Watching online stream video, computer crashed twice due to BSOD

Arc · 17 Feb 2013

You wait for another system crash, and you use any system cleanup tool like CClener, dont run that before uploading the next crash dump.

tjkok · 17 Feb 2013

Okies, thanks! Hopefully no other BSOD will occur though ....

tjkok · 04 Aug 2013

Hi hi

A new BSOD occurred, this time while running Malwarebytes, appreciate any assistance on this, thanks so much!

Arc · 04 Aug 2013

This time the BSODs are caused by Avast!
avast! TDI Filter Driver

Code:

fffff880`0a8644a0  fffff880`044a6768Unable to load image \SystemRoot\System32\Drivers\aswTdi.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
 aswTdi+0xb768

Description here: Driver Reference Table - aswTdi.SYS

avast! Self Protection Driver

Code:

fffff880`0a864298  fffff880`04c4b313Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
 aswSP+0x1f313

Description here: Driver Reference Table - aswSP.SYS

Uninstall Avast using Avast Uninstall Utility. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.

Free up the startup. Windows does not need any other program to auto start with it, but the auto start programs often conflicts and causes various problems including BSODs.

Click on the Start button
Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
Select the “Startup” tab.
Deselect all items other than the antivirus.
Apply > OK
Accept then restart.

Let us know the results.
______________________________________________________________________
BSOD ANALYSIS:

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {fffffa4143414349, 2, 1, fffff80002ffc147}

Probably caused by : netbt.sys ( netbt!AddToPendingList+28 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: fffffa4143414349, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80002ffc147, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExAllocatePoolWithTag+537
fffff800`02ffc147 48895808        mov     qword ptr [rax+8],rbx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  AvastUI.exe

TRAP_FRAME:  fffff8800a8644a0 -- (.trap 0xfffff8800a8644a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa4143414341 rbx=0000000000000000 rcx=fffffa80043f8130
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ffc147 rsp=fffff8800a864630 rbp=0000000000001000
 r8=0000000000000000  r9=fffff800030577b0 r10=fffff80003057588
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x537:
fffff800`02ffc147 48895808        mov     qword ptr [rax+8],rbx ds:fffffa41`43414349=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ec71a9 to fffff80002ec7c00

STACK_TEXT:  
fffff880`0a864358 fffff800`02ec71a9 : 00000000`0000000a fffffa41`43414349 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0a864360 fffff800`02ec5e20 : fffff880`044a6768 fffffa80`06d73a70 fffffa80`03d5e978 fffff800`030577b0 : nt!KiBugCheckDispatch+0x69
fffff880`0a8644a0 fffff800`02ffc147 : fffffa80`08c070e0 fffff880`048da2c0 fffffa80`040d5370 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0a864630 fffff880`048d9c88 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x537
fffff880`0a864720 fffff880`048d9dd0 : 00000000`00000000 fffffa80`0454fc60 fffffa80`0454fc60 fffffa80`0454fc60 : netbt!AddToPendingList+0x28
fffff880`0a864750 fffff880`048d9c51 : fffffa80`09217fc8 fffffa80`04b478d0 00000000`c0000001 fffffa80`0454fc60 : netbt!QueryNameOnNet+0xf7
fffff880`0a864800 fffff880`04909520 : 00000000`c0000120 fffffa80`09217fc8 fffff880`048db2d0 fffffa80`08d56e00 : netbt!FindNameOrQuery+0x550
fffff880`0a864880 fffff880`049095d3 : 00000000`c0000001 00000000`00210096 fffffa80`08d56f70 fffffa80`08d56e10 : netbt!NbtQueryFindName+0x12a
fffff880`0a864930 fffff880`049091ce : fffffa80`08d56e10 fffffa80`08d56f70 00000000`00000001 fffffa80`08d56f70 : netbt!DispatchIoctls+0x28e
fffff880`0a8649e0 fffff800`031e5f37 : fffffa80`06b20070 fffff880`0a864ca0 fffffa80`06b20070 fffffa80`08d56e10 : netbt!NbtDispatchDevCtrl+0xc5
fffff880`0a864a10 fffff800`031e6796 : 00000000`048be6d8 00000000`0000068c 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0a864b40 fffff800`02ec6e93 : fffffa80`04572b50 00000000`048be678 fffff880`0a864bc8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`0a864bb0 00000000`73ac2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`048bef88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ac2e09


STACK_COMMAND:  kb

FOLLOWUP_IP: 
netbt!AddToPendingList+28
fffff880`048d9c88 488bd8          mov     rbx,rax

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  netbt!AddToPendingList+28

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netbt

IMAGE_NAME:  netbt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79386

FAILURE_BUCKET_ID:  X64_0xC5_2_netbt!AddToPendingList+28

BUCKET_ID:  X64_0xC5_2_netbt!AddToPendingList+28

Followup: MachineOwner
---------

tjkok · 05 Aug 2013

Dear Arc

Thanks so much for your advice, I ran the Malwarebytes and MSE overnight, seems pretty ok, I've also disabled all programmes at Startup except for the Microsoft Security Client (don't seem to have any other anti-virus installed other than Avast! which I had uninstalled earlier on already), and it started without problems.

Just want to check though, I don't need any other anti virus other than Malwarebytes and MSE? I always had the impression that our computers always require an anti-virus to protect the system. I had used Avira previously and it didn't seem to clash with MSE or Malwarebytes, but seems like Avast! has quite a fair bit of conflict with these two software.

Arc · 05 Aug 2013

Mate, you really dont need any more antivirus than MSE and MBAM. A great lot of our long time members use this combo, over a long time, without any reasonable issue.

MSE is a real time protection program. If multiple instance of such a program is installed, it is unhealthy for the system.

MBAM is different; it is an on demand scanner. So it does not clash with anything.

Avast, Avira or any other antivirus is good. No doubt. But sometimes they cause BSODs in some systems (not in all systems, obviously). MSE is the most lightweight on the system, and matches perfectly with the windows 7's source code (which the other stuff dont), so it never cause a BSOD.

So you can understand why we are suggesting you to use MSE; from a strict BSOD perspective.

For any other questions, you are welcome :) Let us know how the system is running.

tjkok · 06 Aug 2013

Dear Arc

Have been using the system for the past couple of days, and it worked like clockwork, so I guess it's fine now, thanks for your help! :)

Based on your recommendation, guess I'll stick to MSE and MBAM for now, just one more question though, MSE is pretty much the AV for my system, MBAM covers the malware prevention component, do I need another software to cover the spyware prevention? Or both MSE and MBAM should be enough to cover all ground? Thanks so much!

Arc · 07 Aug 2013

MSE and MBAM are usually enough to cover all those.
If you want a spyware protector, you may use Spybot. It will not cause any conflict.

How is the system is running now? If it is ok, you may feel free to mark this thread as solved.

Watching online stream video, computer crashed twice due to BSOD

New BSOD while running MalwareBytes