CIS BSOD

freshhh

Comodo Loves me

Offline

Posts: 150

CIS BSOD

« on: December 02, 2009, 03:07:49 PM »

Comodo CIS_Setup_3.13.120417.573_XP_Vista_x64

Many BSOD lately, the previous version was a little more stable...

Windows XP PRO x64 SP3 - v5.2, Build 3790 (up to date)

BIOS : Award ASUS P5N-E SLI ACPI BIOS Revision 0901
BIOS Type : Award Phoenix - AwardBIOS v6.00PG

Motherboard : ASUS P5N-E SLI
Motherboard Chipsets :
- North Bridge: nVIDIA nForce 650i SLI (C55)
- South Bridge: nVIDIA nForce 430i (MCP51)
CPU : Intel QuadCore 6600 CPU 2.40Ghz
RAM : 4090MB RAM
GFX : GeForce 8800 GTX
GFX Driver : NVIDIA GeForce-ION Driver Release 191.07_desktop_winxp_64bit_english_whql
Mothrboard : NVIDIA nForce 650i SLI 15.45_nforce_winxp64_international_whql
Soundcard : built-in Realtek ALC883 [at] nVIDIA nForce 430i (MCP51) - High Definition Audio Controller PCI
Soundcard Driver : Realtek High Definition Audio Codecs R2.28
DirectX : v9.0c (4.09.0000.0904)

DirectVobSub 2.39
K-Lite Codec Pack 64-bit 2.9.4
K-Lite Codec Pack 32-bit Full 5.4.4f

Adobe Flash Player 10.0.32.18

Comodo Internet Security
Antivirus : Disabled
Defense : Perm. Disabled
Firewall : Custom


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #1 on: December 11, 2009, 03:29:01 PM »

another BSOD, different


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #2 on: December 18, 2009, 09:04:44 AM »

recent BSOD's collection...


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #3 on: December 27, 2009, 07:33:15 PM »

another BSOD

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d04f865, fffffadf9122a770, fffffadf9122a180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d04f865, The address that the exception occurred at
Arg3: fffffadf9122a770, Exception Record Address
Arg4: fffffadf9122a180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d04f865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf9122a770 -- (.exr 0xfffffadf9122a770)
ExceptionAddress: fffffadf8d04f865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf9122a180 -- (.cxr 0xfffffadf9122a180)
rax=00000000000000d2 rbx=000000000000f4d2 rcx=000000000000f400
rdx=000000000000000b rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d04f865 rsp=fffffadf9122a990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d053b26 r10=fffffadf98c442ac
r11=fffffadf98c44200 r12=0000000000000000 r13=00000000000000b5
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf`8d04f865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d548954 ?? Huh

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d04bcf8 to fffffadf8d04f865

STACK_TEXT:
fffffadf`9122a990 fffffadf`8d04bcf8 : fffffadf`98537390 fffffadf`99cc712c 00000000`6401a8c0 fffffadf`99961c90 : tcpip!XsumSendChain+0x56
fffffadf`9122a9d0 fffffadf`8d04b933 : 00000000`000000ad 00000000`c0000141 fffffadf`8d04bab0 00000000`c0000141 : tcpip!UDPSend+0x6e1
fffffadf`9122aad0 fffffadf`8d04c028 : fffffadf`99cc70f8 00000000`0f50ee74 00000000`000000ad fffffadf`98c44128 : tcpip!TdiSendDatagram+0x196
fffffadf`9122ab40 fffffadf`8d061f92 : 00000000`00000246 fffff800`011ad8fd fffffadf`98c44128 fffffadf`98c44010 : tcpip!UDPSendDatagram+0x68
fffffadf`9122aba0 fffffadf`8d548954 : fffffa80`003b7000 fffffadf`98c44010 00000000`0000dc8c fffffadf`98c44011 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf`9122abf0 fffffa80`003b7000 : fffffadf`98c44010 00000000`0000dc8c fffffadf`98c44011 00000000`00000000 : cmdhlp+0x2954
fffffadf`9122abf8 fffffadf`98c44010 : 00000000`0000dc8c fffffadf`98c44011 00000000`00000000 fffffadf`90c9b180 : 0xfffffa80`003b7000
fffffadf`9122ac00 00000000`0000dc8c : fffffadf`98c44011 00000000`00000000 fffffadf`90c9b180 00000000`00000001 : 0xfffffadf`98c44010
fffffadf`9122ac08 fffffadf`98c44011 : 00000000`00000000 fffffadf`90c9b180 00000000`00000001 fffff800`011e0440 : 0xdc8c
fffffadf`9122ac10 00000000`00000000 : fffffadf`90c9b180 00000000`00000001 fffff800`011e0440 fffffadf`9a06bbf0 : 0xfffffadf`98c44011

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf9122a180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner
---------


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #4 on: December 27, 2009, 07:35:58 PM »

BugCheck 19, {20, fffffa8000d56230, fffffa8000d562d0, 60a0108}

Probably caused by : rdbss.sys ( rdbss!RxUnload+9c )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8000d56230, The pool entry we were looking for within the page.
Arg3: fffffa8000d562d0, The next pool entry.
Arg4: 00000000060a0108, (reserved)

Debugging Details:
------------------

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffffa8000d56230

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800011af36c to fffff8000102eb50

STACK_TEXT:
fffffadf`91094838 fffff800`011af36c : 00000000`00000019 00000000`00000020 fffffa80`00d56230 fffffa80`00d562d0 : nt!KeBugCheckEx
fffffadf`91094840 fffff800`0103c4c7 : fffffa80`00d56260 00000000`000010f4 fffffa80`00d56260 00000000`000010f4 : nt!ExFreePoolWithTag+0x45e
fffffadf`91094900 fffff800`0128be67 : fffffa80`036503d0 fffffa80`036503d0 fffffa80`00003e00 00000000`00000000 : nt!ObfDereferenceObject+0x83
fffffadf`91094930 fffff800`01288a24 : fffffadf`9cc89040 00000000`000010f4 fffffadf`9cc8d8e0 fffffadf`9cc89040 : nt!ObpCloseHandleTableEntry+0x24b
fffffadf`910949d0 fffff800`0102e5fd : fffffadf`9cc89040 fffffadf`91094ad0 fffffadf`9cc89040 00000000`00000000 : nt!ObpCloseHandle+0xb0
fffffadf`91094a50 fffff800`0102eac0 : fffff800`01312255 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
fffffadf`91094be8 fffff800`01312255 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiServiceLinkage
fffffadf`91094bf0 fffffadf`8d0cc27a : ffffffff`800010f4 fffff800`0131dc60 fffffadf`8d0a0150 fffffadf`8d0a0150 : nt!IoDeleteSymbolicLink+0x65
fffffadf`91094c50 fffff800`0131dc83 : fffffadf`9cc89040 fffffadf`90cab180 fffffadf`7eb8e8c0 fffffadf`7eb8e8c0 : rdbss!RxUnload+0x9c
fffffadf`91094c90 fffff800`010377ea : 00000000`00000000 fffffadf`7eb8e8c0 00000000`00000000 fffff800`011d1af8 : nt!IopLoadUnloadDriver+0x23
fffffadf`91094d00 fffff800`0124e922 : fffffadf`9cc89040 00000000`00000080 fffffadf`9cc89040 fffffadf`90ca36c0 : nt!ExpWorkerThread+0x13b
fffffadf`91094d70 fffff800`01020516 : fffffadf`90c9b180 fffffadf`9cc89040 fffffadf`90ca36c0 00000000`00000000 : nt!PspSystemThreadStartup+0x3e
fffffadf`91094dd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxUnload+9c
fffffadf`8d0cc27a 803d9135fdff00 cmp byte ptr [rdbss!EnableWmiLog (fffffadf`8d09f812)],0

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: rdbss!RxUnload+9c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69a76

FAILURE_BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8000d56230, The pool entry we were looking for within the page.
Arg3: fffffa8000d562d0, The next pool entry.
Arg4: 00000000060a0108, (reserved)

Debugging Details:
------------------

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffffa8000d56230

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800011af36c to fffff8000102eb50

STACK_TEXT:
fffffadf`91094838 fffff800`011af36c : 00000000`00000019 00000000`00000020 fffffa80`00d56230 fffffa80`00d562d0 : nt!KeBugCheckEx
fffffadf`91094840 fffff800`0103c4c7 : fffffa80`00d56260 00000000`000010f4 fffffa80`00d56260 00000000`000010f4 : nt!ExFreePoolWithTag+0x45e
fffffadf`91094900 fffff800`0128be67 : fffffa80`036503d0 fffffa80`036503d0 fffffa80`00003e00 00000000`00000000 : nt!ObfDereferenceObject+0x83
fffffadf`91094930 fffff800`01288a24 : fffffadf`9cc89040 00000000`000010f4 fffffadf`9cc8d8e0 fffffadf`9cc89040 : nt!ObpCloseHandleTableEntry+0x24b
fffffadf`910949d0 fffff800`0102e5fd : fffffadf`9cc89040 fffffadf`91094ad0 fffffadf`9cc89040 00000000`00000000 : nt!ObpCloseHandle+0xb0
fffffadf`91094a50 fffff800`0102eac0 : fffff800`01312255 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
fffffadf`91094be8 fffff800`01312255 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiServiceLinkage
fffffadf`91094bf0 fffffadf`8d0cc27a : ffffffff`800010f4 fffff800`0131dc60 fffffadf`8d0a0150 fffffadf`8d0a0150 : nt!IoDeleteSymbolicLink+0x65
fffffadf`91094c50 fffff800`0131dc83 : fffffadf`9cc89040 fffffadf`90cab180 fffffadf`7eb8e8c0 fffffadf`7eb8e8c0 : rdbss!RxUnload+0x9c
fffffadf`91094c90 fffff800`010377ea : 00000000`00000000 fffffadf`7eb8e8c0 00000000`00000000 fffff800`011d1af8 : nt!IopLoadUnloadDriver+0x23
fffffadf`91094d00 fffff800`0124e922 : fffffadf`9cc89040 00000000`00000080 fffffadf`9cc89040 fffffadf`90ca36c0 : nt!ExpWorkerThread+0x13b
fffffadf`91094d70 fffff800`01020516 : fffffadf`90c9b180 fffffadf`9cc89040 fffffadf`90ca36c0 00000000`00000000 : nt!PspSystemThreadStartup+0x3e
fffffadf`91094dd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxUnload+9c
fffffadf`8d0cc27a 803d9135fdff00 cmp byte ptr [rdbss!EnableWmiLog (fffffadf`8d09f812)],0

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: rdbss!RxUnload+9c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69a76

FAILURE_BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa8000d56230, The pool entry we were looking for within the page.
Arg3: fffffa8000d562d0, The next pool entry.
Arg4: 00000000060a0108, (reserved)

Debugging Details:
------------------

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffffa8000d56230

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800011af36c to fffff8000102eb50

STACK_TEXT:
fffffadf`91094838 fffff800`011af36c : 00000000`00000019 00000000`00000020 fffffa80`00d56230 fffffa80`00d562d0 : nt!KeBugCheckEx
fffffadf`91094840 fffff800`0103c4c7 : fffffa80`00d56260 00000000`000010f4 fffffa80`00d56260 00000000`000010f4 : nt!ExFreePoolWithTag+0x45e
fffffadf`91094900 fffff800`0128be67 : fffffa80`036503d0 fffffa80`036503d0 fffffa80`00003e00 00000000`00000000 : nt!ObfDereferenceObject+0x83
fffffadf`91094930 fffff800`01288a24 : fffffadf`9cc89040 00000000`000010f4 fffffadf`9cc8d8e0 fffffadf`9cc89040 : nt!ObpCloseHandleTableEntry+0x24b
fffffadf`910949d0 fffff800`0102e5fd : fffffadf`9cc89040 fffffadf`91094ad0 fffffadf`9cc89040 00000000`00000000 : nt!ObpCloseHandle+0xb0
fffffadf`91094a50 fffff800`0102eac0 : fffff800`01312255 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
fffffadf`91094be8 fffff800`01312255 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiServiceLinkage
fffffadf`91094bf0 fffffadf`8d0cc27a : ffffffff`800010f4 fffff800`0131dc60 fffffadf`8d0a0150 fffffadf`8d0a0150 : nt!IoDeleteSymbolicLink+0x65
fffffadf`91094c50 fffff800`0131dc83 : fffffadf`9cc89040 fffffadf`90cab180 fffffadf`7eb8e8c0 fffffadf`7eb8e8c0 : rdbss!RxUnload+0x9c
fffffadf`91094c90 fffff800`010377ea : 00000000`00000000 fffffadf`7eb8e8c0 00000000`00000000 fffff800`011d1af8 : nt!IopLoadUnloadDriver+0x23
fffffadf`91094d00 fffff800`0124e922 : fffffadf`9cc89040 00000000`00000080 fffffadf`9cc89040 fffffadf`90ca36c0 : nt!ExpWorkerThread+0x13b
fffffadf`91094d70 fffff800`01020516 : fffffadf`90c9b180 fffffadf`9cc89040 fffffadf`90ca36c0 00000000`00000000 : nt!PspSystemThreadStartup+0x3e
fffffadf`91094dd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxUnload+9c
fffffadf`8d0cc27a 803d9135fdff00 cmp byte ptr [rdbss!EnableWmiLog (fffffadf`8d09f812)],0

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: rdbss!RxUnload+9c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69a76

FAILURE_BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

BUCKET_ID: X64_0x19_20_rdbss!RxUnload+9c

Followup: MachineOwner
---------


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #5 on: December 27, 2009, 07:38:38 PM »

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf91215770, fffffadf91215180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf91215770, Exception Record Address
Arg4: fffffadf91215180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf91215770 -- (.exr 0xfffffadf91215770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf91215180 -- (.cxr 0xfffffadf91215180)
rax=00000000000000ab rbx=00000000000031ab rcx=0000000000003100
rdx=000000000000000b rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf91215990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b26 r10=fffffadf96a8156c
r11=fffffadf96a814c0 r12=0000000000000000 r13=00000000000000b5
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? Huh

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf`91215990 fffffadf`8d2d9cf8 : fffffadf`98ca3010 fffffadf`99af50ac 00000000`6401a8c0 fffffadf`98350240 : tcpip!XsumSendChain+0x56
fffffadf`912159d0 fffffadf`8d2d9933 : 00000000`000000ad 00000000`c0000141 fffffadf`8d2d9ab0 00000000`c0000141 : tcpip!UDPSend+0x6e1
fffffadf`91215ad0 fffffadf`8d2da028 : fffffadf`99af5078 00000000`ce24957c 00000000`000000ad fffffadf`96a81bb8 : tcpip!TdiSendDatagram+0x196
fffffadf`91215b40 fffffadf`8d2eff92 : fffffadf`90c9d450 fffff800`011ad8fd fffffadf`96a81bb8 fffffadf`96a81aa0 : tcpip!UDPSendDatagram+0x68
fffffadf`91215ba0 fffffadf`8d7c6954 : 00000000`00000000 fffffadf`96a81aa0 00000000`0000f7ad fffffadf`96a81a11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf`91215bf0 00000000`00000000 : fffffadf`96a81aa0 00000000`0000f7ad fffffadf`96a81a11 00000000`00000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf91215180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner
---------


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #6 on: December 27, 2009, 07:42:04 PM »

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf91200770, fffffadf91200180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf91200770, Exception Record Address
Arg4: fffffadf91200180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf91200770 -- (.exr 0xfffffadf91200770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf91200180 -- (.cxr 0xfffffadf91200180)
rax=0000000000000053 rbx=0000000000004453 rcx=0000000000004400
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf91200990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf99131f64
r11=fffffadf99131f00 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? Huh

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf`91200990 fffffadf`8d2d9cf8 : fffffadf`99447680 fffffadf`99c140ac 00000000`6401a8c0 fffffadf`99998860 : tcpip!XsumSendChain+0x56
fffffadf`912009d0 fffffadf`8d2d9933 : 00000000`00000065 00000000`c0000141 fffffadf`8d2d9ab0 00000000`c0000141 : tcpip!UDPSend+0x6e1
fffffadf`91200ad0 fffffadf`8d2da028 : fffffadf`99c14078 00000000`83216151 00000000`00000065 fffffadf`99131e28 : tcpip!TdiSendDatagram+0x196
fffffadf`91200b40 fffffadf`8d2eff92 : 00000000`00000246 fffff800`011ad8fd fffffadf`99131e28 fffffadf`99131d10 : tcpip!UDPSendDatagram+0x68
fffffadf`91200ba0 fffffadf`8d7c6954 : 00000000`00000000 fffffadf`99131d10 00000000`0000ee63 fffffadf`99131d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf`91200bf0 00000000`00000000 : fffffadf`99131d10 00000000`0000ee63 fffffadf`99131d11 00000000`00000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf91200180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner
---------


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #7 on: December 27, 2009, 07:44:08 PM »

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf911f2770, fffffadf911f2180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911f2770, Exception Record Address
Arg4: fffffadf911f2180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911f2770 -- (.exr 0xfffffadf911f2770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911f2180 -- (.cxr 0xfffffadf911f2180)
rax=00000000000000fd rbx=0000000000006efd rcx=0000000000006e00
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911f2990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf97c89264
r11=fffffadf97c89200 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? Huh

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf`911f2990 fffffadf`8d2d9cf8 : fffffadf`983fe950 fffffadf`99b400ac 00000000`6401a8c0 fffffadf`98073010 : tcpip!XsumSendChain+0x56
fffffadf`911f29d0 fffffadf`8d2d9933 : 00000000`00000065 00000000`c0000141 fffffadf`8d2d9ab0 00000000`c0000141 : tcpip!UDPSend+0x6e1
fffffadf`911f2ad0 fffffadf`8d2da028 : fffffadf`99b40078 00000000`8162ac5f 00000000`00000065 fffffadf`97c89128 : tcpip!TdiSendDatagram+0x196
fffffadf`911f2b40 fffffadf`8d2eff92 : 00000000`00000000 00000000`13951f3d fffffadf`97c89128 fffffadf`97c89010 : tcpip!UDPSendDatagram+0x68
fffffadf`911f2ba0 fffffadf`8d7c6954 : 00000000`00000000 fffffadf`97c89010 00000000`0000ee63 fffffadf`97c89011 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf`911f2bf0 00000000`00000000 : fffffadf`97c89010 00000000`0000ee63 fffffadf`97c89011 00000000`00000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911f2180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911f2770, Exception Record Address
Arg4: fffffadf911f2180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911f2770 -- (.exr 0xfffffadf911f2770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911f2180 -- (.cxr 0xfffffadf911f2180)
rax=00000000000000fd rbx=0000000000006efd rcx=0000000000006e00
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911f2990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf97c89264
r11=fffffadf97c89200 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? Huh


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #8 on: December 27, 2009, 07:47:50 PM »

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d2dd865, fffffadf911e4770, fffffadf911e4180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 -- (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 -- (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? Huh

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d2d9cf8 to fffffadf8d2dd865

STACK_TEXT:
fffffadf`911e4990 fffffadf`8d2d9cf8 : fffffadf`988e6380 fffffadf`99b420ac 00000000`6401a8c0 fffffadf`99035460 : tcpip!XsumSendChain+0x56
fffffadf`911e49d0 fffffadf`8d2d9933 : 00000000`00000062 00000000`c0000141 fffffadf`8d2d9ab0 00000000`c0000141 : tcpip!UDPSend+0x6e1
fffffadf`911e4ad0 fffffadf`8d2da028 : fffffadf`99b42078 00000000`fdcbbddc 00000000`00000062 fffffadf`98b55e28 : tcpip!TdiSendDatagram+0x196
fffffadf`911e4b40 fffffadf`8d2eff92 : 00000000`00000000 00000000`fdcbbddc fffffadf`98b55e28 fffffadf`98b55d10 : tcpip!UDPSendDatagram+0x68
fffffadf`911e4ba0 fffffadf`8d7c6954 : 00000000`00000000 fffffadf`98b55d10 00000000`0000ee63 fffffadf`98b55d11 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf`911e4bf0 00000000`00000000 : fffffadf`98b55d10 00000000`0000ee63 fffffadf`98b55d11 00000000`00000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afc9dae

STACK_COMMAND: .cxr 0xfffffadf911e4180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d2dd865, The address that the exception occurred at
Arg3: fffffadf911e4770, Exception Record Address
Arg4: fffffadf911e4180, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf911e4770 -- (.exr 0xfffffadf911e4770)
ExceptionAddress: fffffadf8d2dd865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf911e4180 -- (.cxr 0xfffffadf911e4180)
rax=0000000000000062 rbx=000000000000b1d6 rcx=00000000559608cb
rdx=0000000000000004 rsi=0000000000000000 rdi=0000000001000000
rip=fffffadf8d2dd865 rsp=fffffadf911e4990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d2e1b0a r10=fffffadf98b55f62
r11=fffffadf98b55f00 r12=0000000000000000 r13=000000000000006a
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
tcpip!XsumSendChain+0x56:
fffffadf`8d2dd865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000`0100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8d7c6954 ?? Huh


	Logged

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #9 on: December 27, 2009, 07:49:46 PM »

BugCheck 50, {fffffa8009864000, 0, fffff97fff1819c4, 0}

Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1bb )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8009864000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff97fff1819c4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

Could not read faulting driver name

READ_ADDRESS: fffffa8009864000

FAULTING_IP:
win32k!NtUserfnINDEVICECHANGE+1bb
fffff97f`ff1819c4 8b4630 mov eax,dword ptr [rsi+30h]

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: winamp.exe

CURRENT_IRQL: 1

TRAP_FRAME: fffffadf8302abb0 -- (.trap 0xfffffadf8302abb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8009863fd0
rdx=0000000000000016 rsi=0000000000000000 rdi=0000000000000000
rip=fffff97fff1819c4 rsp=fffffadf8302ad40 rbp=00000000068ae8c0
r8=0000000000000000 r9=fffffa8009863fd0 r10=000003e800000000
r11=fffffa8009863fd0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
win32k!NtUserfnINDEVICECHANGE+0x1bb:
fffff97f`ff1819c4 8b4630 mov eax,dword ptr [rsi+30h] ds:ffff:00000000`00000030=? Huh

?
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800010a6acd to fffff8000102eb50

STACK_TEXT:
fffffadf`8302aad8 fffff800`010a6acd : 00000000`00000050 fffffa80`09864000 00000000`00000000 fffffadf`8302abb0 : nt!KeBugCheckEx
fffffadf`8302aae0 fffff800`0102d719 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0xa1f
fffffadf`8302abb0 fffff97f`ff1819c4 : 00000000`00000000 00000000`068ae8c0 00000000`00000000 00000000`0000002c : nt!KiPageFault+0x119
fffffadf`8302ad40 fffff97f`ff0a3bd1 : fffff97f`f628cf90 00000000`00121402 00000000`0000002c fffffa80`09863fd0 : win32k!NtUserfnINDEVICECHANGE+0x1bb
fffffadf`8302ade0 fffff800`0102e5fd : 00000000`00000000 00000000`00000000 fffffadf`9bcbdb80 00000000`00000000 : win32k!NtUserMessageCall+0x142
fffffadf`8302ae80 00000000`6b2b5e8a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`068ad6d8 fffff800`010267d0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6b2b5e8a
fffffadf`8302b280 00000000`00000000 : fffff800`01037e99 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCallUserMode

STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!NtUserfnINDEVICECHANGE+1bb
fffff97f`ff1819c4 8b4630 mov eax,dword ptr [rsi+30h]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: win32k!NtUserfnINDEVICECHANGE+1bb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a83ff89

FAILURE_BUCKET_ID: X64_0x50_win32k!NtUserfnINDEVICECHANGE+1bb

BUCKET_ID: X64_0x50_win32k!NtUserfnINDEVICECHANGE+1bb

Followup: MachineOwner
---------


	Logged

Ronny

Product Translator
Global Moderator
Comodo's Hero

Offline

Posts: 6374

Volunteer Moderator

Re: CIS BSOD

« Reply #10 on: December 28, 2009, 06:40:27 AM »

Hi freshhh,

Do you have ANY other security software installed no matter real-time or on demand?

And any other software that get's remotely close to network activity like Netlimiter to control or monitor bandwidth usage, network monitoring tools etc?

What's the type of network adapter you have in the system?


	Logged

Volunteer Moderator
Any concerns? Please send me a PM and/or review the Forum Policy - update 1st March 2010!

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #11 on: December 28, 2009, 02:40:18 PM »

thanks for ur reply

I do have NetLimiter x64 installed.
+
IObit Advanced SystemCare PRO

but no other real-time security software (or even no other security software loaded in memory).

Is there a compatibility issue with NetLimiter? I haven't used much lately (nothing is limited) but I can disable/uninstall it for a while if you ask me to do it...

Others "special" things I've used before :

patched tcpip.sys with :

TCP-Z V2.6.2.75
Universal Tcpip.sys Patch v1.2
Half-open limit fix v4.1

Universal Theme Patcher

Winamp Now Playing Plugin
Messenger Plus! Music Now Playing 1.3.4


	Logged

Ronny

Product Translator
Global Moderator
Comodo's Hero

Offline

Posts: 6374

Volunteer Moderator

Re: CIS BSOD

« Reply #12 on: December 28, 2009, 03:00:32 PM »

Can you post the exact versions of NetLimiter and IOBit?
As posted before I'm not a developer nor Comodo Staff but we have to do some deduction here.

Based on this we have 3 potential suspects
-NetLimiter
-Patched tcpip.sys
-IOBit

How often do these BSOD's appear? would it take long to try these one at a time to see which conflict?


	Logged

Volunteer Moderator
Any concerns? Please send me a PM and/or review the Forum Policy - update 1st March 2010!

freshhh

Comodo Loves me

Offline

Posts: 150

Re: CIS BSOD

« Reply #13 on: December 28, 2009, 03:09:08 PM »

Comodo :

Antivirus : Disabled
Defense : Perm. Disabled

NetLimiter v2.0.10.1
IObit Advanced SystemCare PRO v3.x (any)

I dont think it might be IObit because even before I used to have BSOD...

Frequency is hard to tell (1 to 3x a day or 1x a week!).


	Logged

Tags:

Pages: [1]

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.174 seconds with 21 queries.

Design by 7dana.com