Code:
icrosoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\richc46\AppData\Local\Temp\Temp1_Windows_NT6_BSOD[1].zip\Windows_NT6_BSOD_jcgriff2\082410-26254-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`03404000 PsLoadedModuleList = 0xfffff800`03641e50
Debug session time: Mon Aug 23 20:09:02.031 2010 (GMT-4)
System Uptime: 0 days 7:30:25.347
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8a011697000, 0, fffff80003476690, 0}
Unable to load image \??\C:\Program Files\Max Spyware Detector\SDActMon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SDActMon.sys
*** ERROR: Module load completed but symbols could not be loaded for SDActMon.sys
Could not read faulting driver name
Probably caused by : SDActMon.sys ( SDActMon+22a6 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8a011697000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80003476690, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036ac0e0
fffff8a011697000
FAULTING_IP:
nt!RtlCompareMemory+80
fffff800`03476690 f3a6 repe cmps byte ptr [rsi],byte ptr [rdi]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88009a12230 -- (.trap 0xfffff88009a12230)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a011696fb0 rbx=0000000000000000 rcx=0000000000000005
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003476690 rsp=fffff88009a123c8 rbp=fffff880081be430
r8=0000000000000013 r9=fffff880081bdb80 r10=fffff98000020654
r11=fffff8a011696fb0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlCompareMemory+0x80:
fffff800`03476690 f3a6 repe cmps byte ptr [rsi],byte ptr [rdi]
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800034f4f14 to fffff80003474740
STACK_TEXT:
fffff880`09a120c8 fffff800`034f4f14 : 00000000`00000050 fffff8a0`11697000 00000000`00000000 fffff880`09a12230 : nt!KeBugCheckEx
fffff880`09a120d0 fffff800`0347282e : 00000000`00000000 00000000`00000021 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x42837
fffff880`09a12230 fffff800`03476690 : 00000000`00000042 00000000`00000000 fffff880`081bd2a6 fffff880`09a12400 : nt!KiPageFault+0x16e
fffff880`09a123c8 fffff880`081bd2a6 : fffff880`09a12400 00000000`00000001 00000000`00000001 00000000`00000028 : nt!RtlCompareMemory+0x80
fffff880`09a123e0 fffff880`09a12400 : 00000000`00000001 00000000`00000001 00000000`00000028 00000000`00500050 : SDActMon+0x22a6
fffff880`09a123e8 00000000`00000001 : 00000000`00000001 00000000`00000028 00000000`00500050 fffff8a0`11696fb0 : 0xfffff880`09a12400
fffff880`09a123f0 00000000`00000001 : 00000000`00000028 00000000`00500050 fffff8a0`11696fb0 fffffa80`06958d50 : 0x1
fffff880`09a123f8 00000000`00000028 : 00000000`00500050 fffff8a0`11696fb0 fffffa80`06958d50 00000000`0070534d : 0x1
fffff880`09a12400 00000000`00500050 : fffff8a0`11696fb0 fffffa80`06958d50 00000000`0070534d 00000000`00000000 : 0x28
fffff880`09a12408 fffff8a0`11696fb0 : fffffa80`06958d50 00000000`0070534d 00000000`00000000 fffff880`081bc329 : 0x500050
fffff880`09a12410 fffffa80`06958d50 : 00000000`0070534d 00000000`00000000 fffff880`081bc329 00000000`00000001 : 0xfffff8a0`11696fb0
fffff880`09a12418 00000000`0070534d : 00000000`00000000 fffff880`081bc329 00000000`00000001 fffffa80`08bbc620 : 0xfffffa80`06958d50
fffff880`09a12420 00000000`00000000 : fffff880`081bc329 00000000`00000001 fffffa80`08bbc620 fffffa80`03f09360 : 0x70534d
STACK_COMMAND: kb
FOLLOWUP_IP:
SDActMon+22a6
fffff880`081bd2a6 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: SDActMon+22a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SDActMon
IMAGE_NAME: SDActMon.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c599fcc
FAILURE_BUCKET_ID: X64_0x50_SDActMon+22a6
BUCKET_ID: X64_0x50_SDActMon+22a6
Followup: MachineOwner
---------
Uninstall spyware detector .
Spyware Detector\SDActMon.sys