New
#1
BSOD , possible Avast AV issue
Hi,
My dump file is pretty large and I'm trying to figure this out using Windbg. I set the symbols path and opened the crash dump. First off I don't understand the "triage" errors but from what I read it only effect user-mode. So possibly the debug is okay. Not sure though what I'm looking at. Perhaps someone has some better insight or advice.
bsod output report and health report attached as requested
This is a new install of Windows 7 Pro. Windbg as follows.
Thank you,
TT
Microsoft (R) Windows Debugger Version 6.2.8229.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03011000 PsLoadedModuleList = 0xfffff800`03256670
Debug session time: Mon Mar 5 13:42:20.170 2012 (UTC - 7:00)
System Uptime: 0 days 4:03:07.824
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\oca.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\winxp\triage.ini, error 2
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\user.ini, error 2
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {c08a5, 0, 0, 0}
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
Probably caused by : Ntfs.sys ( Ntfs!NtfsPagingFileIo+155 )
Followup: MachineOwner
---------
windbg> .hh dbgerr001
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000000c08a5
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x24
PROCESS_NAME: avast.setup
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff880012541d5 to fffff8000308dc40
STACK_TEXT:
fffff880`0d71ce78 fffff880`012541d5 : 00000000`00000024 00000000`000c08a5 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff880`0d71ce80 fffff880`01253e28 : 00000001`00000000 00000000`00000000 00000000`00000000 00000fa8`003ea000 : Ntfs!NtfsPagingFileIo+0x155
fffff880`0d71cf80 fffff880`01052bcf : fffffa80`0acf3b90 fffffa80`0acf37f0 fffffa80`04c34bb0 00000000`00000000 : Ntfs! ?? ::FNODOBFM::`string'+0x8ba9
fffff880`0d71d030 fffff880`010516df : fffffa80`04964900 fffffa80`06d5b000 fffffa80`04964900 fffffa80`0acf37f0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0d71d0c0 fffff800`030b5bc5 : fffffa80`0acf3810 fffffa80`04a2b070 fffffa80`0455c0d0 fffff880`02f63180 : fltmgr!FltpDispatch+0xcf
fffff880`0d71d120 fffff800`030b5699 : 00000000`00000000 00000000`00000000 fffffa80`0455c010 fffffa80`0455c010 : nt!IoPageRead+0x255
fffff880`0d71d1b0 fffff800`0309bf59 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255
fffff880`0d71d280 fffff800`030a44f0 : 00000000`00000000 fffff980`241c0000 00000000`00000000 fffffa80`06d5b060 : nt!MmAccessFault+0x1399
fffff880`0d71d3e0 fffff800`0307cc1e : fffff980`241c0000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmCheckCachedPageStates+0x910
fffff880`0d71d590 fffff800`03377e10 : fffffa80`00000000 00000000`00000000 fffffa80`04db2ae0 00000000`0176caf8 : nt!CcFetchDataForRead+0x10e
fffff880`0d71d5f0 fffff880`0125c730 : fffff8a0`00000001 fffff880`00000005 fffffa80`00040000 fffff880`012af001 : nt!CcCopyRead+0x180
fffff880`0d71d6b0 fffff880`0125cda3 : 00000000`00000000 fffff8a0`09c7ec70 fffff880`0d71d8e0 fffff880`0d71d7d8 : Ntfs!NtfsCachedRead+0x180
fffff880`0d71d710 fffff880`0125ea68 : fffffa80`080c5940 fffffa80`06936a50 fffff880`0d71d801 fffffa80`03fa6600 : Ntfs!NtfsCommonRead+0x583
fffff880`0d71d8b0 fffff880`01052bcf : fffffa80`06936df0 fffffa80`06936a50 fffffa80`03fa66c0 00000000`00000001 : Ntfs!NtfsFsdRead+0x1b8
fffff880`0d71d960 fffff880`010516df : fffffa80`04964900 00000000`00000001 fffffa80`04964900 fffffa80`06936a50 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0d71d9f0 fffff800`0339621b : 00000000`00000000 fffffa80`04db2ae0 00000000`00000001 fffffa80`06936a50 : fltmgr!FltpDispatch+0xcf
fffff880`0d71da50 fffff800`03377b63 : fffffa80`04db2ae0 fffffa80`04db2ae0 fffffa80`04db2ae0 fffff880`02f63180 : nt!IopSynchronousServiceTail+0xfb
fffff880`0d71dac0 fffff800`0308ced3 : 00000000`00000380 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631
fffff880`0d71dbb0 00000000`746f2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0024e648 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x746f2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
Ntfs!NtfsPagingFileIo+155
fffff880`012541d5 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Ntfs!NtfsPagingFileIo+155
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsPagingFileIo+155
BUCKET_ID: X64_0x24_Ntfs!NtfsPagingFileIo+155
Followup: MachineOwner
Last edited by TaterTot; 05 Mar 2012 at 21:09. Reason: attach files