BSoD WinXP Home 32 SP3 Avast 5.0.462

Avast Free Antivirus / Premium Security
1

I got a BSoD today, when I opened http://www.nascar.com/ in IE8. I uploaded the minidump file to ftp://ftp.avast.com/incoming/bover907.dmp

Any help on what this means would be greatly appreciated. I have loved Avast for years. I recently built this computer, and put Avast 5 on it. My other computers still have 4.8 on them, as I was just waiting for Auto Update to prompt for ver5 install.


Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini032810-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is: 
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (3 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Sun Mar 28 00:56:06.828 2010 (GMT-4)
System Uptime: 0 days 2:16:49.660
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...
Loading User Symbols
Loading unloaded module list
..............
Unable to load image tcpip.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tcpip.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {2, 887a232c, 887aa000, 89ce80c0}

Unable to load image aswTdi.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
*** WARNING: Unable to verify timestamp for afd.sys
Probably caused by : aswTdi.SYS ( aswTdi+977 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000002, Pool header has been corrupted
Arg2: 887a232c, Pointer to pool header
Arg3: 887aa000, First part of pool header contents
Arg4: 89ce80c0, 0

Debugging Details:
------------------


BUGCHECK_STR:  0xc2_2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  AvastSvc.exe

LAST_CONTROL_TRANSFER:  from a948f0d3 to 804f9f43

STACK_TEXT:  
a5c9a874 a948f0d3 000000c2 00000002 887a232c nt!_woutput+0x414
a5c9a8a0 a9464b38 89ce8040 a5c9a99c 88a7a97c tcpip!FillARPControlBlock+0x15
a5c9a8b8 a94645af 89ce8040 a5c9a99c a5c9a9f0 tcpip!MdpAllocate+0x1a
a5c9a8c8 a9463e80 a5c9a99c 84f841e8 88a7a8a0 tcpip!GetIPHdrBuffer+0x13
a5c9a9f0 a9468b07 a94a2b98 84f841e8 84f84180 tcpip!IPTransmit+0xa8f
a5c9aa5c a9468d35 8c563886 00004000 88bcc0cc tcpip!TCPSend+0x5db
a5c9aa84 a94684a5 00000001 00000000 00004000 tcpip!TdiSend+0x1ca
a5c9aab8 a94677b6 88bcc038 88a6a59c 88bcc038 tcpip!TCPSendData+0x83
a5c9aad4 804ef19f 89b34030 88bcc038 89a6c710 tcpip!TCPDispatchInternalDeviceControl+0x51
a5c9ab1c ba278977 89a6c6e0 88bcc038 89b34030 nt!MiFlushSectionInternal+0x256
WARNING: Stack unwind information not available. Following frames may be wrong.
a5c9ab64 804ef19f 89b34030 88bcc038 89b4f7a0 aswTdi+0x977
a5c9ab80 804ef19f 89b4f6e8 88bcc038 89aac508 nt!MiFlushSectionInternal+0x256
a5c9ac28 a93fc2d7 84fa0e48 a93fc2d7 84f917b8 nt!MiFlushSectionInternal+0x256
a5c9ac40 804ef19f 89b5fe18 84fa0e48 806e6410 afd!AfdReturnBuffer+0x37
a5c9ac64 805807f7 89b5fe18 84fa0e48 84f917b8 nt!MiFlushSectionInternal+0x256
a5c9ad00 80579274 00000fe8 00000000 71a681b9 nt!NtSetInformationThread+0x125
a5c9ad34 8054163c 00000fe8 00000000 71a681b9 nt!SepOpenTokenOfThread+0x87
a5c9ad64 7c90e514 badb0d00 0739faac 00000000 nt!RtlIpv4StringToAddressExW+0xbd
a5c9ad78 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
aswTdi+977
ba278977 ??              ???

SYMBOL_STACK_INDEX:  a

SYMBOL_NAME:  aswTdi+977

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswTdi

IMAGE_NAME:  aswTdi.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4b95b21c

FAILURE_BUCKET_ID:  0xc2_2_aswTdi+977

BUCKET_ID:  0xc2_2_aswTdi+977

Followup: MachineOwner
---------
2

I have no problem with nascar.com

How much RAM does the system have?

3

bover907,

Just tried loading the nascar page into both IE8 and Firefox 3.6. The page loaded fine with no problems in both. I’m also using Windows XP Home SP3 and avast! 5.0.462 Free. You didn’t say which version of avast! you were running (Free, Pro, or IS) - that may make a difference.

I know this doesn’t answer your question about the significance of the minidump, but at least you know that there doesn’t appear to be a direct link to avast! 5 and the BSOD you got - something else is going on.

As far as waiting for the auto-update to prompt for the install of version 5, I’m not sure that it will. I remember reading several messages on this board from users of avast! 4.8 stating that they never got the prompt to update to 5. I’d probably just go ahead and download the version 5 package and install that.

Good luck . . .

4

I’m Sorry. I’m using Avast 5 Free. I am also pretty sure that it wasn’t the web page itself that caused the fault. Jusst happened to be what I was doing when the BSoD occured. I posted the contents of the minidump here, because two of Avast’s drivers were listed in it.

Specs:
Microsoft WinXP Home SP3
AMD Athelon II X3 425 @ stock 2.7GHz
MSI AMD 770 G45 Mainboard
2 Gb RAM, OCZ Gold, DDR3 1066
ATI Radeon 4670 1GB DDR3 PCIe Graphics
Onboard VIA HD Sound

5

are you installed avast 5 free over 4.8 pro?

6

No, clean install of Avast 5. I just built this computer, and did a clean install of WinXP, then a clean install of Avast 5.

7

I haven’t brought up the actual page, but looking at the source code from within a secure site -

you will see I have run notepad as a virtualised process
I have copied the code from within the secure site and pasted it into my secure(d) notepad

the screenshot shows portions of the code that most likely triggered the alerts

Edit - I’m not an expert on script, but my impression here is that this is obfuscated script. Yes or no?

8

Anyone got an answer on the above text. Is it obfuscated?
I think perhaps not. But not the normal perhaps? So may have triggered an alert BSOD?

9

a script stored in the video memory ???,

try to put blank cd in the cd drive before boot up

or if you can reduce first your ram just put it back after problem solve

it looks like script wants a memory storage to stored a large file.

and video memory is in the first list creating overdamping :wink:

Best Regards!!!

10

what I was trying to get at bong was that the script package (for want of a better word) was so densely packed that the OP computer borked half through decipher / render for script package use to the code on the page or some part of the page or…and so returned BSOD to the screen.

and yet others computer have no problem with it - my computer renders page well enough, and it well short of the capacity of OP computer

maybe just one of things that happens once in a while…rather than hang, computer reverts to BSOD, which is basically safety resort

And I wish I knew what you sometimes talking about bong, you sometimes almost there…video memory, overdamping…hmm…wants storage, large file…I don’t know really, and from what I do know, may be good insight in what you say but lost in translation

Mind you, sometimes my posts lapse into gibberish ::slight_smile: all part of learning curve I guess

11

sorry for not fluent in expressing a word:)

script usually change only the process

but this one can create ghost folder and need to stored anywhere

and the nearest access is the video memory

overloading the vedio memory, cpu response - please remove any newly installed hardware/software.

alternatives for troubleshooting:
:wink:

  1. reduce ram into 512 mb so that it will process only the low graphic(safemode but if you restart in normal it will make bsod again)

or

2.put blank cd or floppy disc(if available) in the drive so that ghost file may stored there as temp file, not in the video memory.(script process do not use ram memory to protect the ghost files in this case)

or

  1. remove your hard disk and scan it in other computer for the removal of script (totally dead scan prevent for processing system file in hardisk), or if you can make network scan the system.

Best Regards!!!

12

okay I think I see now what you mean
…video memory, overdamping…

about this script…and ghost folderwants a memory storage…and so access video memory

and here is what happens
overloading video memory, cpu response

and the following is of course as with the XP code 10 that would return a BSOD
please remove any newly installed hardware/software

overloading video memory

and you also outline ways of troubleshooting the issue

thank you for reply, bong2x
I hope I translate yr meaning close enough