Windows Vista SP1 32-bit. CIS 3.8.65951.477 only. D+ on, Firewall on, Antivirus off. Minidump attached; password is “comodo”.
PS: Don’t tell me this is GMER’s fault because as you can see, this is a system call from user-mode.
BugCheck 1000008E, {c0000005, 81e281a3, a3be59cc, 0}
*** WARNING: Unable to verify timestamp for cmdguard.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdguard.sys
Probably caused by : cmdguard.sys ( cmdguard+4259 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81e281a3, The address that the exception occurred at
Arg3: a3be59cc, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!IopParseDevice+1420
81e281a3 8938 mov dword ptr [eax],edi
TRAP_FRAME: a3be59cc -- (.trap 0xffffffffa3be59cc)
ErrCode = 00000002
eax=0000003e ebx=00000000 ecx=00000000 edx=00000000 esi=87611008 edi=87103f80
eip=81e281a3 esp=a3be5a40 ebp=a3be5b08 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IopParseDevice+0x1420:
81e281a3 8938 mov dword ptr [eax],edi ds:0023:0000003e=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: gmer.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81e4d3cf to 81e281a3
STACK_TEXT:
a3be5b08 81e4d3cf 8557b778 00000000 87769008 nt!IopParseDevice+0x1420
a3be5b98 81e250c6 00000000 a3be5bf0 00000040 nt!ObpLookupObjectName+0x5a8
a3be5bf8 81e26bc3 001276c4 00000000 a3be5c01 nt!ObOpenObjectByName+0x13c
a3be5c6c 81e2dfba 00127728 00100081 001276c4 nt!IopCreateFile+0x63b
a3be5cb8 8ccb4259 00127728 00100081 001276c4 nt!NtCreateFile+0x34
WARNING: Stack unwind information not available. Following frames may be wrong.
a3be5d30 81c5ea1a 00127728 00100081 001276c4 cmdguard+0x4259
a3be5d30 776f9a94 00127728 00100081 001276c4 nt!KiFastCallEntry+0x12a
00127720 00000000 00000000 00000000 00000000 0x776f9a94
STACK_COMMAND: kb
FOLLOWUP_IP:
cmdguard+4259
8ccb4259 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: cmdguard+4259
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cmdguard
IMAGE_NAME: cmdguard.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49a58220
FAILURE_BUCKET_ID: 0x8E_cmdguard+4259
BUCKET_ID: 0x8E_cmdguard+4259
Followup: MachineOwner
---------
[attachment deleted by admin]