Hi, I have Win Xp , Esed nod32 Antivirus, version 3.0.669.0 . I have the following situation: - I try to run a foxpro aplication ( exe file) located on anothe machine . When I run the exe file the system shutdown and restarts . I think it's because of antivirus, because before there was not such a problem, maybe I'm wrong...it seems like a eamon.sys problem.... This is the dmp file : Microsoft (R) Windows Debugger Version 6.11.0001.402 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Documents and Settings\asconta\Desktop\Mini021609-15.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: C:\WINDOWS\Symbols Executable search path is: Unable to load image ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700 Debug session time: Mon Feb 16 17:19:34.250 2009 (GMT+2) System Uptime: 0 days 0:17:20.840 Unable to load image ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe Loading Kernel Symbols ............................................................... .................................. Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 10000050, {fffffffe, 0, 864ececa, 0} *** WARNING: Unable to verify timestamp for sr.sys Could not read faulting driver name *** WARNING: Unable to verify timestamp for eamon.sys *** ERROR: Module load completed but symbols could not be loaded for eamon.sys Probably caused by : eamon.sys ( eamon+3d26 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffffffe, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: 864ececa, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: fffffffe FAULTING_IP: +fd 864ececa 0fb74c48fe movzx ecx,word ptr [eax+ecx*2-2] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 15 DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: NTVDM.EXE LAST_CONTROL_TRANSFER: from 864ed020 to 864ececa STACK_TEXT: WARNING: Frame IP not in any known module. Following frames may be wrong. f57f0964 864ed020 863af748 f57f0978 00000000 0x864ececa f57f0988 864ed51c f73a2e37 86583020 85ff89e0 0x864ed020 f57f09b0 f7426876 85ff89f0 85ff89e0 863af718 0x864ed51c f57f09fc 864ed585 86584ac0 00000001 85ff89e0 sr!SrCreate+0x150 f57f0a20 f5ec0d26 85ff89f0 85ff89e0 863af718 0x864ed585 f57f0a5c 864ed585 86029598 85ff89e0 85ff89e0 eamon+0x3d26 f57f0a80 80581ec2 86503700 85ea077c f57f0c18 0x864ed585 f57f0b60 805bdd10 86503718 00000000 85ea06d8 nt!NtQueryInformationProcess+0x454 f57f0bd8 805ba398 00000000 f57f0c18 00000040 nt!NtCreatePagingFile+0x420 f57f0c2c 80574e4d 00000000 00000000 00000001 nt!CcPfParametersRead+0x8f f57f0ca8 805757c4 0205fde4 00100081 0205fdb4 nt!FsRtlIsNameInExpression+0x56 f57f0d04 80578f83 0205fde4 00100081 0205fdb4 nt!HvMarkCellDirty+0xd2 f57f0d44 8054060c 0205fde4 00100081 0205fdb4 nt!NtOpenMutant+0x60 f57f0d64 7c90eb94 badb0d00 0205fd90 f5938d98 nt!RtlIpv4StringToAddressA+0xfd f57f0d78 00000000 00000000 00000000 00000000 0x7c90eb94 STACK_COMMAND: kb FOLLOWUP_IP: eamon+3d26 f5ec0d26 ?? SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: eamon+3d26 FOLLOWUP_NAME: MachineOwner MODULE_NAME: eamon IMAGE_NAME: eamon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4869d3d5 FAILURE_BUCKET_ID: 0x50_eamon+3d26 BUCKET_ID: 0x50_eamon+3d26 Followup: MachineOwner --------- Thanxs in advance .