Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Help


  • Please log in to reply
1 reply to this topic

#1 sidorak95

sidorak95

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 PM

Posted 08 June 2009 - 06:57 PM

My internet suddenly stopped working, so I disconnected the cable from my router, and reconnected. When I finished, I looked at my screen and the BSOD was there. Here's the report:


Microsoft ® Windows Debugger Version 6.11.0001.404 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini060809-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Mon Jun 8 18:38:49.375 2009 (GMT-5)
System Uptime: 0 days 8:35:29.982
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
.................................
Unable to load image SnopFree.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SnopFree.sys
*** ERROR: Module load completed but symbols could not be loaded for SnopFree.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, ba4bd583, b5e77b60, 0}

Probably caused by : SnopFree.sys ( SnopFree+1583 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba4bd583, The address that the exception occurred at
Arg3: b5e77b60, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

TRAP_FRAME: b5e77b60 -- (.trap 0xffffffffb5e77b60)
ErrCode = 00000000
eax=01000000 ebx=00000000 ecx=01039000 edx=ffadfce8 esi=ffadbde8 edi=00000000
eip=ba4bd583 esp=b5e77bd4 ebp=b5e77be4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
SnopFree+0x1583:
ba4bd583 0fb707 movzx eax,word ptr [edi] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 805c633a to ba4bd583

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e77be4 805c633a 00000000 0000059c b5e77cdc SnopFree+0x1583
b5e77c04 8063a10f 00000000 0000059c b5e77cdc nt!PsCallImageNotifyRoutines+0x36
b5e77d08 805c60eb 7c810705 00000000 00000000 nt!DbgkCreateThread+0xb3
b5e77d50 80541de2 00000000 7c810705 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SnopFree+1583

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SnopFree

IMAGE_NAME: SnopFree.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42444e4e

FAILURE_BUCKET_ID: 0x8E_SnopFree+1583

BUCKET_ID: 0x8E_SnopFree+1583

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba4bd583, The address that the exception occurred at
Arg3: b5e77b60, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

TRAP_FRAME: b5e77b60 -- (.trap 0xffffffffb5e77b60)
ErrCode = 00000000
eax=01000000 ebx=00000000 ecx=01039000 edx=ffadfce8 esi=ffadbde8 edi=00000000
eip=ba4bd583 esp=b5e77bd4 ebp=b5e77be4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
SnopFree+0x1583:
ba4bd583 0fb707 movzx eax,word ptr [edi] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 805c633a to ba4bd583

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e77be4 805c633a 00000000 0000059c b5e77cdc SnopFree+0x1583
b5e77c04 8063a10f 00000000 0000059c b5e77cdc nt!PsCallImageNotifyRoutines+0x36
b5e77d08 805c60eb 7c810705 00000000 00000000 nt!DbgkCreateThread+0xb3
b5e77d50 80541de2 00000000 7c810705 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SnopFree+1583

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SnopFree

IMAGE_NAME: SnopFree.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42444e4e

FAILURE_BUCKET_ID: 0x8E_SnopFree+1583

BUCKET_ID: 0x8E_SnopFree+1583

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba4bd583, The address that the exception occurred at
Arg3: b5e77b60, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

TRAP_FRAME: b5e77b60 -- (.trap 0xffffffffb5e77b60)
ErrCode = 00000000
eax=01000000 ebx=00000000 ecx=01039000 edx=ffadfce8 esi=ffadbde8 edi=00000000
eip=ba4bd583 esp=b5e77bd4 ebp=b5e77be4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
SnopFree+0x1583:
ba4bd583 0fb707 movzx eax,word ptr [edi] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 805c633a to ba4bd583

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e77be4 805c633a 00000000 0000059c b5e77cdc SnopFree+0x1583
b5e77c04 8063a10f 00000000 0000059c b5e77cdc nt!PsCallImageNotifyRoutines+0x36
b5e77d08 805c60eb 7c810705 00000000 00000000 nt!DbgkCreateThread+0xb3
b5e77d50 80541de2 00000000 7c810705 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SnopFree+1583

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SnopFree

IMAGE_NAME: SnopFree.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42444e4e

FAILURE_BUCKET_ID: 0x8E_SnopFree+1583

BUCKET_ID: 0x8E_SnopFree+1583

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba4bd583, The address that the exception occurred at
Arg3: b5e77b60, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

TRAP_FRAME: b5e77b60 -- (.trap 0xffffffffb5e77b60)
ErrCode = 00000000
eax=01000000 ebx=00000000 ecx=01039000 edx=ffadfce8 esi=ffadbde8 edi=00000000
eip=ba4bd583 esp=b5e77bd4 ebp=b5e77be4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
SnopFree+0x1583:
ba4bd583 0fb707 movzx eax,word ptr [edi] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 805c633a to ba4bd583

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e77be4 805c633a 00000000 0000059c b5e77cdc SnopFree+0x1583
b5e77c04 8063a10f 00000000 0000059c b5e77cdc nt!PsCallImageNotifyRoutines+0x36
b5e77d08 805c60eb 7c810705 00000000 00000000 nt!DbgkCreateThread+0xb3
b5e77d50 80541de2 00000000 7c810705 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SnopFree+1583

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SnopFree

IMAGE_NAME: SnopFree.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42444e4e

FAILURE_BUCKET_ID: 0x8E_SnopFree+1583

BUCKET_ID: 0x8E_SnopFree+1583

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba4bd583, The address that the exception occurred at
Arg3: b5e77b60, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

TRAP_FRAME: b5e77b60 -- (.trap 0xffffffffb5e77b60)
ErrCode = 00000000
eax=01000000 ebx=00000000 ecx=01039000 edx=ffadfce8 esi=ffadbde8 edi=00000000
eip=ba4bd583 esp=b5e77bd4 ebp=b5e77be4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
SnopFree+0x1583:
ba4bd583 0fb707 movzx eax,word ptr [edi] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 805c633a to ba4bd583

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e77be4 805c633a 00000000 0000059c b5e77cdc SnopFree+0x1583
b5e77c04 8063a10f 00000000 0000059c b5e77cdc nt!PsCallImageNotifyRoutines+0x36
b5e77d08 805c60eb 7c810705 00000000 00000000 nt!DbgkCreateThread+0xb3
b5e77d50 80541de2 00000000 7c810705 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SnopFree+1583

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SnopFree

IMAGE_NAME: SnopFree.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42444e4e

FAILURE_BUCKET_ID: 0x8E_SnopFree+1583

BUCKET_ID: 0x8E_SnopFree+1583

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ba4bd583, The address that the exception occurred at
Arg3: b5e77b60, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

TRAP_FRAME: b5e77b60 -- (.trap 0xffffffffb5e77b60)
ErrCode = 00000000
eax=01000000 ebx=00000000 ecx=01039000 edx=ffadfce8 esi=ffadbde8 edi=00000000
eip=ba4bd583 esp=b5e77bd4 ebp=b5e77be4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
SnopFree+0x1583:
ba4bd583 0fb707 movzx eax,word ptr [edi] ds:0023:00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 805c633a to ba4bd583

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e77be4 805c633a 00000000 0000059c b5e77cdc SnopFree+0x1583
b5e77c04 8063a10f 00000000 0000059c b5e77cdc nt!PsCallImageNotifyRoutines+0x36
b5e77d08 805c60eb 7c810705 00000000 00000000 nt!DbgkCreateThread+0xb3
b5e77d50 80541de2 00000000 7c810705 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
SnopFree+1583
ba4bd583 0fb707 movzx eax,word ptr [edi]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SnopFree+1583

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SnopFree

IMAGE_NAME: SnopFree.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42444e4e

FAILURE_BUCKET_ID: 0x8E_SnopFree+1583

BUCKET_ID: 0x8E_SnopFree+1583

Followup: MachineOwner
---------

SnoopFree is an anti-keylogger I use. I uninstalled it. Will that fix this? Thanks.

BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,865 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:17 PM

Posted 08 June 2009 - 07:19 PM

Well...the finger points to removing it, in my world.

Others seem to have been in similar situations with this program/file, http://www.google.com/search?hl=en&q=S...mp;oq=&aqi=

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users