Blue screen errors

Discussion in 'ESET Smart Security' started by nimicitor, Aug 14, 2008.

Thread Status:
Not open for further replies.
  1. nimicitor

    nimicitor Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    8
    I have been getting bad pool caller (and header) blue screen errors for months and the minidump told me it was caused by 'eamon.sys'.
    Should I stop using Eset Smart Security?


    Thanks for any help
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,408
    What version are you using? Could you please send the minidump to support[at]eset.com with this thread's url enclosed?
     
  3. nimicitor

    nimicitor Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    8
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\Minidump\Mini081308-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp.080413-2111
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
    Debug session time: Wed Aug 13 10:30:07.671 2008 (GMT+1)
    System Uptime: 0 days 1:44:51.596
    Loading Kernel Symbols
    ................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, cd4, 2020001, 8a615c50}

    Unable to load image eamon.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys
    Unable to load image iksysflt.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for iksysflt.sys
    *** ERROR: Module load completed but symbols could not be loaded for iksysflt.sys
    *** WARNING: Unable to verify timestamp for guard.sys
    *** ERROR: Module load completed but symbols could not be loaded for guard.sys
    Probably caused by : eamon.sys ( eamon+270e )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000007, Attempt to free pool which was already freed
    Arg2: 00000cd4, (reserved)
    Arg3: 02020001, Memory contents of the pool block
    Arg4: 8a615c50, Address of the block of pool being deallocated

    Debugging Details:
    ------------------


    POOL_ADDRESS: 8a615c50

    FREED_POOL_TAG: None

    BUGCHECK_STR: 0xc2_7_None

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    PROCESS_NAME: svchost.exe

    LAST_CONTROL_TRANSFER: from 8054b583 to 804f9f33

    STACK_TEXT:
    a81ea2f0 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
    a81ea340 a836f70e 8a615c50 00000000 a81ea36c nt!ExFreePoolWithTag+0x2a3
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a81ea350 a836eb64 8a615c50 8a1d2900 89990018 eamon+0x270e
    a81ea36c a83708c8 89990018 89af3ac8 8a1d2900 eamon+0x1b64
    a81ea3a0 804ef18f 89abf950 89990008 89990008 eamon+0x38c8
    a81ea3b0 805831fa 8a675578 89b4ba2c a81ea548 nt!IopfCallDriver+0x31
    a81ea490 805bf444 8a675590 00000000 89b4b988 nt!IopParseDevice+0xa12
    a81ea508 805bb9d0 00000000 a81ea548 00000040 nt!ObpLookupObjectName+0x53c
    a81ea55c 80576033 00000000 00000000 00000200 nt!ObOpenObjectByName+0xea
    a81ea5d8 805769aa a81ea7ec 00100001 a81ea7b8 nt!IopCreateFile+0x407
    a81ea634 805790b4 a81ea7ec 00100001 a81ea7b8 nt!IoCreateFile+0x8e
    a81ea674 8054161c a81ea7ec 00100001 a81ea7b8 nt!NtCreateFile+0x30
    a81ea674 80500021 a81ea7ec 00100001 a81ea7b8 nt!KiFastCallEntry+0xfc
    a81ea718 a836ea77 a81ea7ec 00100001 a81ea7b8 nt!ZwCreateFile+0x11
    a81ea760 a83704d1 a81ea7ec 00100001 a81ea7b8 eamon+0x1a77
    a81ea7f4 a8371ed2 0000001f 899ded30 8a5d1a70 eamon+0x34d1
    a81ea820 a8370e17 89b3f008 00000000 00000003 eamon+0x4ed2
    a81ea864 804ef18f 01abf950 899ded30 899ded30 eamon+0x3e17
    a81ea874 80583953 89e9fa88 00000070 8a752040 nt!IopfCallDriver+0x31
    a81ea8a4 805bca0a 8a44a978 89abf950 00120196 nt!IopCloseFile+0x26b
    a81ea8d8 805bc333 8a44a978 00000001 8a752040 nt!ObpDecrementHandleCount+0xd8
    a81ea900 805c29df e312b838 89e9faa0 000001e8 nt!ObpCloseHandleTableEntry+0x14d
    a81ea920 8060da1b e13bf3d0 000001e8 a81ea960 nt!ObpCloseHandleProcedure+0x1f
    a81ea940 805c2ad8 e312b838 805c29c0 a81ea960 nt!ExSweepHandleTable+0x3b
    a81ea96c 805d266f 8a44a978 89b1cba0 89b1cde8 nt!ObKillProcess+0x5c
    a81eaa0c 805d28c8 00000000 89b1cba0 00000000 nt!PspExitThread+0x5e9
    a81eaa2c 805d2aa3 89b1cba0 00000000 a81ead0c nt!PspTerminateThreadByPointer+0x52
    a81eaa58 a8efd1b5 00000000 00000000 a81ead64 nt!NtTerminateProcess+0x105
    a81ead14 ba69489f ffffffff 00000000 a81ead64 iksysflt+0x41b5
    a81ead54 8054161c ffffffff 00000000 0007ff9c guard+0x89f
    a81ead54 7c90e4f4 ffffffff 00000000 0007ff9c nt!KiFastCallEntry+0xfc
    0007ff9c 00000000 00000000 00000000 00000000 0x7c90e4f4


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+270e
    a836f70e ?? o_O

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+270e

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 47d94a56

    FAILURE_BUCKET_ID: 0xc2_7_None_eamon+270e

    BUCKET_ID: 0xc2_7_None_eamon+270e

    Followup: MachineOwner
    ---------
     
  4. cosma_sebastian

    cosma_sebastian Registered Member

    Joined:
    Aug 17, 2008
    Posts:
    1
    Hy, I have a similar problem but in Vista x86.
    The BSOD occurs randomly when I turn off my pc(Saving Settings...).
    Here is my minidump:

    Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
    Kernel base = 0x81837000 PsLoadedModuleList = 0x81944930
    Debug session time: Sun Aug 17 03:48:58.783 2008 (GMT+3)
    System Uptime: 0 days 7:52:43.983
    Loading Kernel Symbols
    .................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, 110b, 8020015, 84e0b0e8}

    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys
    GetPointerFromAddress: unable to read from 819636d8
    Unable to read MiSystemVaType memory at 819442e0
    *** WARNING: Unable to verify timestamp for sptd.sys
    *** ERROR: Module load completed but symbols could not be loaded for sptd.sys
    *** ERROR: Module load completed but symbols could not be loaded for spldr.sys
    *** WARNING: Unable to verify timestamp for a0gywvoo.SYS
    *** ERROR: Module load completed but symbols could not be loaded for a0gywvoo.SYS
    *** WARNING: Unable to verify timestamp for Epfwndis.sys
    *** ERROR: Module load completed but symbols could not be loaded for Epfwndis.sys
    *** WARNING: Unable to verify timestamp for EIO.sys
    *** ERROR: Module load completed but symbols could not be loaded for EIO.sys
    *** WARNING: Unable to verify timestamp for nvlddmkm.sys
    *** WARNING: Unable to verify timestamp for l160x86.sys
    *** ERROR: Module load completed but symbols could not be loaded for l160x86.sys
    *** WARNING: Unable to verify timestamp for ASACPI.sys
    *** ERROR: Module load completed but symbols could not be loaded for ASACPI.sys
    *** WARNING: Unable to verify timestamp for RTKVHDA.sys
    *** ERROR: Module load completed but symbols could not be loaded for RTKVHDA.sys
    *** WARNING: Unable to verify timestamp for drmk.sys
    *** ERROR: Module load completed but symbols could not be loaded for drmk.sys
    *** WARNING: Unable to verify timestamp for epfwtdi.sys
    *** ERROR: Module load completed but symbols could not be loaded for epfwtdi.sys
    *** WARNING: Unable to verify timestamp for SCDEmu.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SCDEmu.SYS
    *** WARNING: Unable to verify timestamp for easdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for easdrv.sys
    *** WARNING: Unable to verify timestamp for epfw.sys
    *** ERROR: Module load completed but symbols could not be loaded for epfw.sys
    *** WARNING: Unable to verify timestamp for spsys.sys
    *** ERROR: Module load completed but symbols could not be loaded for spsys.sys
    *** WARNING: Unable to verify timestamp for cdd.dll
    *** WARNING: Unable to verify timestamp for secdrv.SYS
    *** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
    Probably caused by : eamon.sys ( eamon+2746 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000007, Attempt to free pool which was already freed
    Arg2: 0000110b, (reserved)
    Arg3: 08020015, Memory contents of the pool block
    Arg4: 84e0b0e8, Address of the block of pool being deallocated

    Debugging Details:
    ------------------

    GetPointerFromAddress: unable to read from 819636d8
    Unable to read MiSystemVaType memory at 819442e0

    POOL_ADDRESS: GetPointerFromAddress: unable to read from 819636d8
    Unable to read MiSystemVaType memory at 819442e0
    84e0b0e8

    BUGCHECK_STR: 0xc2_7

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    PROCESS_NAME: wininit.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from 8191bc2c to 818f26d9

    STACK_TEXT:
    892bd374 8191bc2c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
    892bd3e8 8eb6d746 84e0b0e8 00000000 892bd414 nt!ExFreePoolWithTag+0x17f
    WARNING: Stack unwind information not available. Following frames may be wrong.
    892bd3f8 8eb6cb7c 84e0b0e8 8532d148 8529bd14 eamon+0x2746
    892bd414 8eb6e954 8529bd14 853f5c38 8532d148 eamon+0x1b7c
    892bd450 8187d1ad 853f5c38 8532d148 8507c5cc eamon+0x3954
    892bd468 81a30adc d3ccc765 85bd42dc 84476920 nt!IofCallDriver+0x63
    892bd538 81a2a6cc 84476938 00000000 85bd4238 nt!IopParseDevice+0xf61
    892bd5c8 81a2ac5c 00000000 892bd620 00000240 nt!ObpLookupObjectName+0x5a8
    892bd628 81a31a27 892bd7d4 00000000 81a39b00 nt!ObOpenObjectByName+0x13c
    892bd69c 81a4b0ac 892bd7cc 00100003 892bd7d4 nt!IopCreateFile+0x63b
    892bd6e8 8188e9aa 892bd7cc 00100003 892bd7d4 nt!NtCreateFile+0x34
    892bd6e8 8188c499 892bd7cc 00100003 892bd7d4 nt!KiFastCallEntry+0x12a
    892bd78c 81b02e99 892bd7cc 00100003 892bd7d4 nt!ZwCreateFile+0x11
    892bda04 81b02d42 892bda4c 00000004 8192e2bc nt!PopFlushVolumeWorker+0x12a
    892bda68 81b040c0 00000001 d3ccc9cd 892bdba4 nt!PopFlushVolumes+0x2df
    892bdb90 8188e9aa 00000006 00000000 00000004 nt!NtSetSystemPowerState+0x451
    892bdb90 8188d8c1 00000006 00000000 00000004 nt!KiFastCallEntry+0x12a
    892bdc14 81b03d25 00000006 00000004 c0000004 nt!ZwSetSystemPowerState+0x11
    892bdd44 81adf423 00000006 00000004 c0000004 nt!NtSetSystemPowerState+0xc0
    892bdd58 8188e9aa 00000002 001df968 76eb9a94 nt!NtShutdownSystem+0x32
    892bdd58 76eb9a94 00000002 001df968 76eb9a94 nt!KiFastCallEntry+0x12a
    001df968 00000000 00000000 00000000 00000000 0x76eb9a94


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+2746
    8eb6d746 ?? o_O

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+2746

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5

    FAILURE_BUCKET_ID: 0xc2_7_eamon+2746

    BUCKET_ID: 0xc2_7_eamon+2746

    Followup: MachineOwner
    ---------
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.