BSODs: Please add your minidump files here

[Guest]

[phluide]

XP x64 Build 3790 SP2
Intel QuadCore 6600 CPU 2.4
ASUS P5N-E SLI
ACPI BIOS Revision 1403
GeForce 8800 GTX
4090MB RAM

BSOD caused by cmdhlp.sys

the two latest minidumps are of latest CIS 3.11.x.552

[phluide]

XP x64 Build 3790 SP2
Intel QuadCore 6600 CPU 2.4
ASUS P5N-E SLI
ACPI BIOS Revision 1403
GeForce 8800 GTX
4090MB RAM

BSOD caused by cmdhlp.sys

[saronno]

Well I'm not an expert in this matter but you can at least learn something from trying it  
Not sure if it will point you to the right driver though, but as all 3 crashes are consistent in their variables it looks like a "hard" problem. If they where different every time it would become much harder to pinpoint.

You can also use Autoruns from sysinternals to stop a few drivers from loading and seeing if it boot correctly then...

I have update another pc with similar configuration: BSOD again.

So, It's comodo.

Could I have a list of actions comodo does during the update procedure?

I didn't attach minidump because it is the same I reported last time.

[Ronny]

Could I have a list of actions comodo does during the update procedure?

Are you talking about the program update like from 3.11 to 3.12 or about the AV updates ?

[saronno]

program update.

I don't know if the problem is an incompatibility with eset nod32 or something else.
However it has been years since I start to use nod32 and comodo together: never had a problem.

Substantially: different pc, similar hardware (athlon xp 2500-2800), asus a7v8x/a7v8x-x ... more or less same software .... xp sp3 + comodo + nod32 ... and obviosly same BSOD, with same error message details/code.

The BSOD appears every time I shutdown/restart the pc .... hibernation works fine, everything else works fine. (as I described previously ...)

[bequick]

Windows 7 x64
Intel Dual Core E5200
ASUS P5QL PRO
Sapphire 4850 1 GB
4096 RAM
Probably caused by: ntoskrnl.exe, but please, help me, it's happenign almost every day.

[saronno]

if you want, I could give you the list of drivers installed on my computer (or better, the two list, so you can exclude the drivers that are not present in both systems).

Let me know ....

[phluide]

Comodo CIS_Setup_3.11.108364.552_XP_Vista_x64
(previous version uninstalled before, reboot & install of the latest)

Note that "Defense" mode has been permanently turned off in advanced settings (but I had also BSOD prior of that)

i need to run comodo manually (it does not show automatically in active/inactive icons near the clock and it was also the case for the previous build)

XP x64 Build 3790 SP2
Intel QuadCore 6600 CPU 2.4
ASUS P5N-E SLI
ACPI BIOS Revision 1403
GeForce 8800 GTX
4090MB RAM

BSOD caused by cmdhlp.sys

[phluide]

what's up with BSOD previously reported ??

[roberts0909]

WinXP Pro, SP3, 32 bit
Comodo FW 3.12.111745.560
Memory Firewall 2.0.4.20
Threatfire 4.5.0.24
Spybot (running resident)

As far as I can tell all the above are fully patched and up to date.



++++++++++++++++++++++++++++++++++++++++++++

WinDB (Version 6.11.0001.404 X86) give me this:


Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, 896a3da0, 896a3f14, 805d297c}

Unable to load image TfSysMon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TfSysMon.sys
*** ERROR: Module load completed but symbols could not be loaded for TfSysMon.sys
*** WARNING: Unable to verify timestamp for cmdguard.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdguard.sys
unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase
Probably caused by : hardware_disk

++++++++++++++++++++++++++++++++++++++



Are either Comodo or Threatfire involved in the crash or just a bystander?

[Ronny]

Hi roberts,

Can you run on the link in "analyze -v" so it will show you:

Probably caused by: ......

[roberts0909]

Hello Ronny,

Unless you mean the last line in the analysis posted above, "Probably caused by : hardware_disk" then I'm not sure what you mean.  The entire results are included in the original post.

TIA,

Ben

[roberts0909]

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 00000003, Process
Arg2: 896a3da0, Terminating object
Arg3: 896a3f14, Process image file name
Arg4: 805d297c, Explanatory message (ascii)

Debugging Details:
------------------

unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase

PROCESS_OBJECT: 896a3da0

IMAGE_NAME:  hardware_disk

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAULTING_MODULE: 00000000

PROCESS_NAME:  csrss.exe

EXCEPTION_RECORD:  a575b9d8 -- (.exr 0xffffffffa575b9d8)
ExceptionAddress: 7c963399
   ExceptionCode: c0000006 (In-page I/O error)
  ExceptionFlags: 00000000
NumberParameters: 3
   Parameter[0]: 00000008
   Parameter[1]: 7c963399
   Parameter[2]: c000009a
Inpage operation failed at 7c963399, due to I/O error c000009a

EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".

EXCEPTION_PARAMETER1:  00000008

EXCEPTION_PARAMETER2:  7c963399

EXCEPTION_PARAMETER3:  c000009a

IO_ERROR: (NTSTATUS) 0xc000009a - Insufficient system resources exist to complete the API.

EXCEPTION_STR:  0xc0000006_c000009a

FAULTING_IP:
+1e7952f013adfdc
7c963399 ??             

BUGCHECK_STR:  0xF4_IOERR_C000009A

STACK_TEXT: 
a575b4a4 805d1ac5 000000f4 00000003 896a3da0 nt!KeBugCheckEx+0x1b
a575b4c8 805d2a27 805d297c 896a3da0 896a3f14 nt!PspCatchCriticalBreak+0x75
a575b4f8 ba0feb32 896a3fe8 c0000006 00000000 nt!NtTerminateProcess+0x7d
WARNING: Stack unwind information not available. Following frames may be wrong.
a575b530 a68c80e5 ffffffff c0000006 a5d33074 TfSysMon+0x6b32
a575b574 8054162c ffffffff c0000006 a575b9b0 cmdguard+0x40e5
a575b574 80501161 ffffffff c0000006 a575b9b0 nt!KiFastCallEntry+0xfc
a575b5f4 804fe816 ffffffff c0000006 a575b9f8 nt!ZwTerminateProcess+0x11
a575b9b0 805028cf a575b9d8 00000000 a575bd64 nt!KiDispatchException+0x3a0
a575bd34 80544ef7 010ef81c 010ef83c 00000000 nt!KiRaiseException+0x175
a575bd50 8054162c 010ef81c 010ef83c 00000000 nt!NtRaiseException+0x33
a575bd50 7c963399 010ef81c 010ef83c 00000000 nt!KiFastCallEntry+0xfc
010efe54 00000000 00000000 00000000 00000000 0x7c963399


STACK_COMMAND:  kb

FOLLOWUP_IP:
+1e7952f013adfdc
7c963399 ??             

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hardware_disk

FAILURE_BUCKET_ID:  0xF4_IOERR_C000009A_IMAGE_hardware_disk

BUCKET_ID:  0xF4_IOERR_C000009A_IMAGE_hardware_disk

Followup: MachineOwner
---------

[Ronny]

Looks like a hardware issue to me...

The part you made red:

Unable to load image TfSysMon.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for TfSysMon.sys
*** ERROR: Module load completed but symbols could not be loaded for TfSysMon.sys
*** WARNING: Unable to verify timestamp for cmdguard.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdguard.sys

Means that windbg could not download symbol files for those drivers (a kind of debug help file for windbg).
This is not a surprise as those files are not hosted by Microsoft, so you have to ignore these "errors"...

[roberts0909]

That's what I was thinking; MS didn't have symbols for them so it returns an "error". 

Looks like it was an attached USB drive that caused the issue.  I'll disconnect that and run without it for a few days.


Thanks!

[Tags:]