- Thread Author
-
- #1
good day ,
I was simply cruising around going about my daily things , No new software , no new hardware installed what so ever. and Bongk !!!! BSOD
My system won't let Windows 7 reboot, just before the user pass are suppose to be entered. Each time , no specific mention of drivers etc. See attachment ,,,
It will run in Safemode , tried to reset BIOS and hard reset Bios already problem presists
Please assist
Thank you very much
Ralph
I was simply cruising around going about my daily things , No new software , no new hardware installed what so ever. and Bongk !!!! BSOD
My system won't let Windows 7 reboot, just before the user pass are suppose to be entered. Each time , no specific mention of drivers etc. See attachment ,,,
It will run in Safemode , tried to reset BIOS and hard reset Bios already problem presists
Please assist
Thank you very much
Ralph
Hi and welcome.
Your AhnLab firewall is causing your crash. Uninstall it to stop the bsods.
In addition, you must remove Daemon Tools and sptd.sys, which are also part of the crash and notorious for this. Here is a special tool to uninstall sptd.sys:
Link Removed
PowerISO is a stable replacement for drive emulation.
Enjoy.
Your AhnLab firewall is causing your crash. Uninstall it to stop the bsods.
In addition, you must remove Daemon Tools and sptd.sys, which are also part of the crash and notorious for this. Here is a special tool to uninstall sptd.sys:
Link Removed
PowerISO is a stable replacement for drive emulation.
Enjoy.
Last edited:
You're welcome.
The Duplex Secure program is the actual installer for sptd.sys. It also functions as the uninstaller for sptd.sts when it is already installed on a system. So that's why it is needed to run - to remove sptd.sys which is one of the worst causes of bsod on Windows 7 systems. Daemon Tools installs it but does not remove it.
I use WinDBG to analyze the stops.
The Duplex Secure program is the actual installer for sptd.sys. It also functions as the uninstaller for sptd.sts when it is already installed on a system. So that's why it is needed to run - to remove sptd.sys which is one of the worst causes of bsod on Windows 7 systems. Daemon Tools installs it but does not remove it.
I use WinDBG to analyze the stops.
You're welcome.
The Duplex Secure program is the actual installer for sptd.sys. It also functions as the uninstaller for sptd.sts when it is already installed on a system. So that's why it is needed to run - to remove sptd.sys which is one of the worst causes of bsod on Windows 7 systems. Daemon Tools installs it but does not remove it.
I use WinDBG to analyze the stops.
The Duplex Secure program is the actual installer for sptd.sys. It also functions as the uninstaller for sptd.sts when it is already installed on a system. So that's why it is needed to run - to remove sptd.sys which is one of the worst causes of bsod on Windows 7 systems. Daemon Tools installs it but does not remove it.
I use WinDBG to analyze the stops.
- Thread Author
-
- #7
Torrent G , if you are still looking , I am trying to retrace your step ...
I downloaded Windows debugging tools , and opened the minidump file (the one I also attached here) ...
I can't for the life of me find any mention of Ahnlab firewall , nor anything concerning Daemon tools ... and sptd.sys ,,,
Am I looking at the wrong sections ? Please tell me how you were able to see these names in this dump file ,
Cheers
Ralph
I downloaded Windows debugging tools , and opened the minidump file (the one I also attached here) ...
I can't for the life of me find any mention of Ahnlab firewall , nor anything concerning Daemon tools ... and sptd.sys ,,,
Am I looking at the wrong sections ? Please tell me how you were able to see these names in this dump file ,
Cheers
Ralph
Debugging is mostly done through experience. Usually to come to a conclusion, it is not a simple process of opening a dump file and looking. Your example is both easy and difficult. Here's why:
The part I highlighted in red shows the firewall driver is the probable cause. That's the simple part.
The part I highlighted in green shows a driver involved also. It is only from experience that I know that a dynamically created name like that is done so by Daemon Tools. Go ahead and look it up on Google. You will not find anything about "zpamhivut9.sys".
I also know from experience only that Daemon Tools and sptd.sys are notorious for crashing Windows. To see which drivers are on the system as I've shown in the code above, the command "lm t n" can be used.
Of course, before you even open a crash dump file, the correct sybmol path must be set. You can see that in my example highlighted in blue.
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\Temp\Rar$DI00.977\072810-44678-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.x86fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0x83005000 PsLoadedModuleList = 0x8314d810
Debug session time: Tue Jul 27 11:24:42.866 2010 (UTC - 4:00)
System Uptime: 0 days 0:00:16.879
Loading Kernel Symbols
...............................................................
.....................................................
Loading User Symbols
Unable to load image \??\C:\Windows\system32\Drivers\AMonTDLH.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AMonTDLH.sys
*** ERROR: Module load completed but symbols could not be loaded for AMonTDLH.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 8c39ed1e, 8ea3daac, 8ea3d690}
*** WARNING: Unable to verify timestamp for zpamhivut9.sys
*** ERROR: Module load completed but symbols could not be loaded for zpamhivut9.sys
Probably caused by : AMonTDLH.sys ( AMonTDLH+2d1e )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8c39ed1e, The address that the exception occurred at
Arg3: 8ea3daac, Exception Record Address
Arg4: 8ea3d690, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
AMonTDLH+2d1e
8c39ed1e 8b4214 mov eax,dword ptr [edx+14h]
EXCEPTION_RECORD: 8ea3daac -- (.exr 0xffffffff8ea3daac)
ExceptionAddress: 8c39ed1e (AMonTDLH+0x00002d1e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000014
Attempt to read from address 00000014
CONTEXT: 8ea3d690 -- (.cxr 0xffffffff8ea3d690)
eax=85dbba3c ebx=86f7ce30 ecx=85dbba3c edx=00000000 esi=86f7bc88 edi=9260bd9e
eip=8c39ed1e esp=8ea3db74 ebp=8ea3db90 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
AMonTDLH+0x2d1e:
8c39ed1e 8b4214 mov eax,dword ptr [edx+14h] ds:0023:00000014=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000014
READ_ADDRESS: GetPointerFromAddress: unable to read from 8316d718
Unable to read MiSystemVaType memory at 8314d160
00000014
FOLLOWUP_IP:
AMonTDLH+2d1e
8c39ed1e 8b4214 mov eax,dword ptr [edx+14h]
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 8c3a1dc7 to 8c39ed1e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
8ea3db90 8c3a1dc7 86f8f008 85dbb9c8 00000007 AMonTDLH+0x2d1e
8ea3dba8 8c3a1e9c 86f8f008 85dbb9c8 85dbba38 AMonTDLH+0x5dc7
8ea3dbcc 8c3a2006 86f8f008 85dbb9c8 85dbba38 AMonTDLH+0x5e9c
8ea3dbf0 830414bc 86f7bc88 85dbb9c8 000033cd AMonTDLH+0x6006
8ea3dc08 8c7ee773 02dc5479 9260c01c 86f7ce8c nt!IofCallDriver+0x63
8ea3dc3c 8c7eb2d8 9260bd9e 9260c01c 00000200 zpamhivut9+0x7773
8ea3dc68 8c7ecab6 9260bd9e 00000005 00000000 zpamhivut9+0x42d8
8ea3dc8c 8c7ef4ae 9260bd9e 00000005 00000000 zpamhivut9+0x5ab6
8ea3dcd8 8c7f61cc 00000000 0000220c 8ea3dd24 zpamhivut9+0x84ae
8ea3dce8 8c7ea428 8c7f96fc 00000000 85ddf9e0 zpamhivut9+0xf1cc
8ea3dd24 8c7f6cc2 86f7ce18 00000000 86f7c020 zpamhivut9+0x3428
8ea3dd50 832136bb 8c7f96ec a0214972 00000000 zpamhivut9+0xfcc2
8ea3dd90 830c50f9 8c7f6bd6 8c7f96ec 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: AMonTDLH+2d1e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: AMonTDLH
IMAGE_NAME: AMonTDLH.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b2b39e0
STACK_COMMAND: .cxr 0xffffffff8ea3d690 ; kb
FAILURE_BUCKET_ID: 0x7E_AMonTDLH+2d1e
BUCKET_ID: 0x7E_AMonTDLH+2d1e
Followup: MachineOwner
---------
2: kd> lm tn
start end module name
80bcf000 80bd7000 kdcom kdcom.dll Mon Jul 13 21:08:58 2009 (4A5BDAAA)
83005000 83415000 nt ntkrpamp.exe Sat Feb 27 02:33:35 2010 (4B88CACF)
83415000 8344c000 hal halmacpi.dll Mon Jul 13 19:11:03 2009 (4A5BBF07)
83600000 83610000 volmgr volmgr.sys Mon Jul 13 19:11:25 2009 (4A5BBF1D)
83636000 836ae000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:06:41 2009 (4A5BDA21)
836ae000 836bf000 PSHED PSHED.dll Mon Jul 13 21:09:36 2009 (4A5BDAD0)
836bf000 836c7000 BOOTVID BOOTVID.dll Mon Jul 13 21:04:34 2009 (4A5BD9A2)
836c7000 83709000 CLFS CLFS.SYS Mon Jul 13 19:11:10 2009 (4A5BBF0E)
83709000 837b4000 CI CI.dll Mon Jul 13 21:09:28 2009 (4A5BDAC8)
837b4000 837fc000 ACPI ACPI.sys Mon Jul 13 19:11:11 2009 (4A5BBF0F)
8c000000 8c02a000 pci pci.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
8c038000 8c0a9000 Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
8c0a9000 8c0b7000 WDFLDR WDFLDR.SYS Mon Jul 13 19:11:25 2009 (4A5BBF1D)
8c0b7000 8c1aa000 sptd sptd.sys Sun Oct 11 16:54:02 2009 (4AD245EA)
8c1aa000 8c1b3000 WMILIB WMILIB.SYS Mon Jul 13 19:11:22 2009 (4A5BBF1A)
8c1b3000 8c1d9000 SCSIPORT SCSIPORT.SYS Mon Jul 13 19:45:55 2009 (4A5BC733)
8c1d9000 8c1e1000 msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8c1e1000 8c1ec000 vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
8c1ec000 8c1fd000 partmgr partmgr.sys Mon Jul 13 19:11:35 2009 (4A5BBF27)
8c216000 8c261000 volmgrx volmgrx.sys Mon Jul 13 19:11:41 2009 (4A5BBF2D)
8c261000 8c268000 pciide pciide.sys Mon Jul 13 19:11:19 2009 (4A5BBF17)
8c268000 8c276000 PCIIDEX PCIIDEX.SYS Mon Jul 13 19:11:15 2009 (4A5BBF13)
8c276000 8c28c000 mountmgr mountmgr.sys Mon Jul 13 19:11:27 2009 (4A5BBF1F)
8c28c000 8c295000 atapi atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
8c295000 8c2b8000 ataport ataport.SYS Mon Jul 13 19:11:18 2009 (4A5BBF16)
8c2b8000 8c2c1000 amdxata amdxata.sys Tue May 19 13:57:35 2009 (4A12F30F)
8c2c1000 8c2f5000 fltmgr fltmgr.sys Mon Jul 13 19:11:13 2009 (4A5BBF11)
8c2f5000 8c306000 fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
8c306000 8c30ede0 PxHelp20 PxHelp20.sys Wed Jun 20 18:26:00 2007 (4679A978)
8c30f000 8c36c000 cng cng.sys Mon Jul 13 19:32:55 2009 (4A5BC427)
8c36c000 8c37a000 Npfs Npfs.SYS Mon Jul 13 19:11:31 2009 (4A5BBF23)
8c37a000 8c391000 tdx tdx.sys Mon Jul 13 19:12:10 2009 (4A5BBF4A)
8c391000 8c39c000 TDI TDI.SYS Mon Jul 13 19:12:12 2009 (4A5BBF4C)
8c39c000 8c3b4000 AMonTDLH AMonTDLH.sys Fri Dec 18 03:14:24 2009 (4B2B39E0)
8c3b4000 8c3d5000 tunnel tunnel.sys Mon Jul 13 19:54:03 2009 (4A5BC91B)
8c3d5000 8c3e7000 intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
8c400000 8c40d000 watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8c40d000 8c415000 RDPCDD RDPCDD.sys Mon Jul 13 20:01:40 2009 (4A5BCAE4)
8c415000 8c41d000 rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
8c41d000 8c425000 rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8c425000 8c430000 Msfs Msfs.SYS Mon Jul 13 19:11:26 2009 (4A5BBF1E)
8c43a000 8c569000 Ntfs Ntfs.sys Mon Jul 13 19:12:05 2009 (4A5BBF45)
8c569000 8c594000 msrpc msrpc.sys Mon Jul 13 19:11:59 2009 (4A5BBF3F)
8c594000 8c5a7000 ksecdd ksecdd.sys Mon Jul 13 19:11:56 2009 (4A5BBF3C)
8c5a7000 8c5b5000 pcw pcw.sys Mon Jul 13 19:11:10 2009 (4A5BBF0E)
8c5b5000 8c5be000 Fs_Rec Fs_Rec.sys Mon Jul 13 19:11:14 2009 (4A5BBF12)
8c5be000 8c5c5000 Null Null.SYS Mon Jul 13 19:11:12 2009 (4A5BBF10)
8c5c5000 8c5cc000 Beep Beep.SYS Mon Jul 13 19:45:00 2009 (4A5BC6FC)
8c5cc000 8c5d8000 vga vga.sys Mon Jul 13 19:25:50 2009 (4A5BC27E)
8c5d8000 8c5f9000 VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
8c604000 8c6bb000 ndis ndis.sys Mon Jul 13 19:12:24 2009 (4A5BBF58)
8c6bb000 8c6f9000 NETIO NETIO.SYS Mon Jul 13 19:12:35 2009 (4A5BBF63)
8c6f9000 8c71e000 ksecpkg ksecpkg.sys Thu Dec 10 23:04:22 2009 (4B21C4C6)
8c71e000 8c72e000 mup mup.sys Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8c72e000 8c760000 fvevol fvevol.sys Fri Sep 25 22:24:21 2009 (4ABD7B55)
8c760000 8c771000 disk disk.sys Mon Jul 13 19:11:28 2009 (4A5BBF20)
8c771000 8c796000 CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
8c796000 8c7a3000 crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
8c7a3000 8c7ae000 dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
8c7ae000 8c7b7000 dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
8c7b7000 8c7c8000 dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
8c7c8000 8c7e7000 cdrom cdrom.sys Mon Jul 13 19:11:24 2009 (4A5BBF1C)
8c7e7000 8c7fb400 zpamhivut9 zpamhivut9.sys Thu Apr 29 05:13:14 2010 (4BD94DAA)
8c800000 8c82d000 rdyboost rdyboost.sys Mon Jul 13 19:22:02 2009 (4A5BC19A)
8c82d000 8c835000 hwpolicy hwpolicy.sys Mon Jul 13 19:11:01 2009 (4A5BBF05)
8c836000 8c97f000 tcpip tcpip.sys Mon Jul 13 19:13:18 2009 (4A5BBF8E)
8c97f000 8c9b0000 fwpkclnt fwpkclnt.sys Mon Jul 13 19:12:03 2009 (4A5BBF43)
8c9b0000 8c9b8380 vmstorfl vmstorfl.sys Mon Jul 13 19:28:44 2009 (4A5BC32C)
8c9b9000 8c9f8000 volsnap volsnap.sys Mon Jul 13 19:11:34 2009 (4A5BBF26)
8c9f8000 8ca00000 spldr spldr.sys Mon May 11 12:13:47 2009 (4A084EBB)
92a00000 92a18000 dfsc dfsc.sys Mon Jul 13 19:14:16 2009 (4A5BBFC8)
92a18000 92a26000 blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
92a33000 92a8d000 afd afd.sys Mon Jul 13 19:12:34 2009 (4A5BBF62)
92a8d000 92abf000 netbt netbt.sys Mon Jul 13 19:12:18 2009 (4A5BBF52)
92abf000 92ac6000 wfplwf wfplwf.sys Mon Jul 13 19:53:51 2009 (4A5BC90F)
92ac6000 92ae5000 pacer pacer.sys Mon Jul 13 19:53:58 2009 (4A5BC916)
92ae5000 92af3000 netbios netbios.sys Mon Jul 13 19:53:54 2009 (4A5BC912)
92af3000 92b0d000 serial serial.sys Mon Jul 13 19:45:33 2009 (4A5BC71D)
92b0d000 92b20000 wanarp wanarp.sys Mon Jul 13 19:55:02 2009 (4A5BC956)
92b20000 92b30000 termdd termdd.sys Mon Jul 13 20:01:35 2009 (4A5BCADF)
92b30000 92b71000 rdbss rdbss.sys Mon Jul 13 19:14:26 2009 (4A5BBFD2)
92b71000 92b7b000 nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
92b7b000 92b85000 mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
92b85000 92b91000 discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
92b91000 92bf5000 csc csc.sys Mon Jul 13 19:15:08 2009 (4A5BBFFC)
93000000 9300e000 umbus umbus.sys Mon Jul 13 19:51:38 2009 (4A5BC88A)
93015000 9304e000 dxgmms1 dxgmms1.sys Mon Jul 13 19:25:25 2009 (4A5BC265)
9304e000 93059000 usbuhci usbuhci.sys Mon Jul 13 19:51:10 2009 (4A5BC86E)
93059000 930a4000 USBPORT USBPORT.SYS Mon Jul 13 19:51:13 2009 (4A5BC871)
930a4000 930b3000 usbehci usbehci.sys Mon Jul 13 19:51:14 2009 (4A5BC872)
930b3000 930b8280 GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
930b9000 930c8000 l160x86 l160x86.sys Fri Jun 19 09:14:40 2009 (4A3B8F40)
930c8000 930c9420 ASACPI ASACPI.sys Thu Aug 12 22:52:52 2004 (411C2D04)
930ca000 930d4000 serenum serenum.sys Mon Jul 13 19:45:27 2009 (4A5BC717)
930d4000 930ec000 i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
930ec000 930f9000 kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
930f9000 93132000 a52heq1t a52heq1t.SYS Tue Jul 14 17:12:41 2009 (4A5CF4C9)
93132000 9313f000 CompositeBus CompositeBus.sys Mon Jul 13 19:45:26 2009 (4A5BC716)
9313f000 93151000 AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
93151000 93169000 rasl2tp rasl2tp.sys Mon Jul 13 19:54:33 2009 (4A5BC939)
93169000 93174000 ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
93174000 93196000 ndiswan ndiswan.sys Mon Jul 13 19:54:34 2009 (4A5BC93A)
93196000 931ae000 raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
931ae000 931c5000 raspptp raspptp.sys Mon Jul 13 19:54:47 2009 (4A5BC947)
931c5000 931dc000 rassstp rassstp.sys Mon Jul 13 19:54:57 2009 (4A5BC951)
931dc000 931e6000 rdpbus rdpbus.sys Mon Jul 13 20:02:40 2009 (4A5BCB20)
931e6000 931f3000 mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
931f3000 931f4380 swenum swenum.sys Mon Jul 13 19:45:08 2009 (4A5BC704)
93400000 93558000 P17 P17.sys Tue Apr 21 01:58:05 2009 (49ED606D)
93558000 93587000 portcls portcls.sys Mon Jul 13 19:51:00 2009 (4A5BC864)
93587000 935a0000 drmk drmk.sys Mon Jul 13 20:36:05 2009 (4A5BD2F5)
935a0000 935d4000 ks ks.sys Mon Jul 13 19:45:13 2009 (4A5BC709)
935d4000 93600000 1394ohci 1394ohci.sys Mon Jul 13 19:51:59 2009 (4A5BC89F)
94212000 94256000 usbhub usbhub.sys Mon Jul 13 19:52:06 2009 (4A5BC8A6)
94a29000 95530fa0 nvlddmkm nvlddmkm.sys Tue Mar 16 04:15:15 2010 (4B9F3E13)
95531000 95532040 nvBridge nvBridge.kmd Tue Mar 16 03:57:16 2010 (4B9F39DC)
95533000 955ea000 dxgkrnl dxgkrnl.sys Thu Oct 01 20:48:33 2009 (4AC54DE1)The part I highlighted in green shows a driver involved also. It is only from experience that I know that a dynamically created name like that is done so by Daemon Tools. Go ahead and look it up on Google. You will not find anything about "zpamhivut9.sys".
I also know from experience only that Daemon Tools and sptd.sys are notorious for crashing Windows. To see which drivers are on the system as I've shown in the code above, the command "lm t n" can be used.
Of course, before you even open a crash dump file, the correct sybmol path must be set. You can see that in my example highlighted in blue.
Last edited:
- Thread Author
-
- #9
Wow interesting stuff , trying it out as we speak ...
BTW
zpamhivut9.sys - Google
I googled "zpamhivut9.sys" and got only one hit , which took me back to this forum ^^
I'll keep that in mind next time i install (or not install) Daemon tools ...
Your help is fast and very appreciated .
Thanks again ..
Ralph
BTW
zpamhivut9.sys - Google
I googled "zpamhivut9.sys" and got only one hit , which took me back to this forum ^^
I'll keep that in mind next time i install (or not install) Daemon tools ...
Your help is fast and very appreciated .
Thanks again ..
Ralph