BSOD on Win7 32bit

Hi all,

having a repeated BSOD problem with my new PC.
Please suggest a solution.

060311-38703-01.dmp 03-Jun-11 5:46:10 PM DRIVER_VERIFIER_DETECTED_VIOLATION 0x000000c4 0x000000f6 0x00000d80 0xb9fa9a58 0x8328d41a ntkrnlpa.exe ntkrnlpa.exe+dce3c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7600.16792 (win7_gdr.110408-1633) 32-bit C:\Windows\Minidump\060311-38703-01.dmp 8 15 7600
ntkrnlpa.exe ntkrnlpa.exe+4341a 0x8324a000 0x8365a000 0x00410000 0x4d9fd915 09-Apr-11 6:57:09 AM Microsoft® Windows® Operating System NT Kernel & System 6.1.7600.16792 (win7_gdr.110408-1633) C:\Windows\system32\ntkrnlpa.exe

Attaching the memory dumps.
After this last BSOD, I have disabled the driver verifier.
Appreciate your help.

Your Comodo Firewall/Antivirus is the cause, please remove it

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {f6, d80, b9fa9a58, 8328d41a}

*** WARNING: Unable to verify timestamp for cmdguard.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdguard.sys
Probably caused by : cmdguard.sys ( cmdguard+cbad )


DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000f6, Referencing user handle as KernelMode.
Arg2: 00000d80, Handle value being referenced.
Arg3: b9fa9a58, Address of the current process.
Arg4: 8328d41a, Address inside the driver that is performing the incorrect reference.

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_f6

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  firefox.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8357ef03 to 83326e3c

STACK_TEXT:  
beab3b94 8357ef03 000000c4 000000f6 00000d80 nt!KeBugCheckEx+0x1e
beab3bb4 83583766 00000d80 beab3c68 00000d80 nt!VerifierBugCheckIfAppropriate+0x30
beab3c48 834915b1 beab3ce4 00000000 00000000 nt!VfCheckUserHandle+0x14f
beab3c5c 8328d41a 00000d80 beab3d24 8328ad6d nt!NtClose+0x45
beab3c5c 8328ad6d 00000d80 beab3d24 8328ad6d nt!KiFastCallEntry+0x12a
beab3cd8 86cbbbad 00000d80 38651d59 000007d4 nt!ZwClose+0x11
WARNING: Stack unwind information not available. Following frames may be wrong.
beab3d24 8328d41a 000007d4 00000000 0023e51c cmdguard+0xcbad
beab3d24 77576344 000007d4 00000000 0023e51c nt!KiFastCallEntry+0x12a
0023e51c 00000000 00000000 00000000 00000000 0x77576344


STACK_COMMAND:  kb

FOLLOWUP_IP: 
cmdguard+cbad
86cbbbad ??              ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  cmdguard+cbad

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: cmdguard

IMAGE_NAME:  cmdguard.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d24a4f1

FAILURE_BUCKET_ID:  0xc4_f6_VRFK_cmdguard+cbad

BUCKET_ID:  0xc4_f6_VRFK_cmdguard+cbad

Followup: MachineOwner
---------

Strange, I had BSOD before I have installed COMODO Firewall. Probably, then it was for some other reason. I will try to uninstall it.

Can you please help me with this memory dump, I think it was for other reason than my previous one.
Again, it happened before I have disabled the driver verifier.

assyar said:

Strange, I had BSOD before I have installed COMODO Firewall. Probably, then it was for some other reason. I will try to uninstall it.

Can you please help me with this memory dump, I think it was for other reason than my previous one.
Again, it happened before I have disabled the driver verifier.

The cause is still cmdguard.sys, remove Comodo Firewall, the crash was triggered by Steam.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000f6, Referencing user handle as KernelMode.
Arg2: 0000088c, Handle value being referenced.
Arg3: b0452d38, Address of the current process.
Arg4: 8329141a, Address inside the driver that is performing the incorrect reference.

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_f6

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  Steam.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 83582f03 to 8332ae3c

STACK_TEXT:  
bc177b94 83582f03 000000c4 000000f6 0000088c nt!KeBugCheckEx+0x1e
bc177bb4 83587766 0000088c bc177c68 0000088c nt!VerifierBugCheckIfAppropriate+0x30
bc177c48 834955b1 bc177ce4 00000000 00000000 nt!VfCheckUserHandle+0x14f
bc177c5c 8329141a 0000088c bc177d24 8328ed6d nt!NtClose+0x45
bc177c5c 8328ed6d 0000088c bc177d24 8328ed6d nt!KiFastCallEntry+0x12a
bc177cd8 86d0cbad 0000088c 3ac44d7d 000008a0 nt!ZwClose+0x11
WARNING: Stack unwind information not available. Following frames may be wrong.
bc177d24 8329141a 000008a0 00000001 0012cd24 cmdguard+0xcbad
bc177d24 76e26344 000008a0 00000001 0012cd24 nt!KiFastCallEntry+0x12a
0012cd24 00000000 00000000 00000000 00000000 0x76e26344


STACK_COMMAND:  kb

FOLLOWUP_IP: 
cmdguard+cbad
86d0cbad ??              ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  cmdguard+cbad

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: cmdguard

IMAGE_NAME:  cmdguard.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d24a4f1

FAILURE_BUCKET_ID:  0xc4_f6_VRFK_cmdguard+cbad

BUCKET_ID:  0xc4_f6_VRFK_cmdguard+cbad

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 000000f6, Referencing user handle as KernelMode.
Arg2: 0000088c, Handle value being referenced.
Arg3: b0452d38, Address of the current process.
Arg4: 8329141a, Address inside the driver that is performing the incorrect reference.

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_f6

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  Steam.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 83582f03 to 8332ae3c

STACK_TEXT:  
bc177b94 83582f03 000000c4 000000f6 0000088c nt!KeBugCheckEx+0x1e
bc177bb4 83587766 0000088c bc177c68 0000088c nt!VerifierBugCheckIfAppropriate+0x30
bc177c48 834955b1 bc177ce4 00000000 00000000 nt!VfCheckUserHandle+0x14f
bc177c5c 8329141a 0000088c bc177d24 8328ed6d nt!NtClose+0x45
bc177c5c 8328ed6d 0000088c bc177d24 8328ed6d nt!KiFastCallEntry+0x12a
bc177cd8 86d0cbad 0000088c 3ac44d7d 000008a0 nt!ZwClose+0x11
WARNING: Stack unwind information not available. Following frames may be wrong.
bc177d24 8329141a 000008a0 00000001 0012cd24 cmdguard+0xcbad
bc177d24 76e26344 000008a0 00000001 0012cd24 nt!KiFastCallEntry+0x12a
0012cd24 00000000 00000000 00000000 00000000 0x76e26344


STACK_COMMAND:  kb

FOLLOWUP_IP: 
cmdguard+cbad
86d0cbad ??              ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  cmdguard+cbad

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: cmdguard

IMAGE_NAME:  cmdguard.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d24a4f1

FAILURE_BUCKET_ID:  0xc4_f6_VRFK_cmdguard+cbad

BUCKET_ID:  0xc4_f6_VRFK_cmdguard+cbad

Followup: MachineOwner
---------

what happens if I just disable the driver verifier? I haven't BSOD since yesterday, when I've disabled it.

assyar said:

what happens if I just disable the driver verifier? I haven't BSOD since yesterday, when I've disabled it.

Just disable it, Driver Verifier should not be enabled unless used for diagnostic purposes