Ayuda con Pantalla Azul al apagar equipo - aqui esta el dump

Hola, me acaba de salir una pantalla azul al apagar el equipo. He analizado
el archivo que genera con el windbg y esto es lo que me sale, haber si
vosotros podeis decirme que es lo que fallado porque no entiendo nada!


Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini032708-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Mar 27 22:15:36.953 2008 (GMT+1)
System Uptime: 0 days 2:09:35.705
Loading Kernel Symbols
.................................................. .................................................. ...........
Loading User Symbols
Loading unloaded module list
............................................
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 2020001, 85aa08f0}

Unable to load image eamon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys


Probably caused by : eamon.sys ( eamon+26e4 )

Followup: MachineOwner
---------

0: kd> !analyze -v
************************************************** *****************************
*
*
* Bugcheck Analysis
*
*
*
************************************************** *****************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad
IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 02020001, Memory contents of the pool block
Arg4: 85aa08f0, Address of the block of pool being deallocated

Debugging Details:
------------------




POOL_ADDRESS: 85aa08f0

FREED_POOL_TAG: None

BUGCHECK_STR: 0xc2_7_None

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

PROCESS_NAME: svchost.exe

LAST_CONTROL_TRANSFER: from 80550fc5 to 8053738a

STACK_TEXT:
b9b436f4 80550fc5 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
b9b43744 b974a6e4 85aa08f0 00000000 b9b43770 nt!ExFreePoolWithTag+0x2c1
WARNING: Stack unwind information not available. Following frames may be
wrong.
b9b43754 b9749b39 85aa08f0 86078808 00000000 eamon+0x26e4
b9b43770 b974b8a0 86078808 860c7768 85f31c80 eamon+0x1b39
b9b437a0 804e13d9 85f2ea00 860787f8 860787f8 eamon+0x38a0
b9b437b0 8057cc89 86361018 85f5c71c b9b43948 nt!IopfCallDriver+0x31
b9b43890 8056c063 86361030 00000000 85f5c678 nt!IopParseDevice+0xa12
b9b43908 8056f2a8 00000000 b9b43948 00000040 nt!ObpLookupObjectName+0x53c
b9b4395c 8057d2e2 00000000 00000000 37b10000 nt!ObOpenObjectByName+0xea
b9b439d8 8057d3b1 b9b43bec 00100001 b9b43bb8 nt!IopCreateFile+0x407
b9b43a34 8057d3f4 b9b43bec 00100001 b9b43bb8 nt!IoCreateFile+0x8e
b9b43a74 804dd99f b9b43bec 00100001 b9b43bb8 nt!NtCreateFile+0x30
b9b43a74 804e3577 b9b43bec 00100001 b9b43bb8 nt!KiFastCallEntry+0xfc
b9b43b18 b9749a55 b9b43bec 00100001 b9b43bb8 nt!ZwCreateFile+0x11
b9b43b60 b974b4a7 b9b43bec 00100001 b9b43bb8 eamon+0x1a55
b9b43bf4 b974ce40 0000003b 85244008 ffffffff eamon+0x34a7
b9b43c20 b974bd85 861a76a0 00000000 00000003 eamon+0x4e40
b9b43c64 804e13d9 01f2ea00 85244008 85244008 eamon+0x3d85
b9b43c74 8057c5db 85f09618 863e7e70 00000001 nt!IopfCallDriver+0x31
b9b43ca4 8056e943 862adda0 85f2ea00 0012019f nt!IopCloseFile+0x26b
b9b43cd4 8056ea96 862adda0 01f09618 863e7e70 nt!ObpDecrementHandleCount+0x11b
b9b43cfc 8056e9bc e1d0c5e8 85f09630 00000ba0 nt!ObpCloseHandleTableEntry+0x14d
b9b43d44 8056ea06 00000ba0 00000001 00000000 nt!ObpCloseHandle+0x87
b9b43d58 804dd99f 00000ba0 019dfdb8 7c91eb94 nt!NtClose+0x1d
b9b43d58 7c91eb94 00000ba0 019dfdb8 7c91eb94 nt!KiFastCallEntry+0xfc
019dfdb8 00000000 00000000 00000000 00000000 0x7c91eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
eamon+26e4
b974a6e4 ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: eamon+26e4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: eamon

IMAGE_NAME: eamon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 476b6882

FAILURE_BUCKET_ID: 0xc2_7_None_eamon+26e4

BUCKET_ID: 0xc2_7_None_eamon+26e4

Followup: MachineOwner
---------

WARNING: Whitespace at end of path element
0: kd> lmvm eamon
start end module name
b9748000 b9795000 eamon T (no symbols)
Loaded symbol image file: eamon.sys
Image path: eamon.sys
Image name: eamon.sys
Timestamp: Fri Dec 21 08:17:22 2007 (476B6882)
CheckSum: 00015460
ImageSize: 0004D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Se refiere a uno de los monitores de ESET,
Tienes antivirus NOD32 instalado?
Prueba removerlo y bajarte la ultima version.

marcos explained :
> Hola, me acaba de salir una pantalla azul al apagar el equipo. He analizado
> el archivo que genera con el windbg y esto es lo que me sale, haber si
> vosotros podeis decirme que es lo que fallado porque no entiendo nada!
>
>
> Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [C:\WINDOWS\Minidump\Mini032708-01.dmp]
> Mini Kernel Dump File: Only registers and stack trace are available
>
> Symbol search path is:
> SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
> Executable search path is:
> Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
> compatible
> Product: WinNt, suite: TerminalServer SingleUserTS Personal
> Built by: 2600.xpsp_sp2_gdr.070227-2254
> Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> Debug session time: Thu Mar 27 22:15:36.953 2008 (GMT+1)
> System Uptime: 0 days 2:09:35.705
> Loading Kernel Symbols
> .................................................. .................................................. ...........
> Loading User Symbols
> Loading unloaded module list
> ...........................................
> ************************************************** *****************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> ************************************************** *****************************
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck C2, {7, cd4, 2020001, 85aa08f0}
>
> Unable to load image eamon.sys, Win32 error 0n2
> *** WARNING: Unable to verify timestamp for eamon.sys
> *** ERROR: Module load completed but symbols could not be loaded for
> eamon.sys
>
>
> Probably caused by : eamon.sys ( eamon+26e4 )
>
> Followup: MachineOwner
> ---------
>
> 0: kd> !analyze -v
> ************************************************** *****************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> ************************************************** *****************************
>
> BAD_POOL_CALLER (c2)
> The current thread is making a bad pool request. Typically this is at a bad
> IRQL level or double freeing the same allocation, etc.
> Arguments:
> Arg1: 00000007, Attempt to free pool which was already freed
> Arg2: 00000cd4, (reserved)
> Arg3: 02020001, Memory contents of the pool block
> Arg4: 85aa08f0, Address of the block of pool being deallocated
>
> Debugging Details:
> ------------------
>
>
>
>
> POOL_ADDRESS: 85aa08f0
>
> FREED_POOL_TAG: None
>
> BUGCHECK_STR: 0xc2_7_None
>
> CUSTOMER_CRASH_COUNT: 1
>
> DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
>
> PROCESS_NAME: svchost.exe
>
> LAST_CONTROL_TRANSFER: from 80550fc5 to 8053738a
>
> STACK_TEXT:
> b9b436f4 80550fc5 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
> b9b43744 b974a6e4 85aa08f0 00000000 b9b43770 nt!ExFreePoolWithTag+0x2c1
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> b9b43754 b9749b39 85aa08f0 86078808 00000000 eamon+0x26e4
> b9b43770 b974b8a0 86078808 860c7768 85f31c80 eamon+0x1b39
> b9b437a0 804e13d9 85f2ea00 860787f8 860787f8 eamon+0x38a0
> b9b437b0 8057cc89 86361018 85f5c71c b9b43948 nt!IopfCallDriver+0x31
> b9b43890 8056c063 86361030 00000000 85f5c678 nt!IopParseDevice+0xa12
> b9b43908 8056f2a8 00000000 b9b43948 00000040 nt!ObpLookupObjectName+0x53c
> b9b4395c 8057d2e2 00000000 00000000 37b10000 nt!ObOpenObjectByName+0xea
> b9b439d8 8057d3b1 b9b43bec 00100001 b9b43bb8 nt!IopCreateFile+0x407
> b9b43a34 8057d3f4 b9b43bec 00100001 b9b43bb8 nt!IoCreateFile+0x8e
> b9b43a74 804dd99f b9b43bec 00100001 b9b43bb8 nt!NtCreateFile+0x30
> b9b43a74 804e3577 b9b43bec 00100001 b9b43bb8 nt!KiFastCallEntry+0xfc
> b9b43b18 b9749a55 b9b43bec 00100001 b9b43bb8 nt!ZwCreateFile+0x11
> b9b43b60 b974b4a7 b9b43bec 00100001 b9b43bb8 eamon+0x1a55
> b9b43bf4 b974ce40 0000003b 85244008 ffffffff eamon+0x34a7
> b9b43c20 b974bd85 861a76a0 00000000 00000003 eamon+0x4e40
> b9b43c64 804e13d9 01f2ea00 85244008 85244008 eamon+0x3d85
> b9b43c74 8057c5db 85f09618 863e7e70 00000001 nt!IopfCallDriver+0x31
> b9b43ca4 8056e943 862adda0 85f2ea00 0012019f nt!IopCloseFile+0x26b
> b9b43cd4 8056ea96 862adda0 01f09618 863e7e70 nt!ObpDecrementHandleCount+0x11b
> b9b43cfc 8056e9bc e1d0c5e8 85f09630 00000ba0
> nt!ObpCloseHandleTableEntry+0x14d b9b43d44 8056ea06 00000ba0 00000001
> 00000000 nt!ObpCloseHandle+0x87 b9b43d58 804dd99f 00000ba0 019dfdb8 7c91eb94
> nt!NtClose+0x1d b9b43d58 7c91eb94 00000ba0 019dfdb8 7c91eb94
> nt!KiFastCallEntry+0xfc 019dfdb8 00000000 00000000 00000000 00000000
> 0x7c91eb94
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> eamon+26e4
> b974a6e4 ?? ???
>
> SYMBOL_STACK_INDEX: 2
>
> SYMBOL_NAME: eamon+26e4
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: eamon
>
> IMAGE_NAME: eamon.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 476b6882
>
> FAILURE_BUCKET_ID: 0xc2_7_None_eamon+26e4
>
> BUCKET_ID: 0xc2_7_None_eamon+26e4
>
> Followup: MachineOwner
> ---------
>
> WARNING: Whitespace at end of path element
> 0: kd> lmvm eamon
> start end module name
> b9748000 b9795000 eamon T (no symbols)
> Loaded symbol image file: eamon.sys
> Image path: eamon.sys
> Image name: eamon.sys
> Timestamp: Fri Dec 21 08:17:22 2007 (476B6882)
> CheckSum: 00015460
> ImageSize: 0004D000
> Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

--


Saludos
Mr Big Dragon

Si, eso es, tengo instalado el ESET Smart Security 3.0.621.0, es la ultima
version.
¿Lo reinstalo?

"Mr Big Dragon" wrote:

> Se refiere a uno de los monitores de ESET,
> Tienes antivirus NOD32 instalado?
> Prueba removerlo y bajarte la ultima version.
>
> marcos explained :
> > Hola, me acaba de salir una pantalla azul al apagar el equipo. He analizado
> > el archivo que genera con el windbg y esto es lo que me sale, haber si
> > vosotros podeis decirme que es lo que fallado porque no entiendo nada!
> >
> >
> > Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> >
> > Loading Dump File [C:\WINDOWS\Minidump\Mini032708-01.dmp]
> > Mini Kernel Dump File: Only registers and stack trace are available
> >
> > Symbol search path is:
> > SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
> > Executable search path is:
> > Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86
> > compatible
> > Product: WinNt, suite: TerminalServer SingleUserTS Personal
> > Built by: 2600.xpsp_sp2_gdr.070227-2254
> > Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
> > Debug session time: Thu Mar 27 22:15:36.953 2008 (GMT+1)
> > System Uptime: 0 days 2:09:35.705
> > Loading Kernel Symbols
> > .................................................. .................................................. ...........
> > Loading User Symbols
> > Loading unloaded module list
> > ...........................................
> > ************************************************** *****************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > ************************************************** *****************************
> >
> > Use !analyze -v to get detailed debugging information.
> >
> > BugCheck C2, {7, cd4, 2020001, 85aa08f0}
> >
> > Unable to load image eamon.sys, Win32 error 0n2
> > *** WARNING: Unable to verify timestamp for eamon.sys
> > *** ERROR: Module load completed but symbols could not be loaded for
> > eamon.sys
> >
> >
> > Probably caused by : eamon.sys ( eamon+26e4 )
> >
> > Followup: MachineOwner
> > ---------
> >
> > 0: kd> !analyze -v
> > ************************************************** *****************************
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> > ************************************************** *****************************
> >
> > BAD_POOL_CALLER (c2)
> > The current thread is making a bad pool request. Typically this is at a bad
> > IRQL level or double freeing the same allocation, etc.
> > Arguments:
> > Arg1: 00000007, Attempt to free pool which was already freed
> > Arg2: 00000cd4, (reserved)
> > Arg3: 02020001, Memory contents of the pool block
> > Arg4: 85aa08f0, Address of the block of pool being deallocated
> >
> > Debugging Details:
> > ------------------
> >
> >
> >
> >
> > POOL_ADDRESS: 85aa08f0
> >
> > FREED_POOL_TAG: None
> >
> > BUGCHECK_STR: 0xc2_7_None
> >
> > CUSTOMER_CRASH_COUNT: 1
> >
> > DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
> >
> > PROCESS_NAME: svchost.exe
> >
> > LAST_CONTROL_TRANSFER: from 80550fc5 to 8053738a
> >
> > STACK_TEXT:
> > b9b436f4 80550fc5 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
> > b9b43744 b974a6e4 85aa08f0 00000000 b9b43770 nt!ExFreePoolWithTag+0x2c1
> > WARNING: Stack unwind information not available. Following frames may be
> > wrong.
> > b9b43754 b9749b39 85aa08f0 86078808 00000000 eamon+0x26e4
> > b9b43770 b974b8a0 86078808 860c7768 85f31c80 eamon+0x1b39
> > b9b437a0 804e13d9 85f2ea00 860787f8 860787f8 eamon+0x38a0
> > b9b437b0 8057cc89 86361018 85f5c71c b9b43948 nt!IopfCallDriver+0x31
> > b9b43890 8056c063 86361030 00000000 85f5c678 nt!IopParseDevice+0xa12
> > b9b43908 8056f2a8 00000000 b9b43948 00000040 nt!ObpLookupObjectName+0x53c
> > b9b4395c 8057d2e2 00000000 00000000 37b10000 nt!ObOpenObjectByName+0xea
> > b9b439d8 8057d3b1 b9b43bec 00100001 b9b43bb8 nt!IopCreateFile+0x407
> > b9b43a34 8057d3f4 b9b43bec 00100001 b9b43bb8 nt!IoCreateFile+0x8e
> > b9b43a74 804dd99f b9b43bec 00100001 b9b43bb8 nt!NtCreateFile+0x30
> > b9b43a74 804e3577 b9b43bec 00100001 b9b43bb8 nt!KiFastCallEntry+0xfc
> > b9b43b18 b9749a55 b9b43bec 00100001 b9b43bb8 nt!ZwCreateFile+0x11
> > b9b43b60 b974b4a7 b9b43bec 00100001 b9b43bb8 eamon+0x1a55
> > b9b43bf4 b974ce40 0000003b 85244008 ffffffff eamon+0x34a7
> > b9b43c20 b974bd85 861a76a0 00000000 00000003 eamon+0x4e40
> > b9b43c64 804e13d9 01f2ea00 85244008 85244008 eamon+0x3d85
> > b9b43c74 8057c5db 85f09618 863e7e70 00000001 nt!IopfCallDriver+0x31
> > b9b43ca4 8056e943 862adda0 85f2ea00 0012019f nt!IopCloseFile+0x26b
> > b9b43cd4 8056ea96 862adda0 01f09618 863e7e70 nt!ObpDecrementHandleCount+0x11b
> > b9b43cfc 8056e9bc e1d0c5e8 85f09630 00000ba0
> > nt!ObpCloseHandleTableEntry+0x14d b9b43d44 8056ea06 00000ba0 00000001
> > 00000000 nt!ObpCloseHandle+0x87 b9b43d58 804dd99f 00000ba0 019dfdb8 7c91eb94
> > nt!NtClose+0x1d b9b43d58 7c91eb94 00000ba0 019dfdb8 7c91eb94
> > nt!KiFastCallEntry+0xfc 019dfdb8 00000000 00000000 00000000 00000000
> > 0x7c91eb94
> >
> >
> > STACK_COMMAND: kb
> >
> > FOLLOWUP_IP:
> > eamon+26e4
> > b974a6e4 ?? ???
> >
> > SYMBOL_STACK_INDEX: 2
> >
> > SYMBOL_NAME: eamon+26e4
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > MODULE_NAME: eamon
> >
> > IMAGE_NAME: eamon.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 476b6882
> >
> > FAILURE_BUCKET_ID: 0xc2_7_None_eamon+26e4
> >
> > BUCKET_ID: 0xc2_7_None_eamon+26e4
> >
> > Followup: MachineOwner
> > ---------
> >
> > WARNING: Whitespace at end of path element
> > 0: kd> lmvm eamon
> > start end module name
> > b9748000 b9795000 eamon T (no symbols)
> > Loaded symbol image file: eamon.sys
> > Image path: eamon.sys
> > Image name: eamon.sys
> > Timestamp: Fri Dec 21 08:17:22 2007 (476B6882)
> > CheckSum: 00015460
> > ImageSize: 0004D000
> > Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
>
> --
>
>
> Saludos
> Mr Big Dragon
>
>
>