BSOD , possible Avast AV issue

TaterTot · 05 Mar 2012

Hi,

My dump file is pretty large and I'm trying to figure this out using Windbg. I set the symbols path and opened the crash dump. First off I don't understand the "triage" errors but from what I read it only effect user-mode. So possibly the debug is okay. Not sure though what I'm looking at. Perhaps someone has some better insight or advice.

bsod output report and health report attached as requested

This is a new install of Windows 7 Pro. Windbg as follows.
Thank you,
TT

Microsoft (R) Windows Debugger Version 6.2.8229.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03011000 PsLoadedModuleList = 0xfffff800`03256670
Debug session time: Mon Mar 5 13:42:20.170 2012 (UTC - 7:00)
System Uptime: 0 days 4:03:07.824
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\oca.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\winxp\triage.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\user.ini, error 2
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {c08a5, 0, 0, 0}

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
Probably caused by : Ntfs.sys ( Ntfs!NtfsPagingFileIo+155 )

Followup: MachineOwner
---------

windbg> .hh dbgerr001
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000000c08a5
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0x24

PROCESS_NAME: avast.setup

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff880012541d5 to fffff8000308dc40

STACK_TEXT:
fffff880`0d71ce78 fffff880`012541d5 : 00000000`00000024 00000000`000c08a5 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff880`0d71ce80 fffff880`01253e28 : 00000001`00000000 00000000`00000000 00000000`00000000 00000fa8`003ea000 : Ntfs!NtfsPagingFileIo+0x155
fffff880`0d71cf80 fffff880`01052bcf : fffffa80`0acf3b90 fffffa80`0acf37f0 fffffa80`04c34bb0 00000000`00000000 : Ntfs! ?? ::FNODOBFM::`string'+0x8ba9
fffff880`0d71d030 fffff880`010516df : fffffa80`04964900 fffffa80`06d5b000 fffffa80`04964900 fffffa80`0acf37f0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0d71d0c0 fffff800`030b5bc5 : fffffa80`0acf3810 fffffa80`04a2b070 fffffa80`0455c0d0 fffff880`02f63180 : fltmgr!FltpDispatch+0xcf
fffff880`0d71d120 fffff800`030b5699 : 00000000`00000000 00000000`00000000 fffffa80`0455c010 fffffa80`0455c010 : nt!IoPageRead+0x255
fffff880`0d71d1b0 fffff800`0309bf59 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255
fffff880`0d71d280 fffff800`030a44f0 : 00000000`00000000 fffff980`241c0000 00000000`00000000 fffffa80`06d5b060 : nt!MmAccessFault+0x1399
fffff880`0d71d3e0 fffff800`0307cc1e : fffff980`241c0000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmCheckCachedPageStates+0x910
fffff880`0d71d590 fffff800`03377e10 : fffffa80`00000000 00000000`00000000 fffffa80`04db2ae0 00000000`0176caf8 : nt!CcFetchDataForRead+0x10e
fffff880`0d71d5f0 fffff880`0125c730 : fffff8a0`00000001 fffff880`00000005 fffffa80`00040000 fffff880`012af001 : nt!CcCopyRead+0x180
fffff880`0d71d6b0 fffff880`0125cda3 : 00000000`00000000 fffff8a0`09c7ec70 fffff880`0d71d8e0 fffff880`0d71d7d8 : Ntfs!NtfsCachedRead+0x180
fffff880`0d71d710 fffff880`0125ea68 : fffffa80`080c5940 fffffa80`06936a50 fffff880`0d71d801 fffffa80`03fa6600 : Ntfs!NtfsCommonRead+0x583
fffff880`0d71d8b0 fffff880`01052bcf : fffffa80`06936df0 fffffa80`06936a50 fffffa80`03fa66c0 00000000`00000001 : Ntfs!NtfsFsdRead+0x1b8
fffff880`0d71d960 fffff880`010516df : fffffa80`04964900 00000000`00000001 fffffa80`04964900 fffffa80`06936a50 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0d71d9f0 fffff800`0339621b : 00000000`00000000 fffffa80`04db2ae0 00000000`00000001 fffffa80`06936a50 : fltmgr!FltpDispatch+0xcf
fffff880`0d71da50 fffff800`03377b63 : fffffa80`04db2ae0 fffffa80`04db2ae0 fffffa80`04db2ae0 fffff880`02f63180 : nt!IopSynchronousServiceTail+0xfb
fffff880`0d71dac0 fffff800`0308ced3 : 00000000`00000380 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631
fffff880`0d71dbb0 00000000`746f2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0024e648 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x746f2e09

STACK_COMMAND: kb

FOLLOWUP_IP:
Ntfs!NtfsPagingFileIo+155
fffff880`012541d5 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: Ntfs!NtfsPagingFileIo+155

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME: Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b

FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsPagingFileIo+155

BUCKET_ID: X64_0x24_Ntfs!NtfsPagingFileIo+155

Followup: MachineOwner

zigzag3143 · 05 Mar 2012

Two issues

!-Avast

Avast can be a contributing cause of BSOD'S . Please remove and replace with Microsoft Security Essentials AT LEAST TO TEST

http://files.avast.com/files/eng/aswclear5.exe

Microsoft Security Essentials - Free Antivirus for Windows

2-asacpi.sys

Asacpi.sys

The pre 2009 version of this driver is a known BSOD cause.

Please visit this link: Asus tek computer inc. -support- drivers and download p7p55d le

ASUSTeK Computer Inc. -Support- Drivers and Download P7P55D LE
ASUSTeK Computer Inc. - Motherboards- ASUS P5K-VM

Scroll down to the utilities category, then scroll down to the "atk0110 driver for windowsxp/vista/windows 7 32&64-bit" (it's about the 12th item down).

Download and install it.

Go to c:\windows\system32\drivers to check and make sure that the asacpi.sys file is date stamped from 2009 or 2010 (not before).

TaterTot · 06 Mar 2012

Thanks for the quick help. I went ahead and ran the asus driver. The one on the system was from 2005. I think I'll see how things behave over the next few days with the updated driver before getting rid of Avast.

TaterTot · 10 Mar 2012

The system has been running without blue screens however it is now freezing up regularly. Nothing but a reset will bring it back. Any suggestions since there is no report generated when this happens ?

TIA
TT

TaterTot · 10 Mar 2012

I am also noticing some odd messages in my event log around my ATI driver -The card seems to be working fine but perhaps I need to reinstall the drivers and CCC ?

Log Name: ACEEventLog
Source: ACEEventLogSource
Date: 3/10/2012 7:47:27 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Owner-PC
Description:
0000000035: 2012-03-10 19:47:27:899 FAILED:ADL_Display_SLSGrid_Caps and return value is: -1
Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::CheckSLSSupported processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Caste.Graphics.Runtime, Version=3.5.4356.39830, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ACEEventLogSource" />
<EventID Qualifiers="0">0</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-11T02:47:27.000000000Z" />
<EventRecordID>1924</EventRecordID>
<Channel>ACEEventLog</Channel>
<Computer>Owner-PC</Computer>
<Security />
</System>
<EventData>
<Data>0000000035: 2012-03-10 19:47:27:899 FAILED:ADL_Display_SLSGrid_Caps and return value is: -1
Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::CheckSLSSupported processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Caste.Graphics.Runtime, Version=3.5.4356.39830, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------
</Data>
</EventData>
</Event>

Log Name: ACEEventLog
Source: ACEEventLogSource
Date: 3/10/2012 7:47:27 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Owner-PC
Description:
0000000036: 2012-03-10 19:47:27:993 FAILED:ADL_Display_DpMstInfo_Get with status:-8For Adapter Index :1
Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::RefreshDisplaysManagerAdapter processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Caste.Graphics.Runtime, Version=3.5.4356.39830, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ACEEventLogSource" />
<EventID Qualifiers="0">0</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-11T02:47:27.000000000Z" />
<EventRecordID>1925</EventRecordID>
<Channel>ACEEventLog</Channel>
<Computer>Owner-PC</Computer>
<Security />
</System>
<EventData>
<Data>0000000036: 2012-03-10 19:47:27:993 FAILED:ADL_Display_DpMstInfo_Get with status:-8For Adapter Index :1
Error Called by: ATI.ACE.CLI.Caste.Graphics.Runtime.RT_GraphicsAdapter_N::RefreshDisplaysManagerAdapter processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Caste.Graphics.Runtime, Version=3.5.4356.39830, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------
</Data>
</EventData>
</Event>

Log Name: ACEEventLog
Source: ACEEventLogSource
Date: 3/10/2012 7:47:28 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Owner-PC
Description:
0000000037: 2012-03-10 19:47:28:220 _IDEMDeviceDFP2Settings_0812.GetDFP2ITCFlag failed with status 2
Error Called by: ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::PrivateRefresh processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Aspect.DeviceDFP.Graphics.Runtime, Version=3.5.4356.39850, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ACEEventLogSource" />
<EventID Qualifiers="0">0</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-11T02:47:28.000000000Z" />
<EventRecordID>1926</EventRecordID>
<Channel>ACEEventLog</Channel>
<Computer>Owner-PC</Computer>
<Security />
</System>
<EventData>
<Data>0000000037: 2012-03-10 19:47:28:220 _IDEMDeviceDFP2Settings_0812.GetDFP2ITCFlag failed with status 2
Error Called by: ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::PrivateRefresh processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Aspect.DeviceDFP.Graphics.Runtime, Version=3.5.4356.39850, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------
</Data>
</EventData>
</Event>

Log Name: ACEEventLog
Source: ACEEventLogSource
Date: 3/10/2012 7:47:28 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Owner-PC
Description:
0000000038: 2012-03-10 19:47:28:221 FAILED: ADL.ADL.ADL_DFP_AllowOnlyCETimings_Get
Error Called by: ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::PrivateRefresh processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Aspect.DeviceDFP.Graphics.Runtime, Version=3.5.4356.39850, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ACEEventLogSource" />
<EventID Qualifiers="0">0</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-11T02:47:28.000000000Z" />
<EventRecordID>1927</EventRecordID>
<Channel>ACEEventLog</Channel>
<Computer>Owner-PC</Computer>
<Security />
</System>
<EventData>
<Data>0000000038: 2012-03-10 19:47:28:221 FAILED: ADL.ADL.ADL_DFP_AllowOnlyCETimings_Get
Error Called by: ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::PrivateRefresh processID:04152 threadID

) domainName

CCC.exe ) assemblyName

CLI.Aspect.DeviceDFP.Graphics.Runtime, Version=3.5.4356.39850, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
------------------------------------------------------------------------------------------------------------------------
</Data>
</EventData>
</Event>

Log Name: ACEEventLog
Source: ACEEventLogSource
Date: 3/10/2012 7:47:30 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Owner-PC
Description:
0000000039: 2012-03-10 19:47:30:304 Exception <Saving Xml Document>: Access to the path 'C:\ProgramData\ATI\ACE\Profiles.xml' is denied.
Exception Called by: ATI.ACE.APM.Server.XmlDocumentSaver::SaverWorker processID:04152 threadID

) domainName

CCC.exe ) assemblyName

APM.Server, Version=3.5.4356.39826, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
**************************************************************************************************** ********************

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ACEEventLogSource" />
<EventID Qualifiers="0">0</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-11T02:47:30.000000000Z" />
<EventRecordID>1928</EventRecordID>
<Channel>ACEEventLog</Channel>
<Computer>Owner-PC</Computer>
<Security />
</System>
<EventData>
<Data>0000000039: 2012-03-10 19:47:30:304 Exception <Saving Xml Document>: Access to the path 'C:\ProgramData\ATI\ACE\Profiles.xml' is denied.
Exception Called by: ATI.ACE.APM.Server.XmlDocumentSaver::SaverWorker processID:04152 threadID

) domainName

CCC.exe ) assemblyName

APM.Server, Version=3.5.4356.39826, Culture=neutral, PublicKeyToken=90ba9c70f846762e)
**************************************************************************************************** ********************
</Data>
</EventData>
</Event>