New
#11
You wait for another system crash, and you use any system cleanup tool like CClener, dont run that before uploading the next crash dump.
You wait for another system crash, and you use any system cleanup tool like CClener, dont run that before uploading the next crash dump.
Okies, thanks! Hopefully no other BSOD will occur though ....
Hi hi
A new BSOD occurred, this time while running Malwarebytes, appreciate any assistance on this, thanks so much!
This time the BSODs are caused by Avast!
avast! TDI Filter Driver
Description here: Driver Reference Table - aswTdi.SYSCode:fffff880`0a8644a0 fffff880`044a6768Unable to load image \SystemRoot\System32\Drivers\aswTdi.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for aswTdi.SYS *** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS aswTdi+0xb768
avast! Self Protection Driver
Description here: Driver Reference Table - aswSP.SYSCode:fffff880`0a864298 fffff880`04c4b313Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for aswSP.SYS *** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS aswSP+0x1f313
Uninstall Avast using Avast Uninstall Utility. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.
Free up the startup. Windows does not need any other program to auto start with it, but the auto start programs often conflicts and causes various problems including BSODs.
- Click on the Start button
- Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
- Select the “Startup” tab.
- Deselect all items other than the antivirus.
- Apply > OK
- Accept then restart.
Let us know the results.
______________________________________________________________________
BSOD ANALYSIS:
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C5, {fffffa4143414349, 2, 1, fffff80002ffc147} Probably caused by : netbt.sys ( netbt!AddToPendingList+28 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: fffffa4143414349, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff80002ffc147, address which referenced memory Debugging Details: ------------------ BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExAllocatePoolWithTag+537 fffff800`02ffc147 48895808 mov qword ptr [rax+8],rbx CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: AvastUI.exe TRAP_FRAME: fffff8800a8644a0 -- (.trap 0xfffff8800a8644a0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa4143414341 rbx=0000000000000000 rcx=fffffa80043f8130 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002ffc147 rsp=fffff8800a864630 rbp=0000000000001000 r8=0000000000000000 r9=fffff800030577b0 r10=fffff80003057588 r11=0000000000000002 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!ExAllocatePoolWithTag+0x537: fffff800`02ffc147 48895808 mov qword ptr [rax+8],rbx ds:fffffa41`43414349=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ec71a9 to fffff80002ec7c00 STACK_TEXT: fffff880`0a864358 fffff800`02ec71a9 : 00000000`0000000a fffffa41`43414349 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`0a864360 fffff800`02ec5e20 : fffff880`044a6768 fffffa80`06d73a70 fffffa80`03d5e978 fffff800`030577b0 : nt!KiBugCheckDispatch+0x69 fffff880`0a8644a0 fffff800`02ffc147 : fffffa80`08c070e0 fffff880`048da2c0 fffffa80`040d5370 00000000`00000000 : nt!KiPageFault+0x260 fffff880`0a864630 fffff880`048d9c88 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x537 fffff880`0a864720 fffff880`048d9dd0 : 00000000`00000000 fffffa80`0454fc60 fffffa80`0454fc60 fffffa80`0454fc60 : netbt!AddToPendingList+0x28 fffff880`0a864750 fffff880`048d9c51 : fffffa80`09217fc8 fffffa80`04b478d0 00000000`c0000001 fffffa80`0454fc60 : netbt!QueryNameOnNet+0xf7 fffff880`0a864800 fffff880`04909520 : 00000000`c0000120 fffffa80`09217fc8 fffff880`048db2d0 fffffa80`08d56e00 : netbt!FindNameOrQuery+0x550 fffff880`0a864880 fffff880`049095d3 : 00000000`c0000001 00000000`00210096 fffffa80`08d56f70 fffffa80`08d56e10 : netbt!NbtQueryFindName+0x12a fffff880`0a864930 fffff880`049091ce : fffffa80`08d56e10 fffffa80`08d56f70 00000000`00000001 fffffa80`08d56f70 : netbt!DispatchIoctls+0x28e fffff880`0a8649e0 fffff800`031e5f37 : fffffa80`06b20070 fffff880`0a864ca0 fffffa80`06b20070 fffffa80`08d56e10 : netbt!NbtDispatchDevCtrl+0xc5 fffff880`0a864a10 fffff800`031e6796 : 00000000`048be6d8 00000000`0000068c 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`0a864b40 fffff800`02ec6e93 : fffffa80`04572b50 00000000`048be678 fffff880`0a864bc8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56 fffff880`0a864bb0 00000000`73ac2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`048bef88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ac2e09 STACK_COMMAND: kb FOLLOWUP_IP: netbt!AddToPendingList+28 fffff880`048d9c88 488bd8 mov rbx,rax SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: netbt!AddToPendingList+28 FOLLOWUP_NAME: MachineOwner MODULE_NAME: netbt IMAGE_NAME: netbt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79386 FAILURE_BUCKET_ID: X64_0xC5_2_netbt!AddToPendingList+28 BUCKET_ID: X64_0xC5_2_netbt!AddToPendingList+28 Followup: MachineOwner ---------
Dear Arc
Thanks so much for your advice, I ran the Malwarebytes and MSE overnight, seems pretty ok, I've also disabled all programmes at Startup except for the Microsoft Security Client (don't seem to have any other anti-virus installed other than Avast! which I had uninstalled earlier on already), and it started without problems.
Just want to check though, I don't need any other anti virus other than Malwarebytes and MSE? I always had the impression that our computers always require an anti-virus to protect the system. I had used Avira previously and it didn't seem to clash with MSE or Malwarebytes, but seems like Avast! has quite a fair bit of conflict with these two software.
Mate, you really dont need any more antivirus than MSE and MBAM. A great lot of our long time members use this combo, over a long time, without any reasonable issue.
MSE is a real time protection program. If multiple instance of such a program is installed, it is unhealthy for the system.
MBAM is different; it is an on demand scanner. So it does not clash with anything.
Avast, Avira or any other antivirus is good. No doubt. But sometimes they cause BSODs in some systems (not in all systems, obviously). MSE is the most lightweight on the system, and matches perfectly with the windows 7's source code (which the other stuff dont), so it never cause a BSOD.
So you can understand why we are suggesting you to use MSE; from a strict BSOD perspective.
For any other questions, you are welcome :) Let us know how the system is running.
Dear Arc
Have been using the system for the past couple of days, and it worked like clockwork, so I guess it's fine now, thanks for your help! :)
Based on your recommendation, guess I'll stick to MSE and MBAM for now, just one more question though, MSE is pretty much the AV for my system, MBAM covers the malware prevention component, do I need another software to cover the spyware prevention? Or both MSE and MBAM should be enough to cover all ground? Thanks so much!
MSE and MBAM are usually enough to cover all those.
If you want a spyware protector, you may use Spybot. It will not cause any conflict.
How is the system is running now? If it is ok, you may feel free to mark this thread as solved.