[paulb100]

My fathers PC has been crashing with BSOD..
I belive the problem to be related to Windows Defender conflicting with comodo firewall...
ive got his minidump files to see what the fault was but i cant read them???

does anyone know how?

I have the debugger program but it doesnt open these files?
thanks

[Elvandil]

Usually, Notepad will open them.

What was the STOP error on the blue screen and was any file mentioned by name?

What does the Event Viewer say about the crashes?

[paulb100]

he doesnt say what it said on BSOD
they dont open in notepad...when trying it just has a load of rubbish in the window
the event viewer says:
SYSTEM ERROR 13:01
Error code 00000035, parameter1 84ef2ee8, parameter2 00000000, parameter3 00000000, parameter4 00000000.

i have the debugger for windows installed but i dunno how to open the files?

[Elvandil]

That is the only error in EV? That, in itself, would be unusual. Try clearing the log files (right-click) and reproducing the error so that only a few entries will be in the log to look over.

The dmp files are a dump of the contents of memory, so they won't mean much to you. These might help:

http://support.microsoft.com/kb/315263
http://www.listikal.com/how-to-open-...ump-dmp-files/
http://www.techspot.com/vb/all/windo...minidumps.html

[paulb100]

thanks
is there a way to copy the logs? i can only seem to copy and paste each error seperatley..
im also remotely assisting

UPDATE: It happened again he said so ive cleared the log this time and managed to save it before i did.. the only error for the time of it happening was in
system and it was the same as before.....
Error code 00000035, parameter1 84ef2ee8, parameter2 00000000, parameter3 00000000, parameter4 00000000.

[Elvandil]

When you right-click to clear the logs, it asks if you want to save them first. So, without looking myself, there must be a way to do it without clearing, but you may as well clear them anyway if you have a copy.

[paulb100]

i have cleared them, it only save the one i was vieing at time (security) ,
anyway they are now cleared and awaiting for BSOD to appear again - my dad has gone to work now and wont be back on until 11pm UK time...

I may add that we recently added Comodo Firewall but have Defense+ disabled and Kaspersky 6 webscan disabled as advised as they supposed to conflict... he also running spybot and tracks eraser pro.. I have same apps runing and dont have any problems

thanks for your help

[devil_himself]

Attach the minidumps and i will have a look

[Elvandil]

Quote:

Originally Posted by paulb100

i have cleared them, it only save the one i was vieing at time (security) ,
anyway they are now cleared and awaiting for BSOD to appear again - my dad has gone to work now and wont be back on until 11pm UK time...

I may add that we recently added Comodo Firewall but have Defense+ disabled and Kaspersky 6 webscan disabled as advised as they supposed to conflict... he also running spybot and tracks eraser pro.. I have same apps runing and dont have any problems

thanks for your help

Disabled may not be enough. Just because the apps and services are not running does not mean that the drivers are not still loading. They probably are and can cause conflicts so long as they are still installed.

Take a look at ServiWin or a similar tool to see what services and drivers are active and loaded.

[paulb100]

Quote:

Originally Posted by devil_himself

Attach the minidumps and i will have a look

thanks man....
here they are

oh and also his C: and D: drives are FAT32... hes running WinXO ... I thought XP only worked on NTFS drives?

ELVANDIL: thanks for that app - really good - though on mine it doesnt show that defense+ is running for comodo but comodo firewall sandbox driver & helper driver are

[Elvandil]

Quote:

Originally Posted by paulb100

ELVANDIL: thanks for that app - really good - though on mine it doesnt show that defense+ is running for comodo but comodo firewall sandbox driver & helper driver are

Don't forget to click the second set of gears in the upper left corner--one shows drivers and the other shows services.

[Elvandil]

Here's some info on your first dmp file:

*************************************************************************** ****
* *
* Bugcheck Analysis *
* *
*************************************************************************** ****

NO_MORE_IRP_STACK_LOCATIONS (35)
A higher level driver has attempted to call a lower level driver through
the IoCallDriver() interface, but there are no more stack locations in the
packet, hence, the lower level driver would not be able to access its
parameters, as there are no parameters for it. This is a disasterous
situation, since the higher level driver "thinks" it has filled in the
parameters for the lower level driver (something it MUST do before it calls
it), but since there is no stack location for the latter driver, the former
has written off of the end of the packet. This means that some other memory
has probably been trashed at this point.
Arguments:
Arg1: 84c66ee8, Address of the IRP
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------




CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0x35

PROCESS_NAME: MsnMsgr.Exe

LAST_CONTROL_TRANSFER: from 8052011d to 8053738a

STACK_TEXT:
f17c9990 8052011d 00000035 84c66ee8 00000000 nt!KeBugCheckEx+0x1b
f17c9a00 804e13d9 85301248 00000000 84c66fa0 nt!IopfCallDriver+0x17
f17c9a68 804e13d9 857c7f10 84c66ee8 00000004 nt!IopfCallDriver+0x31
f17c9a98 804e13d9 852578a8 84c66ee8 84d8f0b0 nt!IopfCallDriver+0x31
f17c9aa8 f237040a 00000000 00000008 f17c9b1c nt!IopfCallDriver+0x31
f17c9b10 f2363492 84ca3008 0006f97c f2363492 afd!AfdFastConnectionReceive+0x25f
f17c9c5c 80586e63 8505dc78 00000001 0006f8f0 afd!AfdFastIoDeviceControl+0x713
f17c9d00 80586eee 000008c4 000003f4 00000000 nt!IopXxxControlFile+0x255
f17c9d34 804dd99f 000008c4 000003f4 00000000 nt!NtDeviceIoControlFile+0x2a
f17c9d34 7c90eb94 000008c4 000003f4 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0006f944 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
afd!AfdFastConnectionReceive+25f
f237040a 8b7b14 mov edi,dword ptr [ebx+14h]

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: afd!AfdFastConnectionReceive+25f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: afd

IMAGE_NAME: afd.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107eb5

FAILURE_BUCKET_ID: 0x35_afd!AfdFastConnectionReceive+25f

BUCKET_ID: 0x35_afd!AfdFastConnectionReceive+25f

Followup: MachineOwner

[Elvandil]

*************************************************************************** ****
* *
* Bugcheck Analysis *
* *
*************************************************************************** ****

Use !analyze -v to get detailed debugging information.

BugCheck 35, {84ef2ee8, 0, 0, 0}



Probably caused by : afd.sys ( afd!AfdFastConnectionReceive+25f )

Followup: MachineOwner
-----------------------------------------------------------------------
Looks like a memory leak in Afd.sys.

STOP 0x00000035: NO_MORE_IRP_STACK_LOCATIONS

http://support.microsoft.com/search/...=&mode=r&lsc=0

[paulb100]

Thanks for the info.... really appreciate your help...

so Afd.sys is this a system driver? and is it related to Messenger?
and you mention "memory has probably been trashed" so does this sofware confliction actually damage the physical memory or do you mean the data at the address...?

We installed Comodo the other day but all was well until a few days later...could it be anything to do with that?

I should also mention his clock has been going slow all the time...even after setting right times and sync's etc... i also restarted w23time... the problems seem to happen AFTER this actually when I think about it...though I done the same on mine and mine is OK

what doyou recommend?

thanks

[Elvandil]

That "trashed" word was from the analysis and not mine. But basically when the afd.sys driver is malfunctioning due to its known memory leak, it gobbles up memory until it also takes memory belonging to a different process, leading to problems. The physical memory is not physically damaged.

I'd try uninmstalling recent additions untill the problem goes away. It make take some experimenting to find what conflicts, but Comodo, being new, is a strong suspect.