system
March 3, 2011, 12:57pm
1
Hello.
Upon bootup I get a “Recovered from Serious Error” notification. This started after upgrading to the free version 6.0.1000 so I was wondering if you can look at my minidump file to diagnose the problem and to determine if it is related to the upgrade or not. Ran a MBAM and Avast! quick scan but nothing is identified as malware. Also, when I send the report to Microsoft, everything appears to run correctly afterwards.
Running XP SP3 fully patched. I also have MBAM (free), SAS (free) and SpywareBlaster installed. I use only the built in Windows firewall.
system
March 3, 2011, 2:19pm
2
Wasn’t aware that I can’t attach .zip files for the minidump review. Let me know if there is a location that I should send it to. Thanks.
system
March 3, 2011, 2:35pm
3
system
March 3, 2011, 2:50pm
4
The FTP directory /incoming at ftp.avast.com page is blank. It doesn’t provide me with an option to post the .zip file.
Is there something I am missing? Thanks.
Yes, the folder (ftp) will always be shown as blank because you have only “write” access and not “read”.
If you upload the file, the file will be there, but only they could see it.
system
March 3, 2011, 3:38pm
6
Still having trouble uploading it so I asked a friend to look at the file. Here are the contents for your review in two parts. Thanks in advance.
=============================
The error was invoked by aswSP.SYS (with an additional fault pointing to csrss.exe which was most likely caused by Avast) which is an Avast related file. I really don’t know how to tell you to correct it, but you might want to report this on the Avast forum here: http://forum.avast.com/index.php
They’ll probably want to see the dump file, too. If they have no method to attach a file, here are the particulars:
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it’s a trap of a kind
that the kernel isn’t allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
TRAP_FRAME: b4a26064 – (.trap 0xffffffffb4a26064)
ErrCode = 00000002
eax=0c2f0400 ebx=82ff2050 ecx=00000000 edx=82ff4004 esi=e1ef2000 edi=000001ff
eip=8054bb6e esp=b4a260d8 ebp=b4a2612c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExAllocatePoolWithTag+0x869:
8054bb6e 8906 mov dword ptr [esi],eax ds:0023:e1ef2000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 804eba7a to 804e9249
STACK_TEXT:
b4a25ffc 804eba7a 00000001 e1ef2000 c0387bc8 nt!MiDispatchFault+0x2
b4a2604c 804e172b 00000001 e1ef2000 00000000 nt!MmAccessFault+0x5bc
b4a2604c 8054bb6e 00000001 e1ef2000 00000000 nt!KiTrap0E+0xcc
b4a2612c 80629efa 00000001 00000000 7153624f nt!ExAllocatePoolWithTag+0x869
b4a26150 80565cf8 e1acbe40 b4a2617c b4a26170 nt!ObpGetObjectSecurity+0x53
b4a26180 8056a989 e1acbe40 82529728 00000001 nt!ObCheckObjectAccess+0x2c
b4a261cc 80568e9c e1035b60 0007c020 00000000 nt!CmpDoOpen+0x2d5
b4a263cc 8056406c 0007c020 00000000 82529728 nt!CmpParseKey+0x5a6
b4a26454 805686ea 00000000 b4a26494 00000240 nt!ObpLookupObjectName+0x56a
b4a264a8 80569080 00000000 82fc3860 00000000 nt!ObOpenObjectByName+0xeb
b4a265a4 f74d585a b4a26a34 82000000 b4a26768 nt!NtOpenKey+0x1c8
WARNING: Stack unwind information not available. Following frames may be wrong.
b4a265c0 f74989b3 b4a26a34 82000000 b4a26768 aswSP+0x1185a
b4a266c4 804de7ec b4a26a34 00000000 b4a26768 aswSnx+0x329b3
b4a266c4 804dd019 b4a26a34 00000000 b4a26768 nt!KiFastCallEntry+0xf8
b4a26748 80635813 b4a26a34 82000000 b4a26768 nt!ZwOpenKey+0x11
b4a269b8 805ffbe1 00000000 e1ed63a8 00000000 nt!RtlpGetRegistryHandleAndPath+0x27a
b4a26c4c f7368c69 00000000 e1ed63a8 b4a26c74 nt!RtlQueryRegistryValues+0x9c
b4a26cc0 f7375a1d 82654350 e1ed63a8 00000000 VIDEOPRT!VPGetRegistryParameters+0xed
b4a26ce4 f73dee52 82654350 b4a26d04 00000000 VIDEOPRT!VideoPortGetRegistryParameters+0x2d
b4a26e0c f738abba 826544c8 b4a26e2c b4a26f2c ati2mtag+0x63e52
b4a26f98 f7389390 82654f08 00000001 b4a27574 ati2mtag+0xfbba
b4a26fc4 f738f083 82654f08 00000001 000000a3 ati2mtag+0xe390
b4a26ffc f738ef38 82654f08 b4a27038 b4a27574 ati2mtag+0x14083
b4a271b0 f738effd 82654f08 00000001 b4a27574 ati2mtag+0x13f38
b4a271d8 f7392eb1 82654f08 00000001 b4a27574 ati2mtag+0x13ffd
b4a27224 f73928a4 82654f08 00000001 00007530 ati2mtag+0x17eb1
b4a2726c f7392112 82654f08 00000001 82658458 ati2mtag+0x178a4
b4a273dc f7391d52 82654f08 00000003 82658458 ati2mtag+0x17112
b4a273f8 f7391912 82654f08 82658350 82658458 ati2mtag+0x16d52
b4a2758c f7391190 82654f08 82658320 00000001 ati2mtag+0x16912
b4a275b4 f7390f2c 82654f08 8265de34 00000000 ati2mtag+0x16190
b4a27764 f738dc3a 00000008 00000002 82654f08 ati2mtag+0x15f2c
b4a282cc f7383901 00000001 82654da8 82654f08 ati2mtag+0x12c3a
b4a282e8 f73dff6d 00000000 00000004 00000001 ati2mtag+0x8901
b4a2876c f737592e 82654350 824cb018 8269da98 ati2mtag+0x64f6d
b4a2882c 804e3807 82654038 824cb008 824cb008 VIDEOPRT!pVideoPortDispatch+0xcc4
b4a2883c 8056f1b5 82654020 82214814 b4a289e4 nt!IopfCallDriver+0x31
b4a2891c 8056406c 82654038 00000000 82214770 nt!IopParseDevice+0xa12
b4a289a4 805686ea 00000000 b4a289e4 00000240 nt!ObpLookupObjectName+0x56a
b4a289f8 8056f68f 00000000 00000000 5690b700 nt!ObOpenObjectByName+0xeb
b4a28a74 8056f75e b4a28bf0 00000000 b4a28bc8 nt!IopCreateFile+0x407
b4a28ad0 8056f826 b4a28bf0 00000000 b4a28bc8 nt!IoCreateFile+0x8e
b4a28b10 804de7ec b4a28bf0 00000000 b4a28bc8 nt!NtOpenFile+0x27
b4a28b10 804dcfdd b4a28bf0 00000000 b4a28bc8 nt!KiFastCallEntry+0xf8
b4a28ba0 8059c386 b4a28bf0 00000000 b4a28bc8 nt!ZwOpenFile+0x11
b4a28be8 bf85f989 b4a28c44 00000000 b4a28c68 nt!IoGetDeviceObjectPointer+0x40
b4a28cd8 bf892c0f 00000001 00000001 00000001 win32k!DrvUpdateGraphicsDeviceList+0x3d2
b4a28d18 bf892b09 00000001 00000008 b4a28d48 win32k!DrvInitConsole+0xaa
b4a28d28 bf892a9a 00000001 b4a28d64 0015fd98 win32k!InitVideo+0x18
b4a28d48 bf893e59 b4a28d64 804de7ec 00050000 win32k!UserInitialize+0x14d
b4a28d50 804de7ec 00050000 00000054 00000058 win32k!NtUserInitialize+0x87
b4a28d50 7c90e514 00050000 00000054 00000058 nt!KiFastCallEntry+0xf8
0015fdb0 00000000 00000000 00000000 00000000 0x7c90e514
system
March 3, 2011, 3:38pm
7
Part2
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+1185a
f74d585a ?? ???
SYMBOL_STACK_INDEX: b
SYMBOL_NAME: aswSP+1185a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4d65202b
FAILURE_BUCKET_ID: 0x7f_8_aswSP+1185a
BUCKET_ID: 0x7f_8_aswSP+1185a
Followup: MachineOwner
kd> !analyze -v
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it’s a trap of a kind
that the kernel isn’t allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: csrss.exe
TRAP_FRAME: b4a26064 – (.trap 0xffffffffb4a26064)
ErrCode = 00000002
eax=0c2f0400 ebx=82ff2050 ecx=00000000 edx=82ff4004 esi=e1ef2000 edi=000001ff
eip=8054bb6e esp=b4a260d8 ebp=b4a2612c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!ExAllocatePoolWithTag+0x869:
8054bb6e 8906 mov dword ptr [esi],eax ds:0023:e1ef2000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 804eba7a to 804e9249
STACK_TEXT:
b4a25ffc 804eba7a 00000001 e1ef2000 c0387bc8 nt!MiDispatchFault+0x2
b4a2604c 804e172b 00000001 e1ef2000 00000000 nt!MmAccessFault+0x5bc
b4a2604c 8054bb6e 00000001 e1ef2000 00000000 nt!KiTrap0E+0xcc
b4a2612c 80629efa 00000001 00000000 7153624f nt!ExAllocatePoolWithTag+0x869
b4a26150 80565cf8 e1acbe40 b4a2617c b4a26170 nt!ObpGetObjectSecurity+0x53
b4a26180 8056a989 e1acbe40 82529728 00000001 nt!ObCheckObjectAccess+0x2c
b4a261cc 80568e9c e1035b60 0007c020 00000000 nt!CmpDoOpen+0x2d5
b4a263cc 8056406c 0007c020 00000000 82529728 nt!CmpParseKey+0x5a6
b4a26454 805686ea 00000000 b4a26494 00000240 nt!ObpLookupObjectName+0x56a
b4a264a8 80569080 00000000 82fc3860 00000000 nt!ObOpenObjectByName+0xeb
b4a265a4 f74d585a b4a26a34 82000000 b4a26768 nt!NtOpenKey+0x1c8
WARNING: Stack unwind information not available. Following frames may be wrong.
b4a265c0 f74989b3 b4a26a34 82000000 b4a26768 aswSP+0x1185a
b4a266c4 804de7ec b4a26a34 00000000 b4a26768 aswSnx+0x329b3
b4a266c4 804dd019 b4a26a34 00000000 b4a26768 nt!KiFastCallEntry+0xf8
b4a26748 80635813 b4a26a34 82000000 b4a26768 nt!ZwOpenKey+0x11
b4a269b8 805ffbe1 00000000 e1ed63a8 00000000 nt!RtlpGetRegistryHandleAndPath+0x27a
b4a26c4c f7368c69 00000000 e1ed63a8 b4a26c74 nt!RtlQueryRegistryValues+0x9c
b4a26cc0 f7375a1d 82654350 e1ed63a8 00000000 VIDEOPRT!VPGetRegistryParameters+0xed
b4a26ce4 f73dee52 82654350 b4a26d04 00000000 VIDEOPRT!VideoPortGetRegistryParameters+0x2d
b4a26e0c f738abba 826544c8 b4a26e2c b4a26f2c ati2mtag+0x63e52
b4a26f98 f7389390 82654f08 00000001 b4a27574 ati2mtag+0xfbba
b4a26fc4 f738f083 82654f08 00000001 000000a3 ati2mtag+0xe390
b4a26ffc f738ef38 82654f08 b4a27038 b4a27574 ati2mtag+0x14083
b4a271b0 f738effd 82654f08 00000001 b4a27574 ati2mtag+0x13f38
b4a271d8 f7392eb1 82654f08 00000001 b4a27574 ati2mtag+0x13ffd
b4a27224 f73928a4 82654f08 00000001 00007530 ati2mtag+0x17eb1
b4a2726c f7392112 82654f08 00000001 82658458 ati2mtag+0x178a4
b4a273dc f7391d52 82654f08 00000003 82658458 ati2mtag+0x17112
b4a273f8 f7391912 82654f08 82658350 82658458 ati2mtag+0x16d52
b4a2758c f7391190 82654f08 82658320 00000001 ati2mtag+0x16912
b4a275b4 f7390f2c 82654f08 8265de34 00000000 ati2mtag+0x16190
b4a27764 f738dc3a 00000008 00000002 82654f08 ati2mtag+0x15f2c
b4a282cc f7383901 00000001 82654da8 82654f08 ati2mtag+0x12c3a
b4a282e8 f73dff6d 00000000 00000004 00000001 ati2mtag+0x8901
b4a2876c f737592e 82654350 824cb018 8269da98 ati2mtag+0x64f6d
b4a2882c 804e3807 82654038 824cb008 824cb008 VIDEOPRT!pVideoPortDispatch+0xcc4
b4a2883c 8056f1b5 82654020 82214814 b4a289e4 nt!IopfCallDriver+0x31
b4a2891c 8056406c 82654038 00000000 82214770 nt!IopParseDevice+0xa12
b4a289a4 805686ea 00000000 b4a289e4 00000240 nt!ObpLookupObjectName+0x56a
b4a289f8 8056f68f 00000000 00000000 5690b700 nt!ObOpenObjectByName+0xeb
b4a28a74 8056f75e b4a28bf0 00000000 b4a28bc8 nt!IopCreateFile+0x407
b4a28ad0 8056f826 b4a28bf0 00000000 b4a28bc8 nt!IoCreateFile+0x8e
b4a28b10 804de7ec b4a28bf0 00000000 b4a28bc8 nt!NtOpenFile+0x27
b4a28b10 804dcfdd b4a28bf0 00000000 b4a28bc8 nt!KiFastCallEntry+0xf8
b4a28ba0 8059c386 b4a28bf0 00000000 b4a28bc8 nt!ZwOpenFile+0x11
b4a28be8 bf85f989 b4a28c44 00000000 b4a28c68 nt!IoGetDeviceObjectPointer+0x40
b4a28cd8 bf892c0f 00000001 00000001 00000001 win32k!DrvUpdateGraphicsDeviceList+0x3d2
b4a28d18 bf892b09 00000001 00000008 b4a28d48 win32k!DrvInitConsole+0xaa
b4a28d28 bf892a9a 00000001 b4a28d64 0015fd98 win32k!InitVideo+0x18
b4a28d48 bf893e59 b4a28d64 804de7ec 00050000 win32k!UserInitialize+0x14d
b4a28d50 804de7ec 00050000 00000054 00000058 win32k!NtUserInitialize+0x87
b4a28d50 7c90e514 00050000 00000054 00000058 nt!KiFastCallEntry+0xf8
0015fdb0 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+1185a
f74d585a ?? ???
SYMBOL_STACK_INDEX: b
SYMBOL_NAME: aswSP+1185a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4d65202b
FAILURE_BUCKET_ID: 0x7f_8_aswSP+1185a
BUCKET_ID: 0x7f_8_aswSP+1185a
Followup: MachineOwner