New
#1
Bsod W7 Ent. x64
Hi there..
this is my 1st post in your forums so i hope i'll get my request right.
I've installed my w7 for the 2nd time now on my new PC (b4 it was on my old PC -different HW)
I didn't get into it for the 1st time because i knew that i;m going to bu a new PC.
when it happened on the new one i started exploring.
I can only guess that they are connected.
The HW that i moved from the old PC to the new one are:
1. WDC WD1600ADFS RAPTOR
2. Seagate 1.5TB ST31500341AS
3. Logitech QuickCam Communicate Deluxe (vista x64 drivers)
I'm Attaching my SysInfo NFO file as well.
after opening the minidump this is what i got:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\Backup\Install64\BlueScreens\Minidump\040510-19640-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02c0c000 PsLoadedModuleList = 0xfffff800`02e49e50
Debug session time: Mon Apr 5 11:22:29.360 2010 (UTC + 3:00)
System Uptime: 1 days 18:08:52.328
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 1, fffffa8006439bad}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffffa8006439bad, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb40e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
+3737656364363864
fffffa80`06439bad 488941e0 mov qword ptr [rcx-20h],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: egui.exe
TRAP_FRAME: fffff88009e5de20 -- (.trap 0xfffff88009e5de20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8005fd2888 rbx=0000000000000000 rcx=0000000000000020
rdx=fffffa8054957008 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa8006439bad rsp=fffff88009e5dfb8 rbp=0000000000000ee0
r8=00000000000076f8 r9=00000000000003b7 r10=fffffa8006310ed8
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
fffffa80`06439bad 488941e0 mov qword ptr [rcx-20h],rax ds:0b14:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002c7d469 to fffff80002c7df00
STACK_TEXT:
fffff880`09e5dcd8 fffff800`02c7d469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`09e5dce0 fffff800`02c7c0e0 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`05f3fcd0 : nt!KiBugCheckDispatch+0x69
fffff880`09e5de20 fffffa80`06439bad : fffffa80`064288b6 fffffa80`063c24f8 fffff8a0`02e02b40 fffffa80`063dcc40 : nt!KiPageFault+0x260
fffff880`09e5dfb8 fffffa80`064288b6 : fffffa80`063c24f8 fffff8a0`02e02b40 fffffa80`063dcc40 00000000`00000066 : 0xfffffa80`06439bad
fffff880`09e5dfc0 fffffa80`063c24f8 : fffff8a0`02e02b40 fffffa80`063dcc40 00000000`00000066 00000000`00000000 : 0xfffffa80`064288b6
fffff880`09e5dfc8 fffff8a0`02e02b40 : fffffa80`063dcc40 00000000`00000066 00000000`00000000 fffffa80`0642a95a : 0xfffffa80`063c24f8
fffff880`09e5dfd0 fffffa80`063dcc40 : 00000000`00000066 00000000`00000000 fffffa80`0642a95a 00000000`00000edf : 0xfffff8a0`02e02b40
fffff880`09e5dfd8 00000000`00000066 : 00000000`00000000 fffffa80`0642a95a 00000000`00000edf 00000000`00000a11 : 0xfffffa80`063dcc40
fffff880`09e5dfe0 00000000`00000000 : fffffa80`0642a95a 00000000`00000edf 00000000`00000a11 00000000`00000066 : 0x66
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02c7c0e0 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
FAILURE_BUCKET_ID: X64_0xD1_nt!KiPageFault+260
BUCKET_ID: X64_0xD1_nt!KiPageFault+260
Followup: MachineOwner
---------
As you can see there is a reference to the Eset smart security gui that i'm using-
"PROCESS_NAME: egui.exe"
but what does it mean?
also i tried to preform the driver verifier for some time (in minutes) with no BSOD's.
what should i do?
thanks
TheGM