davidhso

Also running ESET File Security v4.5.12005.0

Hello, I'm running a Windows 2003 x86 SBS SP2 server in my environment and I got this blue screen the other day. From the dmp file I noticed that it is coming from ESET but I'm not sure why this is happening but it seems as though Backup Exec (12.5) and ESET aren't playing nice. Would someone give me some more insight as to why this happened? Thank you. ========START DMP IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000000, memory referenced Arg2: d0000002, IRQL Arg3: 00000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: 80a613de, address which referenced memory Debugging Details: ------------------ *** ERROR: Module load completed but symbols could not be loaded for VirtFile.sys *** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys WRITE_ADDRESS: 00000000 CURRENT_IRQL: 2 FAULTING_IP: hal!KeAcquireSpinLockRaiseToSynch+e 80a613de f00fba2900 lock bts dword ptr [ecx],0 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: ekrn.exe ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre TRAP_FRAME: b3ce86a8 -- (.trap 0xffffffffb3ce86a8) ErrCode = 00000002 eax=00000000 ebx=87f1b2b0 ecx=00000000 edx=b3ce8778 esi=89a59808 edi=89a59994 eip=80a613de esp=b3ce871c ebp=b3ce8734 iopl=0 nv up ei ng nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282 hal!KeAcquireSpinLockRaiseToSynch+0xe: 80a613de f00fba2900 lock bts dword ptr [ecx],0 ds:0023:00000000=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 80a613de to 8088e730 STACK_TEXT: b3ce86a8 80a613de badb0d00 b3ce8778 89560cc4 nt!KiTrap0E+0x18c b3ce8718 9bda76c1 00000000 00000000 00000000 hal!KeAcquireSpinLockRaiseToSynch+0xe WARNING: Stack unwind information not available. Following frames may be wrong. b3ce8734 9bda77d4 00000000 b3ce876c b3ce8778 VirtFile+0x46c1 b3ce877c 9bda6191 87f1b30c 89b92130 00000001 VirtFile+0x47d4 b3ce8814 9bda62ec 89b92130 87f1b30c 00000001 VirtFile+0x3191 b3ce8834 f76e34de 87f1b30c b3ce8854 b3ce8870 VirtFile+0x32ec b3ce8894 f76e4f3e 00ce88dc 00000000 b3ce88dc fltmgr!FltpPerformPreCallbacks+0x2d4 b3ce88a8 f76e58e6 b3ce88dc 00000000 8a0c2700 fltmgr!FltpPassThroughInternal+0x32 b3ce88c4 f76e5cfa b3ce8800 88d65910 8b51b2a0 fltmgr!FltpPassThrough+0x1c2 b3ce88f4 8081e185 8a0c2700 87ee9cd0 87ee9cd0 fltmgr!FltpDispatch+0x110 b3ce8908 808f787b 87ee9e84 87ee9cd0 88d65910 nt!IofCallDriver+0x45 b3ce891c 808f4a47 8a0c2700 87ee9cd0 88d65910 nt!IopSynchronousServiceTail+0x10b b3ce89b4 87b43c15 00000434 00000000 00000000 nt!NtReadFile+0x5d5 b3ce8a44 f7b8ca0a f7b8c9c1 0707d33c 8b27f608 0x87b43c15 b3ce8a48 f7b8c9c1 0707d33c 8b27f608 8b295020 Ntfs!NtfsFastQueryStdInfo+0x182 b3ce8b94 87b42390 0707ccf4 0000004c b3ce8c78 Ntfs!NtfsFastQueryStdInfo+0x139 b3ce8bd4 b9b002d3 00002134 0707ccf4 0000004c 0x87b42390 b3ce8bf8 b9b1931f 87e8ac60 0707ccf4 0000004c ehdrv+0x12d3 b3ce8c5c 808f828d 89453be8 00000001 0707ccf4 ehdrv+0x1a31f b3ce8d00 808f1164 00000350 00000000 00000000 nt!IopXxxControlFile+0x255 b3ce8d34 8088b658 00000350 00000000 00000000 nt!NtDeviceIoControlFile+0x2a b3ce8d34 7c82845c 00000350 00000000 00000000 nt!KiSystemServicePostCall 0707cca8 00000000 00000000 00000000 00000000 0x7c82845c STACK_COMMAND: kb FOLLOWUP_IP: VirtFile+46c1 9bda76c1 8845f7 mov byte ptr [ebp-9],al SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: VirtFile+46c1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: VirtFile IMAGE_NAME: VirtFile.sys DEBUG_FLR_IMAGE_TIMESTAMP: 49b01a64 FAILURE_BUCKET_ID: 0xA_VirtFile+46c1 BUCKET_ID: 0xA_VirtFile+46c1 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xa_virtfile+46c1 FAILURE_ID_HASH: {06565879-e9b6-7793-3a65-077b591df06e} Followup: MachineOwner ---------