BSOD windows 7 eanom.sys

Discussion in 'ESET NOD32 Antivirus' started by fatsrir, Mar 8, 2012.

Thread Status:
Not open for further replies.
  1. fatsrir

    fatsrir Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    1
    Location:
    ישראל
    i get the BSOD after an hour of using my computer without any special usage.
    what can i do?

    this is the first dump file

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Windows\Minidump\030812-10732-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path.           *
    * Use .symfix to have the debugger choose a symbol path.                   *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is: 
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17713.x86fre.win7sp1_gdr.111025-1505
    Machine Name:
    Kernel base = 0x82845000 PsLoadedModuleList = 0x8298e4d0
    Debug session time: Thu Mar  8 15:29:06.971 2012 (UTC + 2:00)
    System Uptime: 0 days 3:32:49.626
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols
    Loading unloaded module list
    .....
    Unable to load image \SystemRoot\system32\DRIVERS\eamonm.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for eamonm.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamonm.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {1018, 2, 0, 8d822031}
    
    *** WARNING: Unable to verify timestamp for fltmgr.sys
    *** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : eamonm.sys ( eamonm+7031 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00001018, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 8d822031, address which referenced memory
    
    Debugging Details:
    ------------------
    
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    
    ADDITIONAL_DEBUG_TEXT:  
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
    
    MODULE_NAME: eamonm
    
    FAULTING_MODULE: 82845000 nt
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4c18e21e
    
    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     00001018 
    
    CURRENT_IRQL:  0
    
    FAULTING_IP: 
    eamonm+7031
    8d822031 83791800        cmp     dword ptr [ecx+18h],0
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    LAST_CONTROL_TRANSFER:  from 8d822031 to 828865fb
    
    STACK_TEXT:  
    WARNING: Stack unwind information not available. Following frames may be wrong.
    9d9cd8ac 8d822031 badb0d00 0000001a 9d9cd8c8 nt+0x415fb
    9d9cd994 88414aeb 86c76168 9d9cd9b4 9d9cd9e0 eamonm+0x7031
    9d9cda00 884179f0 9d9cda44 84978e00 00000000 fltmgr+0x2aeb
    9d9cda18 8842b1fe 9d9cda44 8842ef3c 00000000 fltmgr+0x59f0
    9d9cda2c 8842b8b7 9d9cda44 84978e00 84ac6490 fltmgr+0x191fe
    9d9cda70 8287c58e 85826cd0 85992008 84ac64ec fltmgr+0x198b7
    9d9cda88 82a8b367 b94b6dfb 9d9cdc30 00000000 nt+0x3758e
    9d9cdb60 82a6ab6e 857f5e20 8584c040 84a73548 nt+0x246367
    9d9cdbdc 82a7af80 00000000 9d9cdc30 00000040 nt+0x225b6e
    9d9cdc38 82a71a5e 011cda14 8484c040 86bbd801 nt+0x235f80
    9d9cdcb4 82a952d6 011cda70 40100080 011cda14 nt+0x22ca5e
    9d9cdd00 8288321a 011cda70 40100080 011cda14 nt+0x2502d6
    9d9cdd34 77d37094 badb0d00 011cd9dc 00000000 nt+0x3e21a
    9d9cdd38 badb0d00 011cd9dc 00000000 00000000 0x77d37094
    9d9cdd3c 011cd9dc 00000000 00000000 00000000 0xbadb0d00
    9d9cdd40 00000000 00000000 00000000 00000000 0x11cd9dc
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    eamonm+7031
    8d822031 83791800        cmp     dword ptr [ecx+18h],0
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  eamonm+7031
    
    FOLLOWUP_NAME:  MachineOwner
    
    IMAGE_NAME:  eamonm.sys
    
    BUCKET_ID:  WRONG_SYMBOLS
    
    Followup: MachineOwner
    ---------
    
    
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Did you mean eamon.sys ? Please see findings results in query search.

    You must be logged in to run above query.
     
    Last edited: Mar 11, 2012
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It seems that you're using an outdated version 4.2. You can either upgrade to the latest v. 4.2.76 or v. 5.0.95 (currently available only for home users).
     
Thread Status:
Not open for further replies.