Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: bakantor on August 05, 2010, 01:11:06 AM
-
I got a BSOD from aswsp.sys after installing Avast Internet Security today on a Vista PC. I also had many BSODs (20-30 over a month or so) on a Win XP SP3 machine that seemed to happen at random times and resolved with removal of Avast Free. Any ideas? Attached is the screenshot from the Vista BSOD.
Thanks!
Further info is below:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.256.6
Locale ID: 1033
Additional information about the problem:
BCCode: 50
BCP1: 8C250038
BCP2: 00000000
BCP3: 8C636598
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini080410-01.dmp
C:\Windows\Temp\WER-61807-0.sysdata.xml
C:\Windows\Temp\WER6518.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
Windows NT Version 6.0 Build: 6000
Product (0x6): Windows Vista (TM) Business
Edition: Business
BuildString: 6000.17021.x86fre.vista_gdr.100218-0019
Flavor: Multiprocessor Free
Architecture: X86
LCID: 1033
-
Here I go with the same problem.
Windows XP Home Edition 5.01.2600 SP3
Laptop: Compaq Presario R4000 series
Chipset: ATI RS480M
Processor: AMD Athlon 64+ 3800+ @2400Mhz
RAM: 1GB DDR (2x512 DDR-SDRAM)
Graphic: ATI Radeon XPress 200M
Avast! version: 5.0.594
What happens is that every second re-start or start up is causing the BSoD. Every time the possible cause is listed as aswSP.sys. After it goes through the complete scan or I just turn the power off - second start goes smoothly. BlueScreen shows up at the logon screen. Recently I have tried to install the Cool I Cam tablet drivers but with no luck so un-installed every thing what I have tried to install.
Below is the minidump debug:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini080910-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp3_gdr.100216-1514
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Mon Aug 9 14:16:37.093 2010 (GMT+2)
System Uptime: 0 days 0:01:12.640
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 805b6be2, a55329e8, a55326e4}
Unable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
*** WARNING: Unable to verify timestamp for aksfridge.sys
*** ERROR: Module load completed but symbols could not be loaded for aksfridge.sys
Probably caused by : aswSP.SYS ( aswSP+8c94 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 805b6be2, The address that the exception occurred at
Arg3: a55329e8, Exception Record Address
Arg4: a55326e4, Context Record Address
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'aksfridge' and 'Parport.SYS' overlap
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
nt!ObpCaptureObjectName+c6
805b6be2 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
EXCEPTION_RECORD: a55329e8 -- (.exr 0xffffffffa55329e8)
Cannot read Exception record @ a55329e8
CONTEXT: a55326e4 -- (.cxr 0xffffffffa55326e4)
Unable to read context, Win32 error 0n30
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x7E
EXCEPTION_STR: 0x0
LAST_CONTROL_TRANSFER: from 805b6d6f to 805b6be2
STACK_TEXT:
a5532af4 805b6d6f ba625c00 a5532cdc a5532b78 nt!ObpCaptureObjectName+0xc6
a5532b48 805b105c 856ccd90 ba625c00 ba625c00 nt!ObpCaptureObjectCreateInformation+0x135
a5532b8c 8061b8ea a5532cc4 856ccd90 ba625c00 nt!ObOpenObjectByName+0x62
a5532c88 a7b4bc94 a5532d08 00020019 a5532cc4 nt!NtOpenKey+0x1c8
WARNING: Stack unwind information not available. Following frames may be wrong.
a5532ca4 a545bd3b a5532d08 00020019 a5532cc4 aswSP+0x8c94
a5532ce4 a543735b 84907850 00020019 a5532d08 aksfridge+0x33d3b
a5532d20 a546df28 84907008 00000000 84907b80 aksfridge+0xf35b
a5532d54 8053d658 00000000 00000000 06d8ffb4 aksfridge+0x45f28
a5532d54 ffffffff 00000000 00000000 06d8ffb4 nt!KiFastCallEntry+0xf8
a5532dd4 00000000 00000000 80541e02 a546dee9 0xffffffff
FOLLOWUP_IP:
aswSP+8c94
a7b4bc94 ?? ??
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: aswSP+8c94
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffffffffa55326e4 ; kb
FAILURE_BUCKET_ID: 0x7E_aswSP+8c94
BUCKET_ID: 0x7E_aswSP+8c94
Followup: MachineOwner
---------
kd> lmvm aswSP
start end module name
a7b43000 a7b6a000 aswSP T (no symbols)
Loaded symbol image file: aswSP.SYS
Image path: \SystemRoot\System32\Drivers\aswSP.SYS
Image name: aswSP.SYS
Timestamp: unavailable (00000000)
CheckSum: 00000000
ImageSize: 00027000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Let me know what kind of file will be helpful to check the problem - I am sure I can send it. I am sure that the problem will continue. I have tried to re-install Avast but the problem is still the same.
Hopefully someone will find a solution. I really like the software so keep up the good work.
-
What is the avast version you are using free/pro/AIS ?
What is the version number, 5.0.594 is the latest ?
If you don't have that version do a manual program update first and see if that resolves the problem.
-
Avast Free Edition - the latest version :) wrote that in previous post ;)
UPDATE: after un-installing the program, system starts-up normally :/ without the BSoD
-
OK thanks for the update.
Glad that you now have it resolved.
Welcome to the forums.
-
But the problem still remains. I am now working without the Avast! AntiVirus, which I am not really happy off. I would like to keep that, in my opinion, great software. Hopefully there will be a solution for the blue screen issue. I know that was on of the problems in a previous version (not sure but I think it was 4.6 or .8?)
EDIT: Thanks for the welcoms :) I would be glad to help the software makers in any way.
-
Sorry I though you had reinstalled it and not just uninstalled.
Try a clean reinstall:
- Download the latest version of avast, 5.0.594 http://www.avast.com/free-antivirus-download (http://www.avast.com/free-antivirus-download) and save it to your HDD, somewhere you can find it again (if you didn't save your last download). Use that when you reinstall.
- Download the avast! Uninstall Utility, aswClear5.exe find it here (http://www.avast.com/uninstall-utility) and save it to your HDD (it has uninstall tools for both 4.8 and 5.0). - 1. Now uninstall (using add remove programs, if you can't do that (or don't need to having uninstalled) start from the next step), reboot.
- 2. run the avast! Uninstall Utility from safe mode, first for 4.8 if previously installed and then for 5.0, once complete reboot into normal mode.
- 3. install the latest version, reboot.
-
Thanks for the advise. As of the first start-up no BSoD showed up :D will update in few days with a report. Thanks again DavidR
-
You're welcome.
-
For my issue I am using version 5.0.594 of Avast Internet Security. How should I proceed?
-
Basically in the same way as in Reply #6 above, if this is a repeat alert try a clean reinstall ensuring you run the uninstall utility for 4.8 also, but for the AIS version.
-
I also get the BSOD
latest package, 5.0.594
mine is rather strange tho when it happens.
I load up the yahoo instant messenger, and thats when
the bsod hits. I think its the modules in yahoo that
is causing the problem, but cant be sure.
win xp sp 3
yahoo im is 8.1.0.421
module 8.0.0.1
nothing else so far is causing this to happen.
i was using the 4.8 pro version and bought the
online version today. do i have to de-install,
then reinstall , and if it keeps happening, and
i can no longer use yahoo, then what?
why would the yahoo modules be causing
the BSOD in the first place? i turned it all
off, then ran it, and i still got a bsod.
-
I would tend to agree about Yahoo instant messenger, but you need to check out the windows even viewer as the others have to get more information.
-
Same thing happened to me. About a week after upgrading Avast (free) from v4 to v5 my system started to experience BSOD crashes. I did not have the tools to analyze the logs at that time, and the system degraded so quickly that it was completely dead before I could determine the culprit.
Tore it down and tested all of the components to ensure that it was not hardware failure. Then rebuilt it, formatting the drive, to get a clean install. Loaded Avast v5 directly from the download, and within a week was back to BSOD crashes, but this time I could see that the first two were caused by aswsp.sys. After that, the system was unstable and corrupt, so other BSOD started happening.
I'll be reloading this box again from scartch and trying another AV solution to confirm. I like Avast and hope this gets resolved. I can attached or post my dmp files and system specs if it will help.
-
The dump files would certainly be needed to tell anything.
It's possible to upload them to ftp://ftp.avast.com/incoming (ftp://ftp.avast.com/incoming)
-
Dmp files Mini072510-01.dmp and Mini072810-01.dmp have been uploaded to your FTP server.
-
Thanks for the dumps.
They indicate that the problem is indeed related to a confirmed issue in the current version of (5.0.594).
The issue has already been fixed in our internal builds, and will be fixed in the next program update (which is scheduled for the end of this month).
Thanks
Vlk
-
So if I go back to v4.8 in the mean time I should not experience any BSOD crashes?
-
I can't seem to get a stable install of XP to load on my machine now (even though all the hardware tests good, and I am loading from scratch with a fresh format). Can you tell me what the known issue was and what it was doing to crash my PC?
-
Hello.
I have also been annoyed by BSODs seemingly caused by aswsp.sys -file according to minidump files. However every time I receive this BSOD it is when I'm booting into windows the normal way. BSOD appears just as the desktop shows up (and I think its when avast is being started). When this happened I only could boot into safe mode.
However I did find also out that there was some strange .sys files being added to my windows/system32/drivers directory. Those sys files did not bring anything when googling them (one was named xumsreq.sys). I have then deleted those files (from windows XP installation cd using repair console) and after that I could succesfully boot into windows normally. Anyway this same situation did repeat itself after next reboot and I did go thru the same method again (this time it was different named .sys file which I didn't find any google results about), and got into windows. Later I noticed from minidump files that aswsp.sys was 'the cause'.
EDIT: After booting again into windows normal way I received a warning about aec.sys, which seems to be "Microsoft Acoustic Echo Canceller".
I wonder if these seemingly randomly named sys files are part of this problem or is my PC infested by some strange virus? I have scanned my HDs with 5.0.594 avast and it didnt find anything. If this happens after next boot again I'll downloaded the uninstaller to test if uninstalling avast in safe-mode helps the situation.
I'm running Windows XP sp3 and avast 5.0.594.
-
Thanks for the dumps.
They indicate that the problem is indeed related to a confirmed issue in the current version of (5.0.594).
The issue has already been fixed in our internal builds, and will be fixed in the next program update (which is scheduled for the end of this month).
Thanks
Vlk
Sorry to bother you, I also got random BSOD with the latest version 5.0.677. I had random BSOD at boot of Windows 7 Ultimate since 2 months.
This morning I un-installed Avast (Free), reboot, then ran the tool to clean the registry.
I downloaded the latest version this morning just before.
Install went fine. After configuration I rebooted the machine. OK
This afternoon after a restart, I got the same BSOD with the same messages posted above.
I use Comodo Firewall 5 (Without Antivirus) No Sandbox and SuperAntiSpyware Version 4.43.1000. (Latest).
What can I do ?
Thanks ;)
-
Niagara: please send me (kurtin@avast.com) a couple of latest minidump files from \Windows\Minidump folder. Thanks.
-
Thanks, I will do that asap :)
-
Niagara: please send me (kurtin@avast.com) a couple of latest minidump files from \Windows\Minidump folder. Thanks.
Hello,
This morning at boot, I got a new BSOD. The BSOD occur few seconds after the Desktop is loaded, Avast loaded too. Strange, I found into Windows/temp folder a directory named "_avast5". Seems Avast try to update and crash Windows 7. ??
(No error into windows event log viewer)
I'll send two files at the given email address.
-
Thanks, we found there was an issue with one of AppV's driver and we've already fixed it in the source code. Please turn Behavior Shield off and turn it back tomorrow, it should help :) because you'll receive patch code in virus database update.
Please let us know if it helps tomorrow.
Thanks.
-
Thanks you very much for reply :)
Just a dumb question: What is in French "turn Behavior Shield off", English is not by far my native language and I apologize for that...
I got a new BSOD a boot this morning, hope your solution will solve the problem. ;)
-
Turn Behavior Shield off in French is Comportement hors tour Shield.
-
Thanks you, the only word containing "Comportement" into the settings from the left choice, is "Agent actions suspectes" > "L'agent actions suspect surveille les Comportements suspect sur votre ordinateur...."
If I deactive this shield I got a message " Protection residente desactivée", with mean for me there is no more guard in memory, just manual scan ??
-
We basically want you to turn off the Behavior Shield until tomorrow because Avast is putting something in their next virus definitions database so that when you get an update, it will fix your problem....but you have to leave you Behavior Shield off, get the update, then turn the Behavior Shield back on.
Let us know if this fixes the problem.
-
Thanks, I will deactivate the resident Guard shield until tomorrow as needed. ;)
-
Thanks, I will deactivate the resident Guard shield until tomorrow as needed. ;)
No....only deactivate the Behavior Shield.
Do not deactivate any other shield or you will not have any antivirus protection.
-
Thanks, I will deactivate the resident Guard shield until tomorrow as needed. ;)
No....only deactivate the Behavior Shield.
Do not deactivate any other shield or you will not have any antivirus protection.
Sorry I don't find any information or service named or can be translated to "Behavior Shield" into the French Avast Version.
Services I can disable:
- Agent des Fichiers (Scanning Files)
- Agent Mail (Scanning Mails)
- Agent Reseau (Network Protection)
- Agent actions suspectes (The one I have disabled)
I don't use the Web Shield. Not installed.
- If someone can tel me the right one ? I am lost. :(
Thanks.
-
Behavior Shield is called "Agent Actions Suspectes" in the French version of avast.
It's usually the last one in the list of Shields.
That's the one you're supposed to disable.
Anyway, the VPS update that's supposed to fix the issue, so the question is, is the problem happening anymore?
Thanks
Vlk
-
Thanks Vlk, I was not sure 100% if it was the right component.
So I will wait tomorrow for a VPS update (Why not a program update ?), an will see if the BSOD are gone.
On 5 reboot of the PC, I got 3 BSOD before disabling the service. And none after 2 reboots.
(I don't want to mess my PC or crash file system) I have to run chkdsk /f each time after a BSOD. And a reboot .. lol :)
-
No need to wait now, the update is already out and most likely installed on your PC.
-
I got Version 100917-0
Is it the good one ? If so I will reactivate the Behavior Shield and will let you know tomorrow morning how good it is. :)
-
Yep, should be good.
-
I got Version 100917-0
Is it the good one ? If so I will reactivate the Behavior Shield and will let you know tomorrow morning how good it is. :)
Well you have the latest VPS, don't know if that is the one.
Check the avast! Virus Update History 2010 (http://www.avast.com/virus-update-history-2010).
There was a corrective VPS update yesterday, 16.9.2010 - 100916-3, so I don't know if that is the one Vlk meant.
-
I don't use the Web Shield. Not installed.
Based on the information that Vlk gave us, you are good to go regarding the Behavioral Shield (Agent Actions Suspectes).
But why do you have your Web Shield not installed? This gives you less protection. Do you have another security software that protects you? I just want to make sure you are well protected. Thank you.
-
I don't use the Web Shield. Not installed.
Based on the information that Vlk gave us, you are good to go regarding the Behavioral Shield (Agent Actions Suspectes).
But why do you have your Web Shield not installed? This gives you less protection. Do you have another security software that protects you? I just want to make sure you are well protected. Thank you.
Sa far, so good. No BSOD this Morning. I got Update 100917-1, then reboot after enabling the Behavoir Shield. all ok.
Yes I use Comodo Firewall with Defense + (No anivirus) latest version 5.01 (Was using 3xx version for 3 years), and I did not use Web Shield as it seems to me acting as a local proxy causing problems when it comes to check for Leaktests.
I also have resident guard with SuperAntispyware Pro version.
Avast causing BSOD start to occur BEFORE I install Comodo V5.01.
Anyway I must say you are outstanding nice guys helping free customer. Thanks you Merci beaucoup. :) :)
-
Niagara,
I'm glad that things seem to be working now. :D We always try to give the best support to everyone no matter what version or product of Avast they have (Free or paid) as we want everyone to be happy and we want to help them.
Please feel free to come back anytime you need help (even if my French is not that good...I do try), or to learn something new, or just to ask questions. We are here all the time for your convenience. Merci beaucoup for allowing me to help you. :)
-
You are welcome :)