Hello!
My question: the CIS or the Comodo Memory Firewall can cause Blue Screen of the under WInXP SP3?
My security programs: Comodo Internet Security with antivirus, Comodo Memory Firewall, Spyware Terminator, Peerguardian 2, Privoxy, Webroot Window Washer, SpywareBlaster, Iobit SMartdefrag, Iobit WIndows Advanced SystemCare 3.
Defense + in CIS: OFF!
Thanks!
Hello, What was the most recent change to your Computer that may havew cuased this? After installing what application did you start noticing the BSODS? (Blue Screen of Death)
Unfortunately, I can say nothing.
No new security software or other changing in my system. No new hardware.
I run a test software: Burnintest. This program test all of my hardware components =RAM, HDD, netcard, VGA, CPU etc.).
All test passed.
What were you doing at the time of the BSoD? Was this the first time, or has it happened before? Do you by any chance remember if the BSoD has any message that makes sense (like IRQL_NOT_LESS_OR_EQUAL)? If it was just STOP 0x001 0x008 etc. it’s very hard to tell what caused the problem, unless you provide a minidump file (which only works if you have it set to create one already, so that you can upload it). Check this topic and see if you can find a minidump file.
I got the memory.dmp file!
How can I analyze the content of the dmp file?
Or: how can I send the file for you via PM?
Thanks!
Add it to an archive with a program such as 7-zip, WinRar or WinZip, and when posting here, click Additional Options, and you’ll be able to attach the file.
Please add it to this topic:
I’m no expert at analyzing minidump files, but I’ll take a look at it, and see if I at least can figure out what’s causing the BSoD.
Please make sure you upload the MINIdump file from the \windows\minidump folder.
The full memory dump won’t upload here.
Regards,
Ronny
I add my dmp file here, too, and to the another topic, too.
Here is my small dmp. Zipped.
Please analyze!
Thanks4
[attachment deleted by admin]
This is the raw analysis, this looks like a long search for up2date drivers etc, nothing that could blame Comodo at first hand. How long are you running SP3, what are the latest updates/changes to your system ?
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Data\Downloads\Mini123008-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srvC:\Data\Tools\Windbghttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.080814-1236
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Dec 29 21:55:00.906 2008 (GMT+1)
System Uptime: 0 days 0:09:00.494
Loading Kernel Symbols
…
…
…
Loading User Symbols
Loading unloaded module list
…
*
Bugcheck Analysis *
*
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
Probably caused by : ntkrpamp.exe ( nt!_SEH_prolog+1a )
0: kd> !analyze -v
*
Bugcheck Analysis *
*
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it’s a trap of a kind
that the kernel isn’t allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: GoogleUpdate.ex
EXCEPTION_RECORD: b4470c54 – (.exr 0xffffffffb4470c54)
ExceptionAddress: 80530f62 (nt!RtlIsValidHandler+0x0000003c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 3045364b
Attempt to read from address 3045364b
TRAP_FRAME: b447077c – (.trap 0xffffffffb447077c)
ErrCode = 00000000
eax=656c676f ebx=b4472d30 ecx=32b633b7 edx=00000000 esi=656c676f edi=b15b676f
eip=80530f62 esp=b44707f0 ebp=b4470800 iopl=0 nv up ei pl nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010217
nt!RtlIsValidHandler+0x3c:
80530f62 8b1c88 mov ebx,dword ptr [eax+ecx*4] ds:0023:3045364b=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 80542095 to 8053bbaa
STACK_TEXT:
b446f25c 80542095 b446f278 00000000 b446f2cc nt!_SEH_prolog+0x1a
b446f2c4 80542046 b446f350 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b446f350 80530fe7 656c676f 00000000 b446f7a4 nt!Kei386EoiHelper+0x18a
b446f3cc 804fe5b4 b446f7a4 b446f4a0 3045364b nt!RtlDispatchException+0x59
b446f788 80542095 b446f7a4 00000000 b446f7f8 nt!KiDispatchException+0x13e
b446f7f0 80542046 b446f87c 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b446f87c 80530fe7 656c676f 00000000 b446fcd0 nt!Kei386EoiHelper+0x18a
b446f8f8 804fe5b4 b446fcd0 b446f9cc 3045364b nt!RtlDispatchException+0x59
b446fcb4 80542095 b446fcd0 00000000 b446fd24 nt!KiDispatchException+0x13e
b446fd1c 80542046 b446fda8 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b446fda8 80530fe7 656c676f 00000000 b44701fc nt!Kei386EoiHelper+0x18a
b446fe24 804fe5b4 b44701fc b446fef8 3045364b nt!RtlDispatchException+0x59
b44701e0 80542095 b44701fc 00000000 b4470250 nt!KiDispatchException+0x13e
b4470248 80542046 b44702d4 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b44702d4 80530fe7 656c676f 00000000 b4470728 nt!Kei386EoiHelper+0x18a
b4470350 804fe5b4 b4470728 b4470424 3045364b nt!RtlDispatchException+0x59
b447070c 80542095 b4470728 00000000 b447077c nt!KiDispatchException+0x13e
b4470774 80542046 b4470800 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b4470800 80530fe7 656c676f 00000000 b4470c54 nt!Kei386EoiHelper+0x18a
b447087c 804fe5b4 b4470c54 b4470950 3045364b nt!RtlDispatchException+0x59
b4470c38 80542095 b4470c54 00000000 b4470ca8 nt!KiDispatchException+0x13e
b4470ca0 80542046 b4470d2c 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b4470d2c 80530fe7 656c676f 00000000 b4471180 nt!Kei386EoiHelper+0x18a
b4470da8 804fe5b4 b4471180 b4470e7c 3045364b nt!RtlDispatchException+0x59
b4471164 80542095 b4471180 00000000 b44711d4 nt!KiDispatchException+0x13e
b44711cc 80542046 b4471258 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b4471258 80530fe7 656c676f 00000000 b44716ac nt!Kei386EoiHelper+0x18a
b44712d4 804fe5b4 b44716ac b44713a8 3045364b nt!RtlDispatchException+0x59
b4471690 80542095 b44716ac 00000000 b4471700 nt!KiDispatchException+0x13e
b44716f8 80542046 b4471784 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b4471784 80530fe7 656c676f 00000000 b4471bd8 nt!Kei386EoiHelper+0x18a
b4471800 804fe5b4 b4471bd8 b44718d4 3045364b nt!RtlDispatchException+0x59
b4471bbc 80542095 b4471bd8 00000000 b4471c2c nt!KiDispatchException+0x13e
b4471c24 80542046 b4471cb0 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b4471cb0 80530fe7 656c676f 00000000 b4472104 nt!Kei386EoiHelper+0x18a
b4471d2c 804fe5b4 b4472104 b4471e00 3045364b nt!RtlDispatchException+0x59
b44720e8 80542095 b4472104 00000000 b4472158 nt!KiDispatchException+0x13e
b4472150 80542046 b44721dc 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b44721dc 80530fe7 656c676f 00000000 b4472630 nt!Kei386EoiHelper+0x18a
b4472258 804fe5b4 b4472630 b447232c 3045364b nt!RtlDispatchException+0x59
b4472614 80542095 b4472630 00000000 b4472684 nt!KiDispatchException+0x13e
b447267c 80542046 b4472708 80530f62 badb0d00 nt!CommonDispatchException+0x4d
b4472708 80530fe7 656c676f 00000000 b4472b5c nt!Kei386EoiHelper+0x18a
b4472784 804fe5b4 b4472b5c b4472858 61685c4d nt!RtlDispatchException+0x59
b4472b40 80542095 b4472b5c 00000000 b4472bb0 nt!KiDispatchException+0x13e
b4472ba8 80542046 b4472c88 805266aa badb0d00 nt!CommonDispatchException+0x4d
b4472bd0 8053afa9 b4472bec bae02864 00000000 nt!Kei386EoiHelper+0x18a
b4472c88 65746164 776f645c 616f6c6e 337b5c64 nt!sprintf+0x31
WARNING: Frame IP not in any known module. Following frames may be wrong.
b4472c94 337b5c64 33386631 2d633031 34386430 0x65746164
b4472c98 33386631 2d633031 34386430 3565342d 0x337b5c64
b4472c9c 2d633031 34386430 3565342d 63392d39 0x33386631
b4472ca0 34386430 3565342d 63392d39 302d6231 0x2d633031
b4472ca4 3565342d 63392d39 302d6231 63383538 0x34386430
b4472ca8 63392d39 302d6231 63383538 38316338 0x3565342d
b4472cac 302d6231 63383538 38316338 7d366563 0x63392d39
b4472cb0 63383538 38316338 7d366563 6f6f675c 0x302d6231
b4472cb4 38316338 7d366563 6f6f675c 75656c67 0x63383538
b4472cb8 7d366563 6f6f675c 75656c67 74616470 0x38316338
b4472cbc 6f6f675c 75656c67 74616470 74657365 0x7d366563
b4472cc0 75656c67 74616470 74657365 652e7075 0x6f6f675c
b4472cc4 74616470 74657365 652e7075 6c3f6578 0x75656c67
b4472cc8 74657365 652e7075 6c3f6578 3f3f3f3f 0x74616470
b4472ccc 652e7075 6c3f6578 3f3f3f3f 63693f3f 0x74657365
b4472cd0 6c3f6578 3f3f3f3f 63693f3f 61685c65 0x652e7075
b4472cd4 3f3f3f3f 63693f3f 61685c65 69646472 0x6c3f6578
b4472cd8 63693f3f 61685c65 69646472 6f766b73 0x3f3f3f3f
b4472cdc 61685c65 69646472 6f766b73 656d756c 0x63693f3f
b4472ddc 805460ee ba4bab85 88993e18 00000000 0x61685c65
b4472e20 8053580d 000029e4 00000000 b44728ec nt!KiThreadStartup+0x16
b4472e40 8062ba09 00006c80 00000000 80635ed2 nt!ExReleaseResourceLite+0x8d
b4472e4c 80635ed2 e365d658 0000d658 00000000 nt!CmpUnlockRegistry+0x37
b4472ed8 804fb078 b4472cf0 b4472cf0 00000000 nt!CmpQueryKeyName+0xe4
b4472f10 10000000 00160640 00000002 7c9c8090 nt!KeWaitForSingleObject+0x1c2
b4472f28 00160178 77f66e39 00f7fc20 0000005c 0x10000000
b4472f2c 77f66e39 00f7fc20 0000005c 7c809a99 0x160178
STACK_COMMAND: kb
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 48a3fbd9
FOLLOWUP_IP:
nt!_SEH_prolog+1a
8053bbaa 53 push ebx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!_SEH_prolog+1a
FAILURE_BUCKET_ID: TRAP_FRAME_RECURSION
BUCKET_ID: TRAP_FRAME_RECURSION
SP3: I use ever since released the final SP3 on microsoft.com.
Latest updates: Comodo CIS with integrated AV, instead of Comodo firewall + AVG Free antivir.
And: I use comodo memory firewall, and this is a beta software (or not)?
Current, I use CIS with disabled antivir, and Spyware Terminator with ClamAV shield (emergency solution).
But, the BSOD appears again and again.
Thanks!
Okay if it happens over and over you could try the step by step “uninstall” some application run for “sometime” without it and see if the problem is gone, I don’t think that there is a faster way to discover what’s wrong.
Personaly I’d say you have many “security” applications running i would try to uninstall Antivir first the “big” change in your config is CIS v.s. CFP + AntiVir so it’s likely to be caused by a conflict of some sort in that direction.
This can also be caused by dirty uninstalls etc.