Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: acdcfan on January 26, 2010, 02:24:31 PM
-
I am not sure why this happen today....
It is fresh install of Windows 7, I have installed 5.0.377 program version...
I did have Avast screen saver running when this happened. I stopped and will see if it happens again...
In the mean time here is dump file from debug manager
WARNING: Whitespace at end of path element
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\012610-27781-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols ;srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02812000 PsLoadedModuleList = 0xfffff800`02a4fe50
Debug session time: Tue Jan 26 20:51:31.617 2010 (GMT+8)
System Uptime: 0 days 5:25:17.351
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa800914feea, 0, fffff88003ed4dd1, 0}
Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
Could not read faulting driver name
Probably caused by : aswSP.SYS ( aswSP+5dd1 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800914feea, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88003ed4dd1, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002aba0e0
fffffa800914feea
FAULTING_IP:
aswSP+5dd1
fffff880`03ed4dd1 f30f6f0401 movdqu xmm0,xmmword ptr [rcx+rax]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: avastSS.scr
CURRENT_IRQL: 0
TRAP_FRAME: fffff88007782220 -- (.trap 0xfffff88007782220)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800914e4e0 rbx=0000000000000000 rcx=0000000000001a02
rdx=fffff88003ee69ba rsi=0000000000000000 rdi=0000000000000000
rip=fffff88003ed4dd1 rsp=fffff880077823b0 rbp=fffffa8004886701
r8=fffff8a00a847a6a r9=0000000000000041 r10=fffff800029fe660
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
aswSP+0x5dd1:
fffff880`03ed4dd1 f30f6f0401 movdqu xmm0,xmmword ptr [rcx+rax] ds:6510:fffffa80`0914fee2=????????????????????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800029031e4 to fffff80002883f00
STACK_TEXT:
fffff880`077820b8 fffff800`029031e4 : 00000000`00000050 fffffa80`0914feea 00000000`00000000 fffff880`07782220 : nt!KeBugCheckEx
fffff880`077820c0 fffff800`02881fee : 00000000`00000000 00000000`00000000 fffff8a0`07c19700 fffff880`0102547e : nt! ?? ::FNODOBFM::`string'+0x42907
fffff880`07782220 fffff880`03ed4dd1 : 00000000`00000000 00000000`00000044 00000000`00000039 fffff880`03ed8222 : nt!KiPageFault+0x16e
fffff880`077823b0 00000000`00000000 : 00000000`00000044 00000000`00000039 fffff880`03ed8222 fffff8a0`0a847901 : aswSP+0x5dd1
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+5dd1
fffff880`03ed4dd1 f30f6f0401 movdqu xmm0,xmmword ptr [rcx+rax]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: aswSP+5dd1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4b55b01b
FAILURE_BUCKET_ID: X64_0x50_aswSP+5dd1
BUCKET_ID: X64_0x50_aswSP+5dd1
Followup: MachineOwner
-
Can you please upload the dump to
ftp://ftp.avast.com/incoming
Thanks.
-
Can you please upload the dump to
ftp://ftp.avast.com/incoming
Thanks.
Not quite familiar how do I upload the file but what user name and password I need to log in.....
Edit
Uploaded the dump file 012610-27781-01, I hope I have done it right because I can not see it either way
Edit 2
I don't think it got there
-
an easy way is to launch the avast ftp link in Internet Explorer, and from the options click on "Open FTP site" in Windows Explorer. Then you just do a drag and drop of your compressed dump file (compress it with WinZip or else before sending, that will spare you a lot of time)
-
an easy way is to launch the avast ftp link in Internet Explorer, and from the options click on "Open FTP site" in Windows Explorer. Then you just do a drag and drop of your compressed dump file (compress it with WinZip or else before sending, that will spare you a lot of time)
I have tried it.... please refer image above for error I have been getting
-
Got the dump file, thanks.
-
Got the dump file, thanks.
And could not even see it after first upload... thanks for letting me know
-
I'm not sure if this is the correct location to address my problem but i have similar problem on mine except my windows 7 is 32bit.
i have used avast home edition 4.8 for years and i was very happy with it.
I decided to purchase the AIS 5.0 with license. i have upgraded it. Since then i got the blue screen few times a day and it keeps showing up more and more often and finally i cannot work on my PC at all because each time windows completely restarted, it requested to send the report to Microsoft with some files (WER-XXXXXX-X.sysdata.xml and mmddyy-XXXXX-01.dmp), then it was the time of the blue screen to show up again, etc...
I decided to uninstall it and go back to avast home edition 4.8 and my PC is now back to the normal state.
What should i do? what about the a license i purchased?
-
no, it's another issue you got there. You should have started your own thread ;) I know you already uninstalled Avast 5 but just in case you give it a new try, disable the behavior shield and see if you get better results. Also, there's a pre-release version of the next updated version here:
http://forum.avast.com/index.php?topic=54451.0
-
Thank for advise. I'll do it and will let you know.
-
This bug is already fixed in pre-release version as Logos pointed out.
-
How can i access to the download page of the pre-release 5.0.394?
-
How can i access to the download page of the pre-release 5.0.394?
Just click on the link i provide from another post in the forum, and download the new pre-release 5.0.394.
http://forum.avast.com/index.php?topic=54491.0 (http://forum.avast.com/index.php?topic=54491.0), all versions are there. Take care pal!
PS. I have win 7 ultimate 64 bits, and with the pre-release i have no problems.
-
Logos,
i have tried re-installed the ais 5.0.377 and disable the behavior shield but still the blue screen is happening 2 times within 10 minutes. Now working in safe mode. waiting for 394 to be downloaded and will re-try a shot and i do hope it will work fine or it will be very disappointing.
-
Keep us informed, so we can help you more pal. Take care, hope the pre-release helps to solve your problem, it solved mine with 5 pro, at work.
-
Well,
it might be too soon to conclude but since upgrading to AIS 394, i did not see any blue screen anymore.
thank you all.
-
I have download and install the AIS 5.394 and left it there about 4 hours. It was fine and i though it has been fixed. Then, i have started the full system scanning. There, The Blue Screen showed up again :(
It has been improved but you still need to work on it. i really detest it and i hope it will be totally excluded from the AIS.
Thanks
-
Do you have the corresponding minidump in C:\Windows\Minidump folder?
It could tell us what happened.
-
Of course, i have it.
how can i send it to you?
-
Can you please upload it to
ftp://ftp.avast.com/incoming
Thanks.
-
i have uploaded it
please check if you got it?
-
If you mean the file "012810-24070-01.dmp", then yes.
I sent it to the corresponding developer to check.
Thanks.
-
Yes, it is that one.
-
Hi Igor
How's that analysis of my dump file going?
-
Hi Igor
How's that analysis of my dump file going?
I believe the problem was fixed, and the fix should be included in the latest build (5.0.394)
-
Hi Igor
How's that analysis of my dump file going?
I believe the problem was fixed, and the fix should be included in the latest build (5.0.394)
Thank you ....
Would you mind answering one more question for me please?
How do you updated from Avast 4.8 to a current build? I like GUI and I want to update one on my Vista install...
Thank you
-
Sean Huong: Looking at your dump and I'd like to ask you if you can generate kernel dump instead of minidump, compress it and upload it on ftp? I'd really appreciate to look at this bug with kernel dump and see what exactly went wrong. Thanks for your help.
-
pk,
You need to help me doing that.
few minutes ago it happened again.
Thanks
-
Sean Huong: I see you're using Win7, so kernel dump should be already exist in \Windows\memory.dmp (or \Windows\system32\memory.dmp). Is that correct? If yes, please compress this with with rar/7z (get 7z here: http://www.7-zip.org/download.html). Then upload the compressed file on our ftp.
-
Pk, Already uploaded to ftp://ftp.avast.com/incoming and the file name is MEMORY-SH.rar
Anything else, please let me know.
Thanks.
-
PK,
I have got an offer to have automatic update to AIS 5.396. I though it is better but after updating and restart. it become worst. it is even more serious than 5.377.
i got 2 blue screen within 5 minutes and now need to start in Safe Mode.
Can i just restore back to AIS 5.394 with windows restore?
Hope it will be fix soon. :(
-
Could you please send me those 2 minidumps on kurtin@avast.com? Thanks.
-
Done. there are in total 6 files.
I have re-installed AIS 5.396 and went back to 5.394 but still could not avoid the blue screen. i cannot continue with it anymore. i need to switch back to 4.8 until everything is fine.
Can i use my license of AIS 5 with the 4.8? if yes, i prefer to choose it.
Thanks
-
Hi Igor or PK
Can you please answer my post above about upgrading avast 4.8 to 5.0
-
what is the result of your analyzing? when could i switch back to stable AIS 5?
Thanks
-
All,
after being quiet for a while, i learn about the new release of AIS 5.0.415. i have download and installed it and also updated it to 5.0.418.
However, there is no improvement. what i mean is the blue screen still keep showing up and i could not work at all until i re-installed it.
when do you guy think we need to help you testing your program? it becomes very boring now.
:(
-
If you dont want to help alwill, just stop doing it and keep the forums clean from complainings, we are here to help, not to cause more problems. And if you dont want to continue using avast that's your call, not us.
-
All,
after being quiet for a while, i learn about the new release of AIS 5.0.415. i have download and installed it and also updated it to 5.0.418.
However, there is no improvement. what i mean is the blue screen still keep showing up and i could not work at all until i re-installed it.
when do you guy think we need to help you testing your program? it becomes very boring now.
:(
Have you already submitted the dump file for further analysis?
Thanks
vlk
-
I just got that behavior on a machine with XPx86 on it. It was working fine with 4.8. I installed 5.0.377 and got BSOD. I will download the latest version and see if it fixes the problem for me. It was set to do minidump only. If I continue to get this problem with the latest version I'll have it make a full dump and upload it.
Edit: it was actually 5.0.396. I'll let you know if the latest version fixes it. And I'm dealing with the Free version of A5. Also possibly significant is that even when I disabled the self-protection module, it still gave me that BSOD. Ironically, when it is first installed, all was well. After a reboot......not so well. Not even usable.
-
Well, .418 did the same thing in the same place. This is an older computer running at a little over 600MHz, so I checked the box that says "load Avast! services after system services load." This is a good optimization for older machines, as it lessens the startup load, and I very much appreciate its inclusion. I understand why it's NOT checked by default, but rather wish it were. But I digress.
Here's the behavior: system loads and working desktop appears. System works fine for some seconds. Orange A-ball appears with red X. Red X changes to yellow exclamation mark. Some seconds later, BSOD. This is repeatable. It happens every time. I even took out a memory stick to see if that might be the matter. This machine is odd about its memory, and will give a BSOD if you run 3 256MB sticks in it (known gremlin with that board) but I had zero problems with it running on 2 sticks until I installed A5.
I am attempting to upload my memory dump now, but my internet connection is somewhat slow and very cantankerous, so it may take a bit of doing, and I may ultimately do it from a friend's house. The file name will be kerneldump-edifyguy-xpsp3-avast5-0-418.7z or some variation upon it (depending on what happens with failed writes.....seems your server won't allow overwrites.)
-
@ edifyguy
I doubt you will be able to use avast! V5 on such an old system.
I think v4.8 will be supported until the end of 2010.
-
It works fine with Windows XP, and really it's the OS that you're supporting, not the computer itself. Avast 5 runs fine on the machine, except for that BSOD problem. For example, if I install it and don't reboot, Avast 5 (unlike Avast 4) is running, as it simply starts the services with the machine hot, and everything is fine. It's presumably a conflict with some obscure aspect of the operating system that this box brings out for some reason.
For now, I did put 4.8 back on it just to do the job in the meantime, but I will upload the dump anyway, because XP is not going away any time soon, and if it did it to me, it'll do it to someone else, and that's a black eye (blue eye?) that Avast! doesn't need. Your coders can figure out what caused it and fix it, I'm sure. I have confidence in them. :P
-
edifyguy, would you mind to reupload kerneldump?
We got three files from you, but all of them are incomplete:
03/03/2010 03:25 AM 2,760 kerneldump-edifyguy-xpsp3-avast5-0-418-try3.7z
03/03/2010 03:24 AM 672,736 kerneldump-edifyguy-xpsp3-avast5-0-418-try2.7z
03/03/2010 03:09 AM 524,288 kerneldump-edifyguy-xpsp3-avast5-0-418.7z
If you have slow connection, you can upload a couple of latests minidumps (\Windows\Minidump folder) instead of kerneldump.
Thanks!
-
I know, I'll re-upload it from a friend's house later today. Worse than slow, it's also unreliable, and that causes timeouts on FTP. The full file is about 7.5MB, down from 40. 7zip is pretty amazing!
-
It's there now. Went to a friend's house with cable.
I might analyze it myself to see what might be the matter. 4.8 works without a hitch.
Jason
-
edifyguy, thanks for your dump... it seems your CPU doesn't support one instruction, or it doesn't work well on your AMD (K7 model I guess).
Would you mind to do some tests?
1) Please download CrystalCPUID tool: http://release.crystaldew.info/CrystalCPUID
2) Unpack & run. What's your "CPU Name"? Is it AMD K7 or something else?
3) In menu, click Function/Feature Flags, see 6th row "Model Specific Registers (MSR)", what's there: Yes or No?
4) If it's "Yes", click Function/MSR Walker, press START, go to MSR index 176 - is it present? If yes, what value do you see?
Thanks!
-
CPU NAME: AMD K6-III+ (coulda told you that with no help from the Crystal ball.....)
MSR=YES
MSR Walker doesn't give me the output you apparently had hoped for. This is all I get:
MSR : 63-32 31-0
--------------------------
00000000 : 00000000 00000000
00000001 : 00000000 00000000
0000000E : 00000000 00000000
00000010 : 00000051 78C78F7B
It's possible that I've slipped a digit here, but I was pretty careful. Why on earth would you be using CPU-spcific instructions anyway? And why does it only freak out when loaded at boot? Why not when it's first installed? Why does it still freak out when I disable the Avast! self-protection module from the UI?
So many questions, so little time!
Just know that I will cooperate fully to make Avast 5 as stable and compatible as Avast 4 is. I love Avast, and am a reseller as well, so I need it to be the best that it can be, and I'm willing to help it be that. I would recommend supporting Avast 4 with at least VPS updates indefinitely, as there are still more 9x/ME systems out there than you'd think, at least in this country............
-
, as there are still more 9x/ME systems out there than you'd think, at least in this country............
The US is one of the most infected countries on the Internet so it would benefit you to assist them in convincing the users to upgrade to a more secure operating system like XP.
Malware Infection Rate Worldwide
United States : 58.25%
http://techcrunchies.com/malware-infection-rate-worldwide
Top Spam Producing Countries
1. USA : 15.6%
http://techcrunchies.com/category/security
-
No argument there, but of course, there are some people who just aren't going to change until something dies. Besides, I still like Windows 98. I don't use it much anymore, but I still understand why someone would choose to keep using it as long as possible.
I can't think it would take much resources to just compile the VPS updates again for 4.8......would it? Just another click, I'd imagine. In fact, the whole process could surely be automated so that you just load in new signatures, and updates for both versions populate, so there'd be no reason not to support 4.8 with VPS indefinitely. I agree that program development on 4.8 should stop, and probably has, but it's already "there" as far as I'm concerned, and just keeping VPS updates for it should be no grief at all.
-
So what are you learning, pk? Have the coders inadvertently hooked a CPU routine that doesn't exist on some older machines? Are they going to be able to change it to be compatible without a total rethink of the file?
-
edifyguy: we'll fix it; rdmsr instruction is used to read internal CPU's machine specific registers. In fact, it's used at several places in avast - e.g. behavior shield checks if an application abuses its authority and modify them (there're some exploits that change the MSR register to point to their code and they're executed in the protected mode, ring 0), x64 virtualization module uses rdmsr to find kernel-mode input entry, etc.
-
Thanks for looking at it. Compatibility is tough across so many hardware platforms. Let me know if you need me to test something more on it. The machine was for sale as a refurb, but I think I'm going to hang onto it until we get this shaken out, as it makes a nice test machine for this compatibility issue. I am a reseller, too, and more than happy to help with program development inasmuch as I am able.
-
Some systems need to be put out to pasture because they are too old to be useful anymore:
http://idioms.thefreedictionary.com/put+out+to+pasture
Now where is my key to my Model T "Tin Lizzy" as I need to take a spin in the country to enjoy this Spring weather. 8)
http://www.wiley.com/legacy/products/subject/business/forbes/ford.html
-
YoKenny,
That's ridiculous. If the machine can still execute code required to perform everyday operations like web browsing and email, there's no reason that some non-speed demon (obviously not yourself) can't get some use out of it. There are plenty of people, including, but not limited to, the elderly, for whom that system is perfectly adequate. I have tested everything in it to be certain that it will be reliable for years to come, and there's no reason to send it "fishing" just because it's not fast enough to pleasure your game spot.....
The "Model T" comparison also doesn't work, because we're not dealing with the huge reliability and safety differences between modern cars and the Model T. A better comparison would be a 2010 Audi R8 and a 1997 Ford Taurus. There's no question which is the more powerful car, no question which is nicer, or niftier, or more fun, but to someone who has no interest in or need to go fast, a well-maintained 1997 Ford Taurus can be just as useful as the R8, and far more within reach financially.
Anyhow, I don't want to have that discussion on this forum, as that's not at all what this forum is about, so in the future if you feel the need to insult frugality and the desire to reduce waste by extending the useful life of things already in existence, please do so privately.
-
Any progress on either of the aswsp.sys BSODs? I see that build 462 is out of beta, but am unsure of whether it addresses either of our BSODs. I have not tried it on my XP K6 yet. Can anybody confirm whether it runs properly on 7 yet?
-
well, it does run correctly on win 7. I have it on my win 7 machine. No issues so far.
-
Any progress on either of the aswsp.sys BSODs? I see that build 462 is out of beta, but am unsure of whether it addresses either of our BSODs. I have not tried it on my XP K6 yet. Can anybody confirm whether it runs properly on 7 yet?
edifyguy,
last query: could you please run CrystalCPUID once again, go to "Function/CPUID information" - and tell me what's your EDX value for CPUID=1 ? :)
Thanks!
-
Oh! Sure! Sorry........I lost track of this thread. I'll do that ASAP. That machine is not presently in service, but I'll hook it back up ASAP. Probably a few days, as I only have 1 slot on my bench, which is presently in use for a data recovery.