!IopDeleteFile+0x11e
fffff880`02fffb60 fffff800`02f65335 : 00000000`00000000 00000000`0008c081 fffffa80`02b621c0 fffffa80`0008c081 : nt!ObfDereferenceObject+0xd4
fffff880`02fffbc0 fffff800`02d9e09b : fffffa80`02b621c8 00000000`00000001 00000000`00000000 83f8543c`00000631 : nt!MiSegmentDelete+0xa1
fffff880`02fffc00 fffff800`02d9e70d : 00000000`00000000 00000000`00000080 fffffa80`02458890 86b03b48`00000012 : nt!MiProcessDereferenceList+0x23b
fffff880`02fffcc0 fffff800`02f197c6 : 00000000`00000000 00000000`00008000 bfd2a990`e7c7bb4e f5168800`d3fa8656 : nt!MiDereferenceSegmentThread+0x10d
fffff880`02fffd40 fffff800`02c54c26 : fffff800`02df0e80 fffffa80`024c7510 fffff800`02dfec40 8815063a`24b9ce50 : nt!PspSystemThreadStartup+0x5a
fffff880`02fffd80 00000000`00000000 : fffff880`03000000 fffff880`02ffa000 fffff880`02fff550 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: luafv!LuafvPreClose+56
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: luafv
IMAGE_NAME: luafv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc295
STACK_COMMAND: .cxr 0xfffff88002ffed40 ; kb
FAILURE_BUCKET_ID: X64_0x7E_luafv!LuafvPreClose+56
BUCKET_ID: X64_0x7E_luafv!LuafvPreClose+56
Followup: MachineOwner
---------