Wednesday, January 09, 2008

Why I don't trust software that puts 3rd party drivers in my system

Here's something fun I found on somebody's computer... it kept crashing.. I wonder why :-). Let's check what WinDbg !analyze -v has to say of the minidumps:


Probably caused by : SYMTDI.SYS ( SYMTDI+ab3f )

WARNING: Frame IP not in any known module. Following frames may be wrong.
a74c1aec a73b874e ebe44589 863d4220 00000e20 0xd04d8dda
a74c1b1c a73b855d 86cd0034 a74c1b58 863d4220 SYMTDI+0x1174e
a74c1b60 a996bfbf 885f7700 863d4220 00000e20 SYMTDI+0x1155d
a74c1b64 885f7700 863d4220 00000e20 00000000 vsdatant+0x40fbf
a74c1b68 863d4220 00000e20 00000000 00000034 0x885f7700
a74c1b6c 00000000 00000000 00000034 a74c1b9c 0x863d4220

OK, here' s another one:

WARNING: Stack unwind information not available. Following frames may be wrong.
8a3e1a30 a7899aef 88c908b8 88bbef00 00000000 SYMTDI+0xab3f
8a3e1a50 a789c490 88c90404 88bbef00 00000000 SYMTDI+0xaaef
8a3e1a68 a78a99ab 88bbef00 00000000 8a3e1aac SYMTDI+0xd490
8a3e1a94 a78aadb3 89826688 8275b620 89826688 SYMTDI+0x1a9ab
8a3e1aa8 804ef095 89826688 8275b620 837bfb58 SYMTDI+0x1bdb3
8a3e1b10 a9ebc5e5 89429488 0103fd04 a9ebc5e5 nt!MiCheckControlArea+0x103
8a3e1c5c 8057f1fd 869af238 00000001 0103fc48 afd!AfdFastIoDeviceControl+0x415
8a3e1d00 805780c2 00000340 000002d4 00000000 nt!KeInitThread+0x101
8a3e1d34 8054086c 00000340 000002d4 00000000 nt!RtlCreateAcl+0x1d
8a3e1d64 7c90eb94 badb0d00 0103fc14 baccfd98 nt!RtlIpv4StringToAddressExA+0x149
8a3e1d78 00000000 00000000 00000000 00000000 0x7c90eb94

3: kd> lm kv
a788f000 a78b9dc0 SYMTDI T (no symbols)
Loaded symbol image file: SYMTDI.SYS
Image path: SYMTDI.SYS
Image name: SYMTDI.SYS
Timestamp: Sat Aug 24 23:54:56 2002 (3D6800B0)
CheckSum: 00038527
ImageSize: 0002ADC0
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
No point bothering with Driver Verifier at this point, this is cleary caused by Norton Internet Security - Norton Dispatch Drivers. First few google hits confirm this:

Random BSOD's and reboots. - TechSpot Troubleshooting - Probably it is caused by SYMTDI.sys (Norton Internet Security Filter) or faulty memory

MSFN Forums > Server 2003 Blue Screen with SYMTDI.sys