I have been getting bad pool caller (and header) blue screen errors for months and the minidump told me it was caused by 'eamon.sys'.
Should I stop using Eset Smart Security?


Thanks for any help

What version are you using? Could you please send the minidump to support[at]eset.com with this thread's url enclosed?

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini081308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Aug 13 10:30:07.671 2008 (GMT+1)
System Uptime: 0 days 1:44:51.596
Loading Kernel Symbols
................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 2020001, 8a615c50}

Unable to load image eamon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys
Unable to load image iksysflt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iksysflt.sys
*** ERROR: Module load completed but symbols could not be loaded for iksysflt.sys
*** WARNING: Unable to verify timestamp for guard.sys
*** ERROR: Module load completed but symbols could not be loaded for guard.sys
Probably caused by : eamon.sys ( eamon+270e )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 02020001, Memory contents of the pool block
Arg4: 8a615c50, Address of the block of pool being deallocated

Debugging Details:
------------------


POOL_ADDRESS: 8a615c50

FREED_POOL_TAG: None

BUGCHECK_STR: 0xc2_7_None

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: svchost.exe

LAST_CONTROL_TRANSFER: from 8054b583 to 804f9f33

STACK_TEXT:
a81ea2f0 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
a81ea340 a836f70e 8a615c50 00000000 a81ea36c nt!ExFreePoolWithTag+0x2a3
WARNING: Stack unwind information not available. Following frames may be wrong.
a81ea350 a836eb64 8a615c50 8a1d2900 89990018 eamon+0x270e
a81ea36c a83708c8 89990018 89af3ac8 8a1d2900 eamon+0x1b64
a81ea3a0 804ef18f 89abf950 89990008 89990008 eamon+0x38c8
a81ea3b0 805831fa 8a675578 89b4ba2c a81ea548 nt!IopfCallDriver+0x31
a81ea490 805bf444 8a675590 00000000 89b4b988 nt!IopParseDevice+0xa12
a81ea508 805bb9d0 00000000 a81ea548 00000040 nt!ObpLookupObjectName+0x53c
a81ea55c 80576033 00000000 00000000 00000200 nt!ObOpenObjectByName+0xea
a81ea5d8 805769aa a81ea7ec 00100001 a81ea7b8 nt!IopCreateFile+0x407
a81ea634 805790b4 a81ea7ec 00100001 a81ea7b8 nt!IoCreateFile+0x8e
a81ea674 8054161c a81ea7ec 00100001 a81ea7b8 nt!NtCreateFile+0x30
a81ea674 80500021 a81ea7ec 00100001 a81ea7b8 nt!KiFastCallEntry+0xfc
a81ea718 a836ea77 a81ea7ec 00100001 a81ea7b8 nt!ZwCreateFile+0x11
a81ea760 a83704d1 a81ea7ec 00100001 a81ea7b8 eamon+0x1a77
a81ea7f4 a8371ed2 0000001f 899ded30 8a5d1a70 eamon+0x34d1
a81ea820 a8370e17 89b3f008 00000000 00000003 eamon+0x4ed2
a81ea864 804ef18f 01abf950 899ded30 899ded30 eamon+0x3e17
a81ea874 80583953 89e9fa88 00000070 8a752040 nt!IopfCallDriver+0x31
a81ea8a4 805bca0a 8a44a978 89abf950 00120196 nt!IopCloseFile+0x26b
a81ea8d8 805bc333 8a44a978 00000001 8a752040 nt!ObpDecrementHandleCount+0xd8
a81ea900 805c29df e312b838 89e9faa0 000001e8 nt!ObpCloseHandleTableEntry+0x14d
a81ea920 8060da1b e13bf3d0 000001e8 a81ea960 nt!ObpCloseHandleProcedure+0x1f
a81ea940 805c2ad8 e312b838 805c29c0 a81ea960 nt!ExSweepHandleTable+0x3b
a81ea96c 805d266f 8a44a978 89b1cba0 89b1cde8 nt!ObKillProcess+0x5c
a81eaa0c 805d28c8 00000000 89b1cba0 00000000 nt!PspExitThread+0x5e9
a81eaa2c 805d2aa3 89b1cba0 00000000 a81ead0c nt!PspTerminateThreadByPointer+0x52
a81eaa58 a8efd1b5 00000000 00000000 a81ead64 nt!NtTerminateProcess+0x105
a81ead14 ba69489f ffffffff 00000000 a81ead64 iksysflt+0x41b5
a81ead54 8054161c ffffffff 00000000 0007ff9c guard+0x89f
a81ead54 7c90e4f4 ffffffff 00000000 0007ff9c nt!KiFastCallEntry+0xfc
0007ff9c 00000000 00000000 00000000 00000000 0x7c90e4f4


STACK_COMMAND: kb

FOLLOWUP_IP:
eamon+270e
a836f70e ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: eamon+270e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: eamon

IMAGE_NAME: eamon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47d94a56

FAILURE_BUCKET_ID: 0xc2_7_None_eamon+270e

BUCKET_ID: 0xc2_7_None_eamon+270e

Followup: MachineOwner
---------

Hy, I have a similar problem but in Vista x86.
The BSOD occurs randomly when I turn off my pc(Saving Settings...).
Here is my minidump:

Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Kernel base = 0x81837000 PsLoadedModuleList = 0x81944930
Debug session time: Sun Aug 17 03:48:58.783 2008 (GMT+3)
System Uptime: 0 days 7:52:43.983
Loading Kernel Symbols
.................................................................................................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 110b, 8020015, 84e0b0e8}

*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys
GetPointerFromAddress: unable to read from 819636d8
Unable to read MiSystemVaType memory at 819442e0
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** WARNING: Unable to verify timestamp for a0gywvoo.SYS
*** ERROR: Module load completed but symbols could not be loaded for a0gywvoo.SYS
*** WARNING: Unable to verify timestamp for Epfwndis.sys
*** ERROR: Module load completed but symbols could not be loaded for Epfwndis.sys
*** WARNING: Unable to verify timestamp for EIO.sys
*** ERROR: Module load completed but symbols could not be loaded for EIO.sys
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** WARNING: Unable to verify timestamp for l160x86.sys
*** ERROR: Module load completed but symbols could not be loaded for l160x86.sys
*** WARNING: Unable to verify timestamp for ASACPI.sys
*** ERROR: Module load completed but symbols could not be loaded for ASACPI.sys
*** WARNING: Unable to verify timestamp for RTKVHDA.sys
*** ERROR: Module load completed but symbols could not be loaded for RTKVHDA.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for epfwtdi.sys
*** ERROR: Module load completed but symbols could not be loaded for epfwtdi.sys
*** WARNING: Unable to verify timestamp for SCDEmu.SYS
*** ERROR: Module load completed but symbols could not be loaded for SCDEmu.SYS
*** WARNING: Unable to verify timestamp for easdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for easdrv.sys
*** WARNING: Unable to verify timestamp for epfw.sys
*** ERROR: Module load completed but symbols could not be loaded for epfw.sys
*** WARNING: Unable to verify timestamp for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spsys.sys
*** WARNING: Unable to verify timestamp for cdd.dll
*** WARNING: Unable to verify timestamp for secdrv.SYS
*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
Probably caused by : eamon.sys ( eamon+2746 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: 08020015, Memory contents of the pool block
Arg4: 84e0b0e8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetPointerFromAddress: unable to read from 819636d8
Unable to read MiSystemVaType memory at 819442e0

POOL_ADDRESS: GetPointerFromAddress: unable to read from 819636d8
Unable to read MiSystemVaType memory at 819442e0
84e0b0e8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: wininit.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 8191bc2c to 818f26d9

STACK_TEXT:
892bd374 8191bc2c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
892bd3e8 8eb6d746 84e0b0e8 00000000 892bd414 nt!ExFreePoolWithTag+0x17f
WARNING: Stack unwind information not available. Following frames may be wrong.
892bd3f8 8eb6cb7c 84e0b0e8 8532d148 8529bd14 eamon+0x2746
892bd414 8eb6e954 8529bd14 853f5c38 8532d148 eamon+0x1b7c
892bd450 8187d1ad 853f5c38 8532d148 8507c5cc eamon+0x3954
892bd468 81a30adc d3ccc765 85bd42dc 84476920 nt!IofCallDriver+0x63
892bd538 81a2a6cc 84476938 00000000 85bd4238 nt!IopParseDevice+0xf61
892bd5c8 81a2ac5c 00000000 892bd620 00000240 nt!ObpLookupObjectName+0x5a8
892bd628 81a31a27 892bd7d4 00000000 81a39b00 nt!ObOpenObjectByName+0x13c
892bd69c 81a4b0ac 892bd7cc 00100003 892bd7d4 nt!IopCreateFile+0x63b
892bd6e8 8188e9aa 892bd7cc 00100003 892bd7d4 nt!NtCreateFile+0x34
892bd6e8 8188c499 892bd7cc 00100003 892bd7d4 nt!KiFastCallEntry+0x12a
892bd78c 81b02e99 892bd7cc 00100003 892bd7d4 nt!ZwCreateFile+0x11
892bda04 81b02d42 892bda4c 00000004 8192e2bc nt!PopFlushVolumeWorker+0x12a
892bda68 81b040c0 00000001 d3ccc9cd 892bdba4 nt!PopFlushVolumes+0x2df
892bdb90 8188e9aa 00000006 00000000 00000004 nt!NtSetSystemPowerState+0x451
892bdb90 8188d8c1 00000006 00000000 00000004 nt!KiFastCallEntry+0x12a
892bdc14 81b03d25 00000006 00000004 c0000004 nt!ZwSetSystemPowerState+0x11
892bdd44 81adf423 00000006 00000004 c0000004 nt!NtSetSystemPowerState+0xc0
892bdd58 8188e9aa 00000002 001df968 76eb9a94 nt!NtShutdownSystem+0x32
892bdd58 76eb9a94 00000002 001df968 76eb9a94 nt!KiFastCallEntry+0x12a
001df968 00000000 00000000 00000000 00000000 0x76eb9a94


STACK_COMMAND: kb

FOLLOWUP_IP:
eamon+2746
8eb6d746 ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: eamon+2746

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: eamon

IMAGE_NAME: eamon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5

FAILURE_BUCKET_ID: 0xc2_7_eamon+2746

BUCKET_ID: 0xc2_7_eamon+2746

Followup: MachineOwner
---------