I´ve had some strange behavior lately with BSOD when I shutdown the computer. It seems that it´s eamon.sys that causes it. Does anybody have any ideas?

Versions
EAV 3.0.672.0
Intel Wi-Fi 12.0.0.82
Broadcom NIC 10.100.0.0
Sonicwall SSL-VPN Virtual Adapter 1.4.0.3

Windbg report
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Kernel base = 0x81e41000 PsLoadedModuleList = 0x81f58c70
Debug session time: Mon Nov 10 06:40:34.630 2008 (GMT+1)
System Uptime: 0 days 7:13:00.522
Loading Kernel Symbols
..............................................................................................................................................................................
Loading User Symbols

Loading unloaded module list
....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 110b, 8020011, 886963e0}

*** ERROR: Symbol file could not be found. Defaulted to export symbols for eamon.sys -
Probably caused by : eamon.sys ( eamon+2746 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: 08020011, Memory contents of the pool block
Arg4: 886963e0, Address of the block of pool being deallocated

Debugging Details:
------------------


POOL_ADDRESS: 886963e0 Nonpaged pool

FREED_POOL_TAG: None

BUGCHECK_STR: 0xc2_7_None

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 81f2f00c to 81f0e0e3

STACK_TEXT:
902d76ec 81f2f00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
902d7760 a3eea746 886963e0 00000000 902d778c nt!ExFreePoolWithTag+0x17f
WARNING: Stack unwind information not available. Following frames may be wrong.
902d7770 a3ee9b7c 886963e0 865a5008 a8e0bcec eamon+0x2746
902d778c a3eeb95f a8e0bcec 852c7c08 865a5008 eamon+0x1b7c
902d77c8 81efcfd3 852c7c08 865a5008 a57c73b4 eamon+0x395f
902d77e0 82061d11 95c4b6ba 8b061dc4 861cf018 nt!IofCallDriver+0x63
902d78b0 820873ff 861cf030 00000000 8b061d20 nt!IopParseDevice+0xf61
902d7940 8205f0f6 00000000 902d7998 00000240 nt!ObpLookupObjectName+0x5a8
902d79a0 82060bf3 902d7b4c 00000000 00000000 nt!ObOpenObjectByName+0x13c
902d7a14 82067fea 902d7b44 00100003 902d7b4c nt!IopCreateFile+0x63b
902d7a60 81e98a1a 902d7b44 00100003 902d7b4c nt!NtCreateFile+0x34
902d7a60 81e96509 902d7b44 00100003 902d7b4c nt!KiFastCallEntry+0x12a
902d7b04 82119819 902d7b44 00100003 902d7b4c nt!ZwCreateFile+0x11
902d7d7c 82016b18 a0114a4c 95c4b3ca 00000000 nt!PopFlushVolumeWorker+0x12a
902d7dc0 81e6fa2e 821196ef a0114a4c 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
eamon+2746
a3eea746 5d pop ebp

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: eamon+2746

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: eamon

IMAGE_NAME: eamon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 48a95943

FAILURE_BUCKET_ID: 0xc2_7_None_eamon+2746

BUCKET_ID: 0xc2_7_None_eamon+2746

Followup: MachineOwner

Any help is appreciated!!

//W

Could you create a complete or kernel memory dump, upload it to an ftp and send me the link to it? It's quite common that there's a serious problem with the OS and since eamon.sys is the last one in the order it's flagged as the culprit even though it isn't.

Hi Marcos,
I see a number of crashes just like this in the online crash analysis database of Microsoft while reviewing our Vista SP2 data. I would like to work with you get this resolved if possible. I would expect we could get this resolved pretty quickly with driver verifier etc.

I have exactly the same problem. I use a Vista Ultimate SP2 (RTM) x64.
I run an ESET 4.0.424.0. Antivirus.
I do not run any security program beside ESET NOd
My message is: DRIVER_IRQL_NOT_LESS_OR_EQUAL.
The problem is the eamon.sys driver, and of course, I have the minidump file.
There's an other issue which colors the picture however: at random reboots the "real time file protection" does NOT start, leaving the tray-icon red (which is green, when everything works flawlessly).
I tried to repair the installation via the eav_nt64_enu.msi installation file, but it did not work out. The problem endured.
I did the process with UAC disabled, of course (to get enough privileges).
Thanx for any help - I appreciate Your effort!

I assume you haven't read all the other posts on here regarding Vista SP2 and ESET? There's a fair number of people experiencing problems.

You'll probably find everything is tickety-boo with SP1.


Jim

Thanx. It's just Google come up with the results when searching, and took me here. I got a little bit relaxed now knowing that many fella users have the same problem. First I thought it's a unique problem of my own OS.
BTW, U meant this thread, didn't U:
http://www.wilderssecurity.com/showthread.php?t=241025
Thanx for the headsup, though.

Yep that's the one. Hopefully there will be a resolution soon.


Jim

Same problem here... BSOD via eamon.sys, funny thing is I was installing SP2... Then BSOD on phase 3 of 3.

Yes that's where I first had it.