Blue screen errors

Discussion in 'ESET Smart Security' started by nimicitor, Aug 14, 2008.

Thread Status:
Not open for further replies.
  1. nimicitor

    nimicitor Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    8
    I have been getting bad pool caller (and header) blue screen errors for months and the minidump told me it was caused by 'eamon.sys'.
    Should I stop using Eset Smart Security?


    Thanks for any help
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What version are you using? Could you please send the minidump to support[at]eset.com with this thread's url enclosed?
     
  3. nimicitor

    nimicitor Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    8
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\Minidump\Mini081308-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp.080413-2111
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
    Debug session time: Wed Aug 13 10:30:07.671 2008 (GMT+1)
    System Uptime: 0 days 1:44:51.596
    Loading Kernel Symbols
    ................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, cd4, 2020001, 8a615c50}

    Unable to load image eamon.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys
    Unable to load image iksysflt.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for iksysflt.sys
    *** ERROR: Module load completed but symbols could not be loaded for iksysflt.sys
    *** WARNING: Unable to verify timestamp for guard.sys
    *** ERROR: Module load completed but symbols could not be loaded for guard.sys
    Probably caused by : eamon.sys ( eamon+270e )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000007, Attempt to free pool which was already freed
    Arg2: 00000cd4, (reserved)
    Arg3: 02020001, Memory contents of the pool block
    Arg4: 8a615c50, Address of the block of pool being deallocated

    Debugging Details:
    ------------------


    POOL_ADDRESS: 8a615c50

    FREED_POOL_TAG: None

    BUGCHECK_STR: 0xc2_7_None

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    PROCESS_NAME: svchost.exe

    LAST_CONTROL_TRANSFER: from 8054b583 to 804f9f33

    STACK_TEXT:
    a81ea2f0 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
    a81ea340 a836f70e 8a615c50 00000000 a81ea36c nt!ExFreePoolWithTag+0x2a3
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a81ea350 a836eb64 8a615c50 8a1d2900 89990018 eamon+0x270e
    a81ea36c a83708c8 89990018 89af3ac8 8a1d2900 eamon+0x1b64
    a81ea3a0 804ef18f 89abf950 89990008 89990008 eamon+0x38c8
    a81ea3b0 805831fa 8a675578 89b4ba2c a81ea548 nt!IopfCallDriver+0x31
    a81ea490 805bf444 8a675590 00000000 89b4b988 nt!IopParseDevice+0xa12
    a81ea508 805bb9d0 00000000 a81ea548 00000040 nt!ObpLookupObjectName+0x53c
    a81ea55c 80576033 00000000 00000000 00000200 nt!ObOpenObjectByName+0xea
    a81ea5d8 805769aa a81ea7ec 00100001 a81ea7b8 nt!IopCreateFile+0x407
    a81ea634 805790b4 a81ea7ec 00100001 a81ea7b8 nt!IoCreateFile+0x8e
    a81ea674 8054161c a81ea7ec 00100001 a81ea7b8 nt!NtCreateFile+0x30
    a81ea674 80500021 a81ea7ec 00100001 a81ea7b8 nt!KiFastCallEntry+0xfc
    a81ea718 a836ea77 a81ea7ec 00100001 a81ea7b8 nt!ZwCreateFile+0x11
    a81ea760 a83704d1 a81ea7ec 00100001 a81ea7b8 eamon+0x1a77
    a81ea7f4 a8371ed2 0000001f 899ded30 8a5d1a70 eamon+0x34d1
    a81ea820 a8370e17 89b3f008 00000000 00000003 eamon+0x4ed2
    a81ea864 804ef18f 01abf950 899ded30 899ded30 eamon+0x3e17
    a81ea874 80583953 89e9fa88 00000070 8a752040 nt!IopfCallDriver+0x31
    a81ea8a4 805bca0a 8a44a978 89abf950 00120196 nt!IopCloseFile+0x26b
    a81ea8d8 805bc333 8a44a978 00000001 8a752040 nt!ObpDecrementHandleCount+0xd8
    a81ea900 805c29df e312b838 89e9faa0 000001e8 nt!ObpCloseHandleTableEntry+0x14d
    a81ea920 8060da1b e13bf3d0 000001e8 a81ea960 nt!ObpCloseHandleProcedure+0x1f
    a81ea940 805c2ad8 e312b838 805c29c0 a81ea960 nt!ExSweepHandleTable+0x3b
    a81ea96c 805d266f 8a44a978 89b1cba0 89b1cde8 nt!ObKillProcess+0x5c
    a81eaa0c 805d28c8 00000000 89b1cba0 00000000 nt!PspExitThread+0x5e9
    a81eaa2c 805d2aa3 89b1cba0 00000000 a81ead0c nt!PspTerminateThreadByPointer+0x52
    a81eaa58 a8efd1b5 00000000 00000000 a81ead64 nt!NtTerminateProcess+0x105
    a81ead14 ba69489f ffffffff 00000000 a81ead64 iksysflt+0x41b5
    a81ead54 8054161c ffffffff 00000000 0007ff9c guard+0x89f
    a81ead54 7c90e4f4 ffffffff 00000000 0007ff9c nt!KiFastCallEntry+0xfc
    0007ff9c 00000000 00000000 00000000 00000000 0x7c90e4f4


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+270e
    a836f70e ?? o_O

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+270e

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 47d94a56

    FAILURE_BUCKET_ID: 0xc2_7_None_eamon+270e

    BUCKET_ID: 0xc2_7_None_eamon+270e

    Followup: MachineOwner
    ---------
     
  4. cosma_sebastian

    cosma_sebastian Registered Member

    Joined:
    Aug 17, 2008
    Posts:
    1
    Hy, I have a similar problem but in Vista x86.
    The BSOD occurs randomly when I turn off my pc(Saving Settings...).
    Here is my minidump:

    Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
    Kernel base = 0x81837000 PsLoadedModuleList = 0x81944930
    Debug session time: Sun Aug 17 03:48:58.783 2008 (GMT+3)
    System Uptime: 0 days 7:52:43.983
    Loading Kernel Symbols
    .................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, 110b, 8020015, 84e0b0e8}

    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys
    GetPointerFromAddress: unable to read from 819636d8
    Unable to read MiSystemVaType memory at 819442e0
    *** WARNING: Unable to verify timestamp for sptd.sys
    *** ERROR: Module load completed but symbols could not be loaded for sptd.sys
    *** ERROR: Module load completed but symbols could not be loaded for spldr.sys
    *** WARNING: Unable to verify timestamp for a0gywvoo.SYS
    *** ERROR: Module load completed but symbols could not be loaded for a0gywvoo.SYS
    *** WARNING: Unable to verify timestamp for Epfwndis.sys
    *** ERROR: Module load completed but symbols could not be loaded for Epfwndis.sys
    *** WARNING: Unable to verify timestamp for EIO.sys
    *** ERROR: Module load completed but symbols could not be loaded for EIO.sys
    *** WARNING: Unable to verify timestamp for nvlddmkm.sys
    *** WARNING: Unable to verify timestamp for l160x86.sys
    *** ERROR: Module load completed but symbols could not be loaded for l160x86.sys
    *** WARNING: Unable to verify timestamp for ASACPI.sys
    *** ERROR: Module load completed but symbols could not be loaded for ASACPI.sys
    *** WARNING: Unable to verify timestamp for RTKVHDA.sys
    *** ERROR: Module load completed but symbols could not be loaded for RTKVHDA.sys
    *** WARNING: Unable to verify timestamp for drmk.sys
    *** ERROR: Module load completed but symbols could not be loaded for drmk.sys
    *** WARNING: Unable to verify timestamp for epfwtdi.sys
    *** ERROR: Module load completed but symbols could not be loaded for epfwtdi.sys
    *** WARNING: Unable to verify timestamp for SCDEmu.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SCDEmu.SYS
    *** WARNING: Unable to verify timestamp for easdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for easdrv.sys
    *** WARNING: Unable to verify timestamp for epfw.sys
    *** ERROR: Module load completed but symbols could not be loaded for epfw.sys
    *** WARNING: Unable to verify timestamp for spsys.sys
    *** ERROR: Module load completed but symbols could not be loaded for spsys.sys
    *** WARNING: Unable to verify timestamp for cdd.dll
    *** WARNING: Unable to verify timestamp for secdrv.SYS
    *** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
    Probably caused by : eamon.sys ( eamon+2746 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000007, Attempt to free pool which was already freed
    Arg2: 0000110b, (reserved)
    Arg3: 08020015, Memory contents of the pool block
    Arg4: 84e0b0e8, Address of the block of pool being deallocated

    Debugging Details:
    ------------------

    GetPointerFromAddress: unable to read from 819636d8
    Unable to read MiSystemVaType memory at 819442e0

    POOL_ADDRESS: GetPointerFromAddress: unable to read from 819636d8
    Unable to read MiSystemVaType memory at 819442e0
    84e0b0e8

    BUGCHECK_STR: 0xc2_7

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    PROCESS_NAME: wininit.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from 8191bc2c to 818f26d9

    STACK_TEXT:
    892bd374 8191bc2c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
    892bd3e8 8eb6d746 84e0b0e8 00000000 892bd414 nt!ExFreePoolWithTag+0x17f
    WARNING: Stack unwind information not available. Following frames may be wrong.
    892bd3f8 8eb6cb7c 84e0b0e8 8532d148 8529bd14 eamon+0x2746
    892bd414 8eb6e954 8529bd14 853f5c38 8532d148 eamon+0x1b7c
    892bd450 8187d1ad 853f5c38 8532d148 8507c5cc eamon+0x3954
    892bd468 81a30adc d3ccc765 85bd42dc 84476920 nt!IofCallDriver+0x63
    892bd538 81a2a6cc 84476938 00000000 85bd4238 nt!IopParseDevice+0xf61
    892bd5c8 81a2ac5c 00000000 892bd620 00000240 nt!ObpLookupObjectName+0x5a8
    892bd628 81a31a27 892bd7d4 00000000 81a39b00 nt!ObOpenObjectByName+0x13c
    892bd69c 81a4b0ac 892bd7cc 00100003 892bd7d4 nt!IopCreateFile+0x63b
    892bd6e8 8188e9aa 892bd7cc 00100003 892bd7d4 nt!NtCreateFile+0x34
    892bd6e8 8188c499 892bd7cc 00100003 892bd7d4 nt!KiFastCallEntry+0x12a
    892bd78c 81b02e99 892bd7cc 00100003 892bd7d4 nt!ZwCreateFile+0x11
    892bda04 81b02d42 892bda4c 00000004 8192e2bc nt!PopFlushVolumeWorker+0x12a
    892bda68 81b040c0 00000001 d3ccc9cd 892bdba4 nt!PopFlushVolumes+0x2df
    892bdb90 8188e9aa 00000006 00000000 00000004 nt!NtSetSystemPowerState+0x451
    892bdb90 8188d8c1 00000006 00000000 00000004 nt!KiFastCallEntry+0x12a
    892bdc14 81b03d25 00000006 00000004 c0000004 nt!ZwSetSystemPowerState+0x11
    892bdd44 81adf423 00000006 00000004 c0000004 nt!NtSetSystemPowerState+0xc0
    892bdd58 8188e9aa 00000002 001df968 76eb9a94 nt!NtShutdownSystem+0x32
    892bdd58 76eb9a94 00000002 001df968 76eb9a94 nt!KiFastCallEntry+0x12a
    001df968 00000000 00000000 00000000 00000000 0x76eb9a94


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+2746
    8eb6d746 ?? o_O

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+2746

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5

    FAILURE_BUCKET_ID: 0xc2_7_eamon+2746

    BUCKET_ID: 0xc2_7_eamon+2746

    Followup: MachineOwner
    ---------
     
Thread Status:
Not open for further replies.