My first BSOD on Windows 7 (see attachment)

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by honsbeek, Jul 27, 2010.

  1. honsbeek

    honsbeek New Member

    Joined:
    Apr 4, 2010
    Messages:
    144
    Likes Received:
    2
    good day ,

    I was simply cruising around going about my daily things , No new software , no new hardware installed what so ever. and Bongk !!!! BSOD
    My system won't let Windows 7 reboot, just before the user pass are suppose to be entered. Each time , no specific mention of drivers etc. See attachment ,,,

    It will run in Safemode , tried to reset BIOS and hard reset Bios already problem presists

    Please assist

    Thank you very much

    Ralph
     

    Attached Files:

  2. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Hi and welcome.

    Your AhnLab firewall is causing your crash. Uninstall it to stop the bsods.

    In addition, you must remove Daemon Tools and sptd.sys, which are also part of the crash and notorious for this. Here is a special tool to uninstall sptd.sys:

    DuplexSecure - Downloads

    PowerISO is a stable replacement for drive emulation.

    Enjoy.
     
    #2 TorrentG, Jul 27, 2010
    Last edited: Jul 27, 2010
  3. honsbeek

    honsbeek New Member

    Joined:
    Apr 4, 2010
    Messages:
    144
    Likes Received:
    2
    TorrentG , you help is greatly appreciated and has worked well , I am curious what does Duplex Secure do for me and may I ask which software you used to read the minidump files ? Thanks again
     
    #3 honsbeek, Jul 27, 2010
    Last edited: Jul 27, 2010
  4. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    You're welcome.

    The Duplex Secure program is the actual installer for sptd.sys. It also functions as the uninstaller for sptd.sts when it is already installed on a system. So that's why it is needed to run - to remove sptd.sys which is one of the worst causes of bsod on Windows 7 systems. Daemon Tools installs it but does not remove it.

    I use WinDBG to analyze the stops.
     
  5. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    You're welcome.

    The Duplex Secure program is the actual installer for sptd.sys. It also functions as the uninstaller for sptd.sts when it is already installed on a system. So that's why it is needed to run - to remove sptd.sys which is one of the worst causes of bsod on Windows 7 systems. Daemon Tools installs it but does not remove it.

    I use WinDBG to analyze the stops.
     
  6. honsbeek

    honsbeek New Member

    Joined:
    Apr 4, 2010
    Messages:
    144
    Likes Received:
    2
    thanks again for the help , much appreciated , my system is working just fine after I did what you told me to do ... Otherwise I would have reinstalled the entire system ...

    Have a great Summer

    Ralph
     
  7. honsbeek

    honsbeek New Member

    Joined:
    Apr 4, 2010
    Messages:
    144
    Likes Received:
    2
    Torrent G , if you are still looking , I am trying to retrace your step ...

    I downloaded Windows debugging tools , and opened the minidump file (the one I also attached here) ...

    I can't for the life of me find any mention of Ahnlab firewall , nor anything concerning Daemon tools ... and sptd.sys ,,,

    Am I looking at the wrong sections ? Please tell me how you were able to see these names in this dump file ,

    Cheers

    Ralph
     
  8. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Debugging is mostly done through experience. Usually to come to a conclusion, it is not a simple process of opening a dump file and looking. Your example is both easy and difficult. Here's why:

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [E:\Temp\Rar$DI00.977\072810-44678-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: [COLOR=Blue]SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols[/COLOR]
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16539.x86fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0x83005000 PsLoadedModuleList = 0x8314d810
    Debug session time: Tue Jul 27 11:24:42.866 2010 (UTC - 4:00)
    System Uptime: 0 days 0:00:16.879
    Loading Kernel Symbols
    ...............................................................
    .....................................................
    Loading User Symbols
    Unable to load image \??\C:\Windows\system32\Drivers\AMonTDLH.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for AMonTDLH.sys
    *** ERROR: Module load completed but symbols could not be loaded for AMonTDLH.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000007E, {c0000005, 8c39ed1e, 8ea3daac, 8ea3d690}
    
    [COLOR=SeaGreen]*** WARNING: Unable to verify timestamp for zpamhivut9.sys[/COLOR]
    *** ERROR: Module load completed but symbols could not be loaded for zpamhivut9.sys
    [COLOR=Red]Probably caused by : AMonTDLH.sys ( AMonTDLH+2d1e )[/COLOR]
    
    Followup: MachineOwner
    ---------
    
    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8c39ed1e, The address that the exception occurred at
    Arg3: 8ea3daac, Exception Record Address
    Arg4: 8ea3d690, Context Record Address
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    AMonTDLH+2d1e
    8c39ed1e 8b4214          mov     eax,dword ptr [edx+14h]
    
    EXCEPTION_RECORD:  8ea3daac -- (.exr 0xffffffff8ea3daac)
    ExceptionAddress: 8c39ed1e (AMonTDLH+0x00002d1e)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 00000014
    Attempt to read from address 00000014
    
    CONTEXT:  8ea3d690 -- (.cxr 0xffffffff8ea3d690)
    eax=85dbba3c ebx=86f7ce30 ecx=85dbba3c edx=00000000 esi=86f7bc88 edi=9260bd9e
    eip=8c39ed1e esp=8ea3db74 ebp=8ea3db90 iopl=0         nv up ei ng nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
    AMonTDLH+0x2d1e:
    8c39ed1e 8b4214          mov     eax,dword ptr [edx+14h] ds:0023:00000014=????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    EXCEPTION_PARAMETER1:  00000000
    
    EXCEPTION_PARAMETER2:  00000014
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from 8316d718
    Unable to read MiSystemVaType memory at 8314d160
     00000014 
    
    FOLLOWUP_IP: 
    AMonTDLH+2d1e
    8c39ed1e 8b4214          mov     eax,dword ptr [edx+14h]
    
    BUGCHECK_STR:  0x7E
    
    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE
    
    LAST_CONTROL_TRANSFER:  from 8c3a1dc7 to 8c39ed1e
    
    STACK_TEXT:  
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8ea3db90 8c3a1dc7 86f8f008 85dbb9c8 00000007 AMonTDLH+0x2d1e
    8ea3dba8 8c3a1e9c 86f8f008 85dbb9c8 85dbba38 AMonTDLH+0x5dc7
    8ea3dbcc 8c3a2006 86f8f008 85dbb9c8 85dbba38 AMonTDLH+0x5e9c
    8ea3dbf0 830414bc 86f7bc88 85dbb9c8 000033cd AMonTDLH+0x6006
    8ea3dc08 8c7ee773 02dc5479 9260c01c 86f7ce8c nt!IofCallDriver+0x63
    8ea3dc3c 8c7eb2d8 9260bd9e 9260c01c 00000200 zpamhivut9+0x7773
    8ea3dc68 8c7ecab6 9260bd9e 00000005 00000000 zpamhivut9+0x42d8
    8ea3dc8c 8c7ef4ae 9260bd9e 00000005 00000000 zpamhivut9+0x5ab6
    8ea3dcd8 8c7f61cc 00000000 0000220c 8ea3dd24 zpamhivut9+0x84ae
    8ea3dce8 8c7ea428 8c7f96fc 00000000 85ddf9e0 zpamhivut9+0xf1cc
    8ea3dd24 8c7f6cc2 86f7ce18 00000000 86f7c020 zpamhivut9+0x3428
    8ea3dd50 832136bb 8c7f96ec a0214972 00000000 zpamhivut9+0xfcc2
    8ea3dd90 830c50f9 8c7f6bd6 8c7f96ec 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  AMonTDLH+2d1e
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: AMonTDLH
    
    IMAGE_NAME:  AMonTDLH.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4b2b39e0
    
    STACK_COMMAND:  .cxr 0xffffffff8ea3d690 ; kb
    
    FAILURE_BUCKET_ID:  0x7E_AMonTDLH+2d1e
    
    BUCKET_ID:  0x7E_AMonTDLH+2d1e
    
    Followup: MachineOwner
    ---------
    
    2: kd> lm tn
    start    end        module name
    80bcf000 80bd7000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)
    83005000 83415000   nt       ntkrpamp.exe Sat Feb 27 02:33:35 2010 (4B88CACF)
    83415000 8344c000   hal      halmacpi.dll Mon Jul 13 19:11:03 2009 (4A5BBF07)
    83600000 83610000   volmgr   volmgr.sys   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
    83636000 836ae000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:06:41 2009 (4A5BDA21)
    836ae000 836bf000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
    836bf000 836c7000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
    836c7000 83709000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
    83709000 837b4000   CI       CI.dll       Mon Jul 13 21:09:28 2009 (4A5BDAC8)
    837b4000 837fc000   ACPI     ACPI.sys     Mon Jul 13 19:11:11 2009 (4A5BBF0F)
    8c000000 8c02a000   pci      pci.sys      Mon Jul 13 19:11:16 2009 (4A5BBF14)
    8c038000 8c0a9000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
    8c0a9000 8c0b7000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
    8c0b7000 8c1aa000   sptd     sptd.sys     Sun Oct 11 16:54:02 2009 (4AD245EA)
    8c1aa000 8c1b3000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
    8c1b3000 8c1d9000   SCSIPORT SCSIPORT.SYS Mon Jul 13 19:45:55 2009 (4A5BC733)
    8c1d9000 8c1e1000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
    8c1e1000 8c1ec000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
    8c1ec000 8c1fd000   partmgr  partmgr.sys  Mon Jul 13 19:11:35 2009 (4A5BBF27)
    8c216000 8c261000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)
    8c261000 8c268000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)
    8c268000 8c276000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
    8c276000 8c28c000   mountmgr mountmgr.sys Mon Jul 13 19:11:27 2009 (4A5BBF1F)
    8c28c000 8c295000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
    8c295000 8c2b8000   ataport  ataport.SYS  Mon Jul 13 19:11:18 2009 (4A5BBF16)
    8c2b8000 8c2c1000   amdxata  amdxata.sys  Tue May 19 13:57:35 2009 (4A12F30F)
    8c2c1000 8c2f5000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
    8c2f5000 8c306000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    8c306000 8c30ede0   PxHelp20 PxHelp20.sys Wed Jun 20 18:26:00 2007 (4679A978)
    8c30f000 8c36c000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)
    8c36c000 8c37a000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
    8c37a000 8c391000   tdx      tdx.sys      Mon Jul 13 19:12:10 2009 (4A5BBF4A)
    8c391000 8c39c000   TDI      TDI.SYS      Mon Jul 13 19:12:12 2009 (4A5BBF4C)
    8c39c000 8c3b4000   AMonTDLH AMonTDLH.sys Fri Dec 18 03:14:24 2009 (4B2B39E0)
    8c3b4000 8c3d5000   tunnel   tunnel.sys   Mon Jul 13 19:54:03 2009 (4A5BC91B)
    8c3d5000 8c3e7000   intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
    8c400000 8c40d000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
    8c40d000 8c415000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:01:40 2009 (4A5BCAE4)
    8c415000 8c41d000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
    8c41d000 8c425000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
    8c425000 8c430000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)
    8c43a000 8c569000   Ntfs     Ntfs.sys     Mon Jul 13 19:12:05 2009 (4A5BBF45)
    8c569000 8c594000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)
    8c594000 8c5a7000   ksecdd   ksecdd.sys   Mon Jul 13 19:11:56 2009 (4A5BBF3C)
    8c5a7000 8c5b5000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
    8c5b5000 8c5be000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)
    8c5be000 8c5c5000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)
    8c5c5000 8c5cc000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
    8c5cc000 8c5d8000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
    8c5d8000 8c5f9000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
    8c604000 8c6bb000   ndis     ndis.sys     Mon Jul 13 19:12:24 2009 (4A5BBF58)
    8c6bb000 8c6f9000   NETIO    NETIO.SYS    Mon Jul 13 19:12:35 2009 (4A5BBF63)
    8c6f9000 8c71e000   ksecpkg  ksecpkg.sys  Thu Dec 10 23:04:22 2009 (4B21C4C6)
    8c71e000 8c72e000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
    8c72e000 8c760000   fvevol   fvevol.sys   Fri Sep 25 22:24:21 2009 (4ABD7B55)
    8c760000 8c771000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
    8c771000 8c796000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
    8c796000 8c7a3000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
    8c7a3000 8c7ae000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
    8c7ae000 8c7b7000   dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    8c7b7000 8c7c8000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
    8c7c8000 8c7e7000   cdrom    cdrom.sys    Mon Jul 13 19:11:24 2009 (4A5BBF1C)
    8c7e7000 8c7fb400   zpamhivut9 zpamhivut9.sys Thu Apr 29 05:13:14 2010 (4BD94DAA)
    8c800000 8c82d000   rdyboost rdyboost.sys Mon Jul 13 19:22:02 2009 (4A5BC19A)
    8c82d000 8c835000   hwpolicy hwpolicy.sys Mon Jul 13 19:11:01 2009 (4A5BBF05)
    8c836000 8c97f000   tcpip    tcpip.sys    Mon Jul 13 19:13:18 2009 (4A5BBF8E)
    8c97f000 8c9b0000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:12:03 2009 (4A5BBF43)
    8c9b0000 8c9b8380   vmstorfl vmstorfl.sys Mon Jul 13 19:28:44 2009 (4A5BC32C)
    8c9b9000 8c9f8000   volsnap  volsnap.sys  Mon Jul 13 19:11:34 2009 (4A5BBF26)
    8c9f8000 8ca00000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
    92a00000 92a18000   dfsc     dfsc.sys     Mon Jul 13 19:14:16 2009 (4A5BBFC8)
    92a18000 92a26000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
    92a33000 92a8d000   afd      afd.sys      Mon Jul 13 19:12:34 2009 (4A5BBF62)
    92a8d000 92abf000   netbt    netbt.sys    Mon Jul 13 19:12:18 2009 (4A5BBF52)
    92abf000 92ac6000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
    92ac6000 92ae5000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
    92ae5000 92af3000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
    92af3000 92b0d000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)
    92b0d000 92b20000   wanarp   wanarp.sys   Mon Jul 13 19:55:02 2009 (4A5BC956)
    92b20000 92b30000   termdd   termdd.sys   Mon Jul 13 20:01:35 2009 (4A5BCADF)
    92b30000 92b71000   rdbss    rdbss.sys    Mon Jul 13 19:14:26 2009 (4A5BBFD2)
    92b71000 92b7b000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
    92b7b000 92b85000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    92b85000 92b91000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
    92b91000 92bf5000   csc      csc.sys      Mon Jul 13 19:15:08 2009 (4A5BBFFC)
    93000000 9300e000   umbus    umbus.sys    Mon Jul 13 19:51:38 2009 (4A5BC88A)
    93015000 9304e000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:25:25 2009 (4A5BC265)
    9304e000 93059000   usbuhci  usbuhci.sys  Mon Jul 13 19:51:10 2009 (4A5BC86E)
    93059000 930a4000   USBPORT  USBPORT.SYS  Mon Jul 13 19:51:13 2009 (4A5BC871)
    930a4000 930b3000   usbehci  usbehci.sys  Mon Jul 13 19:51:14 2009 (4A5BC872)
    930b3000 930b8280   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
    930b9000 930c8000   l160x86  l160x86.sys  Fri Jun 19 09:14:40 2009 (4A3B8F40)
    930c8000 930c9420   ASACPI   ASACPI.sys   Thu Aug 12 22:52:52 2004 (411C2D04)
    930ca000 930d4000   serenum  serenum.sys  Mon Jul 13 19:45:27 2009 (4A5BC717)
    930d4000 930ec000   i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
    930ec000 930f9000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    930f9000 93132000   a52heq1t a52heq1t.SYS Tue Jul 14 17:12:41 2009 (4A5CF4C9)
    93132000 9313f000   CompositeBus CompositeBus.sys Mon Jul 13 19:45:26 2009 (4A5BC716)
    9313f000 93151000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
    93151000 93169000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
    93169000 93174000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
    93174000 93196000   ndiswan  ndiswan.sys  Mon Jul 13 19:54:34 2009 (4A5BC93A)
    93196000 931ae000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
    931ae000 931c5000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
    931c5000 931dc000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
    931dc000 931e6000   rdpbus   rdpbus.sys   Mon Jul 13 20:02:40 2009 (4A5BCB20)
    931e6000 931f3000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    931f3000 931f4380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
    93400000 93558000   P17      P17.sys      Tue Apr 21 01:58:05 2009 (49ED606D)
    93558000 93587000   portcls  portcls.sys  Mon Jul 13 19:51:00 2009 (4A5BC864)
    93587000 935a0000   drmk     drmk.sys     Mon Jul 13 20:36:05 2009 (4A5BD2F5)
    935a0000 935d4000   ks       ks.sys       Mon Jul 13 19:45:13 2009 (4A5BC709)
    935d4000 93600000   1394ohci 1394ohci.sys Mon Jul 13 19:51:59 2009 (4A5BC89F)
    94212000 94256000   usbhub   usbhub.sys   Mon Jul 13 19:52:06 2009 (4A5BC8A6)
    94a29000 95530fa0   nvlddmkm nvlddmkm.sys Tue Mar 16 04:15:15 2010 (4B9F3E13)
    95531000 95532040   nvBridge nvBridge.kmd Tue Mar 16 03:57:16 2010 (4B9F39DC)
    95533000 955ea000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 20:48:33 2009 (4AC54DE1)
    
    The part I highlighted in red shows the firewall driver is the probable cause. That's the simple part.

    The part I highlighted in green shows a driver involved also. It is only from experience that I know that a dynamically created name like that is done so by Daemon Tools. Go ahead and look it up on Google. You will not find anything about "zpamhivut9.sys".

    I also know from experience only that Daemon Tools and sptd.sys are notorious for crashing Windows. To see which drivers are on the system as I've shown in the code above, the command "lm t n" can be used.

    Of course, before you even open a crash dump file, the correct sybmol path must be set. You can see that in my example highlighted in blue.
     
    #8 TorrentG, Jul 31, 2010
    Last edited: Jul 31, 2010
  9. honsbeek

    honsbeek New Member

    Joined:
    Apr 4, 2010
    Messages:
    144
    Likes Received:
    2
    Wow interesting stuff , trying it out as we speak ...

    BTW

    zpamhivut9.sys - Google

    I googled "zpamhivut9.sys" and got only one hit , which took me back to this forum ^^

    I'll keep that in mind next time i install (or not install) Daemon tools ...

    Your help is fast and very appreciated .

    Thanks again ..

    Ralph
     

Share This Page

Loading...