BSOD Comodo cmdhlp.sys BugCheck 1000007E
Windows XP PRO x64
fully updated
CIS_Setup_3.10.102363.531_XP_Vista_x64 (uninstalled previous / clean install)
GDATA ANTIVIRUS (disabled)
Advanced System Care Pro
Happened two times only today !
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_qfe.090319-1204
Machine Name:
Kernel base = 0xfffff80001000000 PsLoadedModuleList = 0xfffff800
011d8280
Debug session time: Mon Jul 13 01:54:59.234 2009 (GMT+2)
System Uptime: 0 days 2:15:45.361
Loading Kernel Symbols
…
…
…
Loading User Symbols
Loading unloaded module list
…
-
*
-
Bugcheck Analysis *
-
*
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffffadf8d820865, fffffadf8fd7d770, fffffadf8fd7d180}
Unable to load image cmdhlp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmdhlp.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys
Probably caused by : cmdhlp.sys ( cmdhlp+2954 )
Followup: MachineOwner
3: kd> !analyze -v
-
*
-
Bugcheck Analysis *
-
*
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d820865, The address that the exception occurred at
Arg3: fffffadf8fd7d770, Exception Record Address
Arg4: fffffadf8fd7d180, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d820865 f6470a05 test byte ptr [rdi+0Ah],5
EXCEPTION_RECORD: fffffadf8fd7d770 – (.exr 0xfffffadf8fd7d770)
ExceptionAddress: fffffadf8d820865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a
CONTEXT: fffffadf8fd7d180 – (.cxr 0xfffffadf8fd7d180)
rax=000000000000000e rbx=000000000000250e rcx=0000000000002500
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d820865 rsp=fffffadf8fd7d990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d824b0a r10=fffffadf9847ea24
r11=fffffadf9847e9c0 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d820865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000
0100000a=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000100000a
READ_ADDRESS: 000000000100000a
FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8f151954 ??
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffffadf8d81ccf8 to fffffadf8d820865
STACK_TEXT:
fffffadf8fd7d990 fffffadf
8d81ccf8 : fffffadf9c1eeb00 fffffadf
9a0bc0ac 000000006401a8c0 fffffadf
98b26010 : tcpip!XsumSendChain+0x56
fffffadf8fd7d9d0 fffffadf
8d81c933 : 0000000000000065 00000000
c0000141 fffffadf8d81cab0 00000000
c0000141 : tcpip!UDPSend+0x6e1
fffffadf8fd7dad0 fffffadf
8d81d028 : fffffadf9a0bc078 00000000
095d8bdc 0000000000000065 fffffadf
9847e8e8 : tcpip!TdiSendDatagram+0x196
fffffadf8fd7db40 fffffadf
8d832f92 : fffffadf90cbd450 fffff800
011ad8fd fffffadf9847e8e8 fffffadf
9847e7d0 : tcpip!UDPSendDatagram+0x68
fffffadf8fd7dba0 fffffadf
8f151954 : 0000000000000000 fffffadf
9847e7d0 00000000000027ce fffffadf
9847e711 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf8fd7dbf0 00000000
00000000 : fffffadf9847e7d0 00000000
000027ce fffffadf9847e711 00000000
00000000 : cmdhlp+0x2954
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: cmdhlp+2954
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cmdhlp
IMAGE_NAME: cmdhlp.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a4b4dd6
STACK_COMMAND: .cxr 0xfffffadf8fd7d180 ; kb
FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954
BUCKET_ID: X64_0x7E_cmdhlp+2954
Followup: MachineOwner
3: kd> !analyze -v
-
*
-
Bugcheck Analysis *
-
*
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d820865, The address that the exception occurred at
Arg3: fffffadf8fd7d770, Exception Record Address
Arg4: fffffadf8fd7d180, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d820865 f6470a05 test byte ptr [rdi+0Ah],5
EXCEPTION_RECORD: fffffadf8fd7d770 – (.exr 0xfffffadf8fd7d770)
ExceptionAddress: fffffadf8d820865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a
CONTEXT: fffffadf8fd7d180 – (.cxr 0xfffffadf8fd7d180)
rax=000000000000000e rbx=000000000000250e rcx=0000000000002500
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d820865 rsp=fffffadf8fd7d990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d824b0a r10=fffffadf9847ea24
r11=fffffadf9847e9c0 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d820865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000
0100000a=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000100000a
READ_ADDRESS: 000000000100000a
FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8f151954 ??
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffffadf8d81ccf8 to fffffadf8d820865
STACK_TEXT:
fffffadf8fd7d990 fffffadf
8d81ccf8 : fffffadf9c1eeb00 fffffadf
9a0bc0ac 000000006401a8c0 fffffadf
98b26010 : tcpip!XsumSendChain+0x56
fffffadf8fd7d9d0 fffffadf
8d81c933 : 0000000000000065 00000000
c0000141 fffffadf8d81cab0 00000000
c0000141 : tcpip!UDPSend+0x6e1
fffffadf8fd7dad0 fffffadf
8d81d028 : fffffadf9a0bc078 00000000
095d8bdc 0000000000000065 fffffadf
9847e8e8 : tcpip!TdiSendDatagram+0x196
fffffadf8fd7db40 fffffadf
8d832f92 : fffffadf90cbd450 fffff800
011ad8fd fffffadf9847e8e8 fffffadf
9847e7d0 : tcpip!UDPSendDatagram+0x68
fffffadf8fd7dba0 fffffadf
8f151954 : 0000000000000000 fffffadf
9847e7d0 00000000000027ce fffffadf
9847e711 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf8fd7dbf0 00000000
00000000 : fffffadf9847e7d0 00000000
000027ce fffffadf9847e711 00000000
00000000 : cmdhlp+0x2954
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: cmdhlp+2954
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cmdhlp
IMAGE_NAME: cmdhlp.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a4b4dd6
STACK_COMMAND: .cxr 0xfffffadf8fd7d180 ; kb
FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954
BUCKET_ID: X64_0x7E_cmdhlp+2954
Followup: MachineOwner
3: kd> !analyze -v
-
*
-
Bugcheck Analysis *
-
*
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadf8d820865, The address that the exception occurred at
Arg3: fffffadf8fd7d770, Exception Record Address
Arg4: fffffadf8fd7d180, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
FAULTING_IP:
tcpip!XsumSendChain+56
fffffadf`8d820865 f6470a05 test byte ptr [rdi+0Ah],5
EXCEPTION_RECORD: fffffadf8fd7d770 – (.exr 0xfffffadf8fd7d770)
ExceptionAddress: fffffadf8d820865 (tcpip!XsumSendChain+0x0000000000000056)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000100000a
Attempt to read from address 000000000100000a
CONTEXT: fffffadf8fd7d180 – (.cxr 0xfffffadf8fd7d180)
rax=000000000000000e rbx=000000000000250e rcx=0000000000002500
rdx=0000000000000004 rsi=0000000000000001 rdi=0000000001000000
rip=fffffadf8d820865 rsp=fffffadf8fd7d990 rbp=0000000000000000
r8=0000000000000000 r9=fffffadf8d824b0a r10=fffffadf9847ea24
r11=fffffadf9847e9c0 r12=0000000000000000 r13=000000000000006d
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
tcpip!XsumSendChain+0x56:
fffffadf8d820865 f6470a05 test byte ptr [rdi+0Ah],5 ds:002b:00000000
0100000a=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000100000a
READ_ADDRESS: 000000000100000a
FOLLOWUP_IP:
cmdhlp+2954
fffffadf`8f151954 ??
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffffadf8d81ccf8 to fffffadf8d820865
STACK_TEXT:
fffffadf8fd7d990 fffffadf
8d81ccf8 : fffffadf9c1eeb00 fffffadf
9a0bc0ac 000000006401a8c0 fffffadf
98b26010 : tcpip!XsumSendChain+0x56
fffffadf8fd7d9d0 fffffadf
8d81c933 : 0000000000000065 00000000
c0000141 fffffadf8d81cab0 00000000
c0000141 : tcpip!UDPSend+0x6e1
fffffadf8fd7dad0 fffffadf
8d81d028 : fffffadf9a0bc078 00000000
095d8bdc 0000000000000065 fffffadf
9847e8e8 : tcpip!TdiSendDatagram+0x196
fffffadf8fd7db40 fffffadf
8d832f92 : fffffadf90cbd450 fffff800
011ad8fd fffffadf9847e8e8 fffffadf
9847e7d0 : tcpip!UDPSendDatagram+0x68
fffffadf8fd7dba0 fffffadf
8f151954 : 0000000000000000 fffffadf
9847e7d0 00000000000027ce fffffadf
9847e711 : tcpip!TCPDispatchInternalDeviceControl+0x256
fffffadf8fd7dbf0 00000000
00000000 : fffffadf9847e7d0 00000000
000027ce fffffadf9847e711 00000000
00000000 : cmdhlp+0x2954
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: cmdhlp+2954
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cmdhlp
IMAGE_NAME: cmdhlp.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a4b4dd6
STACK_COMMAND: .cxr 0xfffffadf8fd7d180 ; kb
FAILURE_BUCKET_ID: X64_0x7E_cmdhlp+2954
BUCKET_ID: X64_0x7E_cmdhlp+2954
Followup: MachineOwner
[attachment deleted by admin]