I got a bluescreen the other day and from the Windows Debugger I believe it was caused by the avastSvc.
The BSOD occurred after a cold boot and left at the welcome screen.
Would just like to confirm if this is a problem with Avast or not or possibly caused by other drivers on the system.
Note, I’ve been using Avast for ages on this install, and after the bluescreen the system booted without problems so I haven’t seen it again.
Windows 7 Professional SP1 (Genuine) English 32-bit
Avast Free 6.0.1125
Dell Studio 1535, Intel Core 2 Duo 2.0GHz, 3GB RAM
I have attached the Minidump file (renamed to .log) and also reprise the analysis from the debugger:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\060811-20654-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.x86fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0x82e12000 PsLoadedModuleList = 0x82f5b4d0
Debug session time: Wed Jun 8 19:26:28.121 2011 (UTC + 1:00)
System Uptime: 0 days 0:08:49.337
Loading Kernel Symbols
...............................................................
................................................................
..............................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1, {830863d2, 0, ffff0000, 0}
Probably caused by : ntkrpamp.exe ( nt!NtDeviceIoControlFile+0 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->KernelApcDisable field. A negative value indicates that a driver
has disabled APC calls without re-enabling them. A positive value indicates
that the reverse is true. This check is made on exit from a system call.
Arguments:
Arg1: 830863d2, address of system function (system call)
Arg2: 00000000, Thread->ApcStateIndex << 8 | Previous ApcStateIndex
Arg3: ffff0000, Thread->KernelApcDisable
Arg4: 00000000, Previous KernelApcDisable
Debugging Details:
------------------
FAULTING_IP:
nt!NtDeviceIoControlFile+0
830863d2 8bff mov edi,edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: AvastSvc.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 77c670b4 to 82e50573
STACK_TEXT:
9db03d34 77c670b4 badb0d00 07c5c73c 00000000 nt!KiServiceExit2+0x17a
WARNING: Frame IP not in any known module. Following frames may be wrong.
07c5c794 00000000 00000000 00000000 00000000 0x77c670b4
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!NtDeviceIoControlFile+0
830863d2 8bff mov edi,edi
SYMBOL_NAME: nt!NtDeviceIoControlFile+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fd753
FAILURE_BUCKET_ID: 0x1_SysCallNum_6b_nt!NtDeviceIoControlFile+0
BUCKET_ID: 0x1_SysCallNum_6b_nt!NtDeviceIoControlFile+0
Followup: MachineOwner
---------
Thanks