Ask a new question

Blue Screen upon startup login - ntoskrnl.exe

My desktop runs Windows 7 SP1, and the issue I'm having right now is that every time I turn on the computer and get to the login screen I instantly blue screen (info below, picture linked). When exactly the blue screen occurs is random, it has happened before and after I've typed in my password to log in.

Luckily Safe Mode still works. Info from the post-crash pop-up:

Problem signature:
  Problem Event Name:   BlueScreen
  OS Version:   6.1.7601.2.1.0.768.3
  Locale ID:    1033
Additional information about the problem:
  BCCode:   7f
  BCP1: 0000000000000008
  BCP2: 0000000080050031
  BCP3: 00000000000406F8
  BCP4: FFFFF800039988FA
  OS Version:   6_1_7601
  Service Pack: 1_0
  Product:  768_1
Files that help describe the problem:
  C:\Windows\Minidump\091814-80995-01.dmp
  C:\Users\********\AppData\Local\Temp\WER-101821-0.sysdata.xml

I'll link the minidump & XML file at the end of this post.

According to what I gleaned from Google, the 7F error comes from either hardware failure or faulty drivers (correct me if I'm wrong). The only new programs I can think of that I installed within the past week are, in order from least recent to most recent, the SikuliX IDE (an uninstall reinstall of an older version to a newer version) and TeamViewer (an uninstall reinstall from 7 to 9). After all three programs were installed, I used them with no problems and even restarted once to apply changes for a Windows Update before this problem occurred.

I went and got BlueScreenView and opened up the minidump. First file in the list was ntoskrnl.exe. I searched Google and this forum for other problems with this executable, but couldn't find anything substantial. So now I'm here to ask for help. I think fixing this might involve me editing some files in the registry, but I'm not 100% sure. In the meantime, I'm following the Driver Verifier wiki article on this website to find out which drivers are screwing up in case the minidump file isn't enough for you guys to help me figure out the problem. I'll post the results of that within a day.

Files:

minidump

XML file

Thank you all in advance for the help!

Edit: I took a look at the EventViewer and read the most recent logs at Error Level. They were all either "DistributedCOM" source with EventID 10005, or "Service Control Manager" source with EventID 7001. The DistributedCOM errors all had various parameters (WSearch, fdPHost, BITS), and they were all in the form "DCOM got error "1084 (for WSearch) / 1068 (for fdPHost & BITS)" attempting to start the service (previous service goes here) with arguments "" in order to run the server: {different registry each time}.

If you guys would like more information, I would be happy to provide it.

Answer
Answer

BugCheck 7F, {8, 80050031, 406f8, fffff800039988fa}

Unable to load image \SystemRoot\System32\DRIVERS\cmdguard.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdguard.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdguard.sys
Probably caused by : cmdguard.sys ( cmdguard+281e9 )

STACK_TEXT: 
fffff880`0336bde8 fffff800`03685169 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt!KeBugCheckEx
fffff880`0336bdf0 fffff800`03683632 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0336bf30 fffff800`039988fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`07339ca0 fffff800`03684e53 : ffffffff`ffffffff 00000000`00000000 fffff880`0733a350 00000000`00000030 : nt!NtQueryInformationProcess+0x3a
fffff880`0733a110 fffff800`03681410 : fffff880`049181e9 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0733a318 fffff880`049181e9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
fffff880`0733a320 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : cmdguard+0x281e9

Uninstall and reinstall COMODO and if you are still crashing, uninstall it and replace it with Microsoft Security Essentials.

Loaded symbol image file: cmdguard.sys
    Image path: \SystemRoot\System32\DRIVERS\cmdguard.sys
    Image name: cmdguard.sys

Driver Description: COMODO Firewall Pro Sandbox Driver

Driver Update Site: http://forums.comodo.com/index.php?action=dlattach;topic=17220.0;attach=17692 Requires registration

==============

Uninstall sptd.sys and all related software.

Image path: \SystemRoot\System32\Drivers\sptd.sys
    Image name: sptd.sys    Timestamp:        Thu Oct 31 11:26:53 2013 (527276BD)

Driver Description: SCSI Pass Through Direct Host - Daemon Tools (known BSOD issues with Win7)

Removal tool at: http://www.duplexsecure.com/en/downloads

=============

Update or remove.

 Image path: \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
    Image name: ISODrv64.sys
    Timestamp:        Tue Feb 10 04:22:18 2009 (4991474A)

Driver Description: ISO CD-ROM Device Driver - ISODrive

Driver Update Site: http://www.ezbsystems.com/download.htm

================

Update or remove.

Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    Image name: SASDIFSV64.SYS
    Timestamp:        Thu Jul 21 19:03:00 2011 (4E28B024)

===============

Update

Image name: k57nd60a.sys
    Timestamp:        Tue Jun 08 07:40:13 2010 (4C0E2C1D)
    CheckSum:         00067682

Driver Description: Broadcom NetLink Gigabit Ethernet NDIS6.x Unified Driver

Driver Update Site: http://www.broadcom.com/support/ethernet_nic/downloaddrivers.php

Take time to let us know if the suggestion worked...or not.

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated November 18, 2020 Views 2,434 Applies to: