BSOD Comodo cmdhlp.sys BugCheck 1000007E

BSOD Comodo cmdhlp.sys BugCheck 1000007E

Windows XP PRO x64
fully updated
CIS_Setup_3.10.102363.531_XP_Vista_x64 (uninstalled previous / clean install)
GDATA ANTIVIRUS (disabled)
Advanced System Care Pro

Happened two times only today !


Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_qfe.090319-1204
Machine Name:
Kernel base = 0xfffff80001000000 PsLoadedModuleList = 0xfffff800011d8280
Debug session time: Mon Jul 13 01:54:59.234 2009 (GMT+2)
System Uptime: 0 days 2:15:45.361
Loading Kernel Symbols



Loading User Symbols
Loading unloaded module list


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffffadf8d820865, fffffadf8fd7d770, fffffadf8fd7d180}

Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )

Followup: MachineOwner

3: kd> !analyze -v


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d820865, The address that the exception occurred at
Arg3: fffffadf8fd7d770, Exception Record Address
Arg4: fffffadf8fd7d180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d820865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf8fd7d770 – (.exr 0xfffffadf8fd7d770)
ExceptionAddress: fffffadf8d820865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf8fd7d180 – (.cxr 0xfffffadf8fd7d180)
rax=000000000000000e rbx=000000000000250e rcx=0000000000002500
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d820865 rsp=fffffadf8fd7d990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d824b0a r10=fffffadf9847ea24
r11=fffffadf9847e9c0 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d820865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8f151954 ??

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d81ccf8 to fffffadf8d820865

STACK_TEXT:
fffffadf8fd7d990 fffffadf8d81ccf8 : fffffadf9c1eeb00 fffffadf9a0bc0ac 000000006401a8c0 fffffadf98b26010 : tcpip!XsumSendChain+0x56
fffffadf8fd7d9d0 fffffadf8d81c933 : 0000000000000065 00000000c0000141 fffffadf8d81cab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf8fd7dad0 fffffadf8d81d028 : fffffadf9a0bc078 00000000095d8bdc 0000000000000065 fffffadf9847e8e8 : tcpip!TdiSendDatagram+0x196
fffffadf8fd7db40 fffffadf8d832f92 : fffffadf90cbd450 fffff800011ad8fd fffffadf9847e8e8 fffffadf9847e7d0 : tcpip!UDPSendDatagram+0x68
fffffadf8fd7dba0 fffffadf8f151954 : 0000000000000000 fffffadf9847e7d0 00000000000027ce fffffadf9847e711 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf8fd7dbf0 0000000000000000 : fffffadf9847e7d0 00000000000027ce fffffadf9847e711 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a4b4dd6

STACK_COMMAND: .cxr 0xfffffadf8fd7d180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

3: kd> !analyze -v


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d820865, The address that the exception occurred at
Arg3: fffffadf8fd7d770, Exception Record Address
Arg4: fffffadf8fd7d180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d820865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf8fd7d770 – (.exr 0xfffffadf8fd7d770)
ExceptionAddress: fffffadf8d820865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf8fd7d180 – (.cxr 0xfffffadf8fd7d180)
rax=000000000000000e rbx=000000000000250e rcx=0000000000002500
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d820865 rsp=fffffadf8fd7d990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d824b0a r10=fffffadf9847ea24
r11=fffffadf9847e9c0 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d820865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8f151954 ??

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d81ccf8 to fffffadf8d820865

STACK_TEXT:
fffffadf8fd7d990 fffffadf8d81ccf8 : fffffadf9c1eeb00 fffffadf9a0bc0ac 000000006401a8c0 fffffadf98b26010 : tcpip!XsumSendChain+0x56
fffffadf8fd7d9d0 fffffadf8d81c933 : 0000000000000065 00000000c0000141 fffffadf8d81cab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf8fd7dad0 fffffadf8d81d028 : fffffadf9a0bc078 00000000095d8bdc 0000000000000065 fffffadf9847e8e8 : tcpip!TdiSendDatagram+0x196
fffffadf8fd7db40 fffffadf8d832f92 : fffffadf90cbd450 fffff800011ad8fd fffffadf9847e8e8 fffffadf9847e7d0 : tcpip!UDPSendDatagram+0x68
fffffadf8fd7dba0 fffffadf8f151954 : 0000000000000000 fffffadf9847e7d0 00000000000027ce fffffadf9847e711 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf8fd7dbf0 0000000000000000 : fffffadf9847e7d0 00000000000027ce fffffadf9847e711 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a4b4dd6

STACK_COMMAND: .cxr 0xfffffadf8fd7d180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

3: kd> !analyze -v


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d820865, The address that the exception occurred at
Arg3: fffffadf8fd7d770, Exception Record Address
Arg4: fffffadf8fd7d180, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d820865 f6470a05 test byte ptr [rdi+0Ah],5

EXCEPTION_RECORD: fffffadf8fd7d770 – (.exr 0xfffffadf8fd7d770)
ExceptionAddress: fffffadf8d820865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a

CONTEXT: fffffadf8fd7d180 – (.cxr 0xfffffadf8fd7d180)
rax=000000000000000e rbx=000000000000250e rcx=0000000000002500
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d820865 rsp=fffffadf8fd7d990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d824b0a r10=fffffadf9847ea24
r11=fffffadf9847e9c0 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d820865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:000000000100000a=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000000000100000a

READ_ADDRESS: 000000000100000a

FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8f151954 ??

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from fffffadf8d81ccf8 to fffffadf8d820865

STACK_TEXT:
fffffadf8fd7d990 fffffadf8d81ccf8 : fffffadf9c1eeb00 fffffadf9a0bc0ac 000000006401a8c0 fffffadf98b26010 : tcpip!XsumSendChain+0x56
fffffadf8fd7d9d0 fffffadf8d81c933 : 0000000000000065 00000000c0000141 fffffadf8d81cab0 00000000c0000141 : tcpip!UDPSend+0x6e1
fffffadf8fd7dad0 fffffadf8d81d028 : fffffadf9a0bc078 00000000095d8bdc 0000000000000065 fffffadf9847e8e8 : tcpip!TdiSendDatagram+0x196
fffffadf8fd7db40 fffffadf8d832f92 : fffffadf90cbd450 fffff800011ad8fd fffffadf9847e8e8 fffffadf9847e7d0 : tcpip!UDPSendDatagram+0x68
fffffadf8fd7dba0 fffffadf8f151954 : 0000000000000000 fffffadf9847e7d0 00000000000027ce fffffadf9847e711 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf8fd7dbf0 0000000000000000 : fffffadf9847e7d0 00000000000027ce fffffadf9847e711 0000000000000000 : cmdhlp+0x2954

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: cmdhlp+2954

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdhlp

IMAGE_NAME: cmdhlp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a4b4dd6

STACK_COMMAND: .cxr 0xfffffadf8fd7d180 ; kb

FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954

BUCKET_ID: X64_0x7E_cmdhlp+2954

Followup: MachineOwner

[attachment deleted by admin]

Removed [NOT SOLVED] from the title field for being pushy as the report was filed today.

ok but i never had any chance to get an answer to any of all my previous dumps that ive posted before months ago! ???

I am afraid that is how things work when submitting bugs. It doesn’t only happen with Comodo but also with other software vendors. Sorry for being the bringer of bad news… 88)

this is sad… >90% of the time i always had answers from others firms…

[attachment deleted by admin]