Can not run windows after uninstall (CFP 3.0.25.378) DELL Latitude TPM chip

I have some problems with the configuration of my Comodo, and decided to uninstall and reinstall Comodo again. I follow the steps in this post for uninstalling.

https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_complete_removal_of_comodo_firewall_pro_3_with_safesurf_toolbar_info-t17220.0.html
(new uninstall pretty much clean, there is nothing left for me to manually removed as pointed out in the instruction).
(:NRD)

However after uninstall, my windowXP (32) will not boot up at all. After login to the XP for 20 sec, this blue screen show up. Then the system automatically reboot.

So I have no way to fix anything except start XP in the safe-mode, then use the system roll back. I can revert the system to the point that XP can function, but still have Comodo with broken configuration. The problem is my system can not startup at all without having Comodo running (if uninstall, XP will bootup with blue scerrn above). So any suggest that I can fix this problem ?

My system is WinXP 32 bit. Dell Latitude D830, and I have TPM security chip installed with EMBASSY® Trust Suite
Dell Edition ( http://www.wave.com/products/ets_dell.asp )

These are 3 problems that made me decide to reinstall Comodo
(problem never happen before Comodo Firewall 3.0.23.364)

  1. Outlook can not send mail out SMTP
  2. VPN conflict https://forums.comodo.com/bug_reports/cisco_system_vpn_client_is_blocked_by_cfp_3025378-t23748.0.html;msg168064#msg168064
  3. TPM security chip conflict https://forums.comodo.com/bug_reports/cfp_3023364_conflict_with_thinkvantage_client_secutiry_solution-t23166.0.html;msg167779#msg167779

Thanks for any suggestion.
:■■■■

Greetings!

From the BSoD, it’s really hard to tell what the problem is. This is what I found on Microsoft’s knowledge base:

Stop error code 0x0000007F - Windows Server | Microsoft Learn (if you’re using Symantec products, this is the one for you)

http://support.microsoft.com/kb/891722 (for Windows 2000 and 2003 tho, but with the exact STOP-message as you got)

This is what I get from this article:

Problem 8:

An error message appears when restarting into GUI-mode Setup. If the error
is hardware related, there may be an error message from the BIOS or from
Windows NT in the form of a blue Stop screen, such as any of the
following:

***STOP 0x00000080
NMI_HARDWARE_FAILURE

***STOP 0x0000007f
UNEXPECTED_KERNEL_MODE_TRAP

***STOP 0x0000007a
KERNEL_DATA_INPAGE_ERROR

***STOP 0x00000077
KERNEL_STACK_INPAGE_ERROR

***STOP 0x00000051
REGISTRY_ERROR

***STOP 0x0000002f
INSTRUCTION_BUS_ERROR

***STOP 0x0000002e
DATA_BUS_ERROR

***STOP 0x0000002d
SCSI_DISK_DRIVER_INTERNAL

Resolution 8:

Check your computer for viruses, or for hard disk damage. For a virus
scan, please use any available commercial virus scanning software that
examines the Master Boot Record (MBR) of the drive. Viruses can infect
both FAT and NTFS file systems.

These errors may also be a result of hard disk drive damage. If you are
using the FAT file system and do not yet have Windows NT 4.0 installed,
use Scandisk or another MS-DOS-based hard disk tool to verify the
integrity of your hard drive. Note that the Scandisk tool can damage long
file names used by Windows NT 4.0 when run from an MS-DOS prompt.

If you are using the NTFS file system, or you already have Windows NT 4.0
installed, try to boot to a previous version of Windows NT to run CHKDSK
/F /R. If you cannot boot to a previous version of Windows NT, try to
install to a parallel folder to run CHKDSK /F /R.

Another common cause of the above STOP error messages is failing RAM. Use
a diagnostic tool to test the RAM in your computer.

Check that all adapter cards in your computer are properly seated. You can
use an ink eraser or Stabilant-22 to clean the adapter card contacts.

Finally, you can take the computer to a repair facility for diagnostic
testing. A ■■■■■, scratched trace, or bad component on the motherboard can
also cause these problems.

You can also upload the minidump file in this topic. The developers have much to do, so it’ll take some time before they check it if you upload it in the Bug Reports-section.
If you don’t know how to upload it, check this topic (but upload it here, and not in that one).
I don’t have any experiences in debugging minidump files, but maybe someone else does.

Also, check the Event Log in Safe Mode, to see if there’s something there.

Cheers,
Ragwing

Oh wow , Thank you so much for fast reply and a lot of information. :BNC

I’m going research from the sources you mentioned above. Hope all will go well. I’ll get back with minidump if the thing get out of hand.

again , thank you for your time and your help (:HUG)
(R)

This is the dump file. (attached)

Thanks

[attachment deleted by admin]

I ran this trough windbg and this is the result:
Probably caused by : WavxDMgr.sys ( WavxDMgr+15cca )

Wave Systems Corp.; WavX Document Manager Filter Driver; 06.06.00.067 built by: WinDDK Wave Systems Corp.; WavX Document Manager Filter Driver;

So maybe this is the conflicting driver, maybe use safemode to rename wavxdmgr.sys.disabled and see if it boots ?

===================================================
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Data\Downloads\Mini061108-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srvc:\data\tools\windbg\symbolshttp://msdl.microsoft.com/download/symbols;c:\windows\symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Wed Jun 11 09:03:00.765 2008 (GMT+2)
System Uptime: 0 days 0:01:51.572
Loading Kernel Symbols

Loading User Symbols
Loading unloaded module list

Unable to load image WavxDMgr.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for WavxDMgr.sys
*** ERROR: Module load completed but symbols could not be loaded for WavxDMgr.sys


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, bab40d70, 0, 0}

*** WARNING: Unable to verify timestamp for SPBBCDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for SPBBCDrv.sys

Probably caused by : WavxDMgr.sys ( WavxDMgr+15cca )

Followup: MachineOwner

1: kd> !analyze -v


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it’s a trap of a kind
that the kernel isn’t allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: bab40d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:

BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 6

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from ba5be888 to b68e0cca

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b5e694f8 ba5be888 89a0667c b5e69518 b5e69548 WavxDMgr+0x15cca
b5e69558 ba5c02a0 00e695a0 00000000 b5e695a0 fltMgr!FltpPerformPreCallbacks+0x2d4
b5e6956c ba5c0c48 b5e695a0 00000000 8a411750 fltMgr!FltpPassThroughInternal+0x32
b5e69588 ba5c1059 b5e69500 89a11008 8a799030 fltMgr!FltpPassThrough+0x1c2
b5e695b8 804ef163 8a411750 89a11008 806e4410 fltMgr!FltpDispatch+0x10d
b5e695c8 8057e77e b5e69634 b5e696d8 80578d26 nt!IopfCallDriver+0x31
b5e695dc 80578d83 8a411750 89a11008 899dcc70 nt!IopSynchronousServiceTail+0x60
b5e69600 805409ac 80000620 00000000 00000000 nt!NtQueryDirectoryFile+0x5d
b5e69600 804ffee1 80000620 00000000 00000000 nt!KiFastCallEntry+0xfc
b5e696a4 b7ea3f65 80000620 00000000 00000000 nt!ZwQueryDirectoryFile+0x11
b5e696f0 b7ea446b b5e69714 b5e69724 b5e6971c SPBBCDrv+0x2f65
b5e6973c b7eb2467 e16c500c e67aaee8 00000000 SPBBCDrv+0x346b
b5e69758 b7eb0a14 e429be14 b7ebf114 b7ebf311 SPBBCDrv+0x11467
b5e6977c b7ebf755 b5e698ac 00000005 0000000b SPBBCDrv+0xfa14
b5e697ac b7ebf43a b5e698a0 e6630ae8 00000000 SPBBCDrv+0x1e755
b5e697e8 b7eb0447 00000002 b5e698a0 e429bcb0 SPBBCDrv+0x1e43a
b5e69848 b7eb1818 b5e69978 00e6994c 00000002 SPBBCDrv+0xf447
b5e698c8 80534b99 00000005 b5e698fc e183d52c SPBBCDrv+0x10818
b5e698d8 00000000 8a3f0980 b7eaa200 00000000 nt!ExReleaseResourceLite+0x8d

STACK_COMMAND: kb

FOLLOWUP_IP:
WavxDMgr+15cca
b68e0cca 53 push ebx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: WavxDMgr+15cca

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: WavxDMgr

IMAGE_NAME: WavxDMgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 46e55ac2

FAILURE_BUCKET_ID: 0x7f_8_WavxDMgr+15cca

BUCKET_ID: 0x7f_8_WavxDMgr+15cca

Followup: MachineOwner

rhgtyink thank you for the information :-TU especially for the minidump translation.

You are right, since last 2-3 new update Comodo acting weird with my TPM security chip and the software that manage it (by Wave Systems Corp). I’ll try to see if the support from the manufacturer can do anything about this.

What I try to figure out is why it happen only after Comodo is removed. … anyone ? :-La :-La :-La

Anyway I’ll keep it post.
Thank you for your time and tips. (:s*) (:s*) (:s*)
(R)

Hi Crux,

Based on what i’ve read about the Embassy suite my guess is a conflict between the Suite and CFP.
Embassy suite hooks heavy in the security of the system, disk encryption, biologin, replaced GINA etc…

Maybe CFP is unable to popup for a rule because of the timing at startup and therefore blocking the TPM Suite(s).
(Based on the other thread, everbody can fix it by disabling the Firewall).

You could try to uninstall CFP and directly(no boot) Reinstall the Embassy suite, reboot and see what happens ?

Hi rhgtyink,

I agree with you. Embassy suite and TPM security chip are the big hassle (they work great in terms of doing their job :-TU). It is almost impossible to reinstall Embassy suite without clean install the whole system (with factory recovery disk). Like you said it hooks with every single hardware on the mother board, the HD also encrypted. Entire encrypted area might not be able to access again with improper reinstallation of the suite once the master user and key has been generated. In the past, I have spent about a week for reinstalling Embassy suite, and recovering the system (although their customer support quite excellent both email and phone call).

Now I just would like to find the way to peacefully uninstall the CFP (at least make it boot able without no blue screen after the uninstalling). The error quite very consistent, I can replicate the same blue screen every time I uninstall the CFP (thanks for XP system roll back :wink: ). So any suggestion would be great :-La

Thank you so much I appreciate your input. :slight_smile:

Just to chime in…

There have been reports of similar problems (mine and a few others) related to the security chip, fingerprint reader and related security software on IBM/Lenovo Thinkpads. So, crux, this issue is not necessarily restricted to Dell systems. As rhgtyink points out, any applications that extend to the Windows kernel can cause conflicts.

In fact, it was this very issue that prompted me to create the set of instructions for removing CFP, which now has more than 36,000 views in just under six months. That’s absurd.

Hi USSS,

I’m also your customer (see my top post linked to your instructions) :-TU Thanks for the good information. Now I try to get in to the stuff that Ragwing provided in his post above, I’m sure there is some more things I need to do with my system after uninstalling CFP to prevent the Blue Screen. Too bad that my knowledge about “Windows kernel” so limited. So any one who have a (:s*) silver bullet (:s*) please share one to me.

I use 150-grain S&W .40 cal. hollow points. Silver is too expensive these days.
(:WIN)

Run Ragwing’s batch file at the bottom of my “Instructions” post and it will clean up virtually all of the files and registry entries left behind following a “normal” uninstallation of CFP.

!ot! !ot!

I prefer to use 158 grains .38 special soft point (:WIN)

Yes USSS, I did use the batch file right at the first try, and I followed the instruction every step closely. That’s why I think there is something to do with my kernel manually to get rid of the Blue Screen (:NRD).

a Silver bullet still needed. :wink:

If you have not done so, perform a manual search of the Windows registry for key words associated with Comodo and delete those entries after you have made a backup of your registry and/or created a System Restore point.

You can find many of these key words by simply reviewing the registry entries list in my “Instructions” thread. Also, are you using a good registry cleaner, such as jv16 PowerTools? It’s well worth the money.