Author Topic: BSOD Windows 11 (Read 1274 times)

Angel228 · « **on:** September 14, 2023, 09:50:22 PM »

Hi, Last month my computer gets a lot of BSOD, I drilled down on this and found this: avast, please fix this
It crash with same error at least 3 time per week

Avast: 23.8.6078 (build 23.8.8416.791)

************* Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\MyServerSymbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 22621 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22621.1928.amd64fre.ni_release_svc_prod3.230622-0951
Kernel base = 0xfffff803`12200000 PsLoadedModuleList = 0xfffff803`12e130e0
Debug session time: Sun Aug 13 13:09:15.315 2023 (UTC - 6:00)
System Uptime: 4 days 21:55:11.143
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000005`897e9018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`12631250 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffee09`7c9e2dc0=0000000000000135
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

REGISTRY_FILTER_DRIVER_EXCEPTION (135)
This BugCheck is caused by an unhandled exception in a registry filtering driver.
This BugCheck indicates that a registry filtering driver didn't handle exception inside
its notification routine. One can identify the driver by the 3rd parameter.
Arguments:
Arg1: ffffffffc0000005, ExceptionCode
Arg2: ffffee097c9e3670, Address of the context record for the exception that caused the BugCheck
Arg3: fffff8031e6900e0, The driver's callback routine address
Arg4: ffffc58d8ab36e60, Internal

Debugging Details:
------------------

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 13437

Key : Analysis.Elapsed.mSec
Value: 23610

Key : Analysis.IO.Other.Mb
Value: 0

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 0

Key : Analysis.Init.CPU.mSec
Value: 1078

Key : Analysis.Init.Elapsed.mSec
Value: 4735

Key : Analysis.Memory.CommitPeak.Mb
Value: 96

Key : Bugcheck.Code.KiBugCheckData
Value: 0x135

Key : Bugcheck.Code.LegacyAPI
Value: 0x135

Key : Dump.Attributes.AsUlong
Value: 1800

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 100

Key : Failure.Bucket
Value: AV_aswArPot!ARPOT2IDP_SET_CALLBACK

Key : Failure.Hash
Value: {8ff7db7f-56bf-dd92-baaf-7b871e77b969}

Key : Hypervisor.Enlightenments.ValueHex
Value: 1417cf94

Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1

Key : Hypervisor.Flags.ApicEnlightened
Value: 1

Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0

Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key : Hypervisor.Flags.CpuManager
Value: 1

Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1

Key : Hypervisor.Flags.Epf
Value: 0

Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1

Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key : Hypervisor.Flags.MaxBankNumber
Value: 0

Key : Hypervisor.Flags.MemoryZeroingControl
Value: 1

Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1

Key : Hypervisor.Flags.Phase0InitDone
Value: 1

Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key : Hypervisor.Flags.RootScheduler
Value: 0

Key : Hypervisor.Flags.SynicAvailable
Value: 1

Key : Hypervisor.Flags.UseQpcBias
Value: 0

Key : Hypervisor.Flags.Value
Value: 5116143

Key : Hypervisor.Flags.ValueHex
Value: 4e10ef

Key : Hypervisor.Flags.VpAssistPage
Value: 1

Key : Hypervisor.Flags.VsmAvailable
Value: 1

Key : Hypervisor.RootFlags.AccessStats
Value: 1

Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1

Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1

Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1

Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key : Hypervisor.RootFlags.IsHyperV
Value: 1

Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1

Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1

Key : Hypervisor.RootFlags.MceEnlightened
Value: 1

Key : Hypervisor.RootFlags.Nested
Value: 0

Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1

Key : Hypervisor.RootFlags.Value
Value: 1015

Key : Hypervisor.RootFlags.ValueHex
Value: 3f7

Key : SecureKernel.HalpHvciEnabled
Value: 1

Key : WER.OS.Branch
Value: ni_release_svc_prod3

Key : WER.OS.Version
Value: 10.0.22621.1928

BUGCHECK_CODE: 135

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: ffffee097c9e3670

BUGCHECK_P3: fffff8031e6900e0

BUGCHECK_P4: ffffc58d8ab36e60

FILE_IN_CAB: MEMORY.DMP

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x1800

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: lsass.exe

STACK_TEXT:
ffffee09`7c9e2db8 fffff803`12c12690 : 00000000`00000135 ffffffff`c0000005 ffffee09`7c9e3670 fffff803`1e6900e0 : nt!KeBugCheckEx
ffffee09`7c9e2dc0 fffff803`12a9f3d9 : ffffee09`7c9e4098 fffff803`1e6a9163 ffffee09`7c9e3430 fffff803`128c9975 : nt!CmpCallbackFatalFilter+0x24
ffffee09`7c9e2e00 fffff803`125f0911 : ffffee09`00000003 ffffee09`7c9e3e58 ffffee09`7c9de000 ffffee09`7c9e5000 : nt!CmpCallCallBacksEx$filt$0+0x19
ffffee09`7c9e2e30 fffff803`1263c4bf : ffffee09`7c9e3e58 ffffee09`7c9e3430 ffffee09`7c9e3e00 fffff803`128c9975 : nt!_C_specific_handler+0xa1
ffffee09`7c9e2ea0 fffff803`1246e8b3 : ffffee09`7c9e44c0 ffffee09`7c9e3e58 fffff803`128c9975 fffff803`12312860 : nt!RtlpExecuteHandlerForException+0xf
ffffee09`7c9e2ed0 fffff803`12522e5e : 00000000`67766001 ffffee09`7c9e3f00 ffffee09`7c9e3f00 ffffee09`7c9e3670 : nt!RtlDispatchException+0x2f3
ffffee09`7c9e3640 fffff803`126469fc : ffffee09`00000001 00000000`00989680 00000000`00000000 ffffc58d`3b038d40 : nt!KiDispatchException+0x1ae
ffffee09`7c9e3d20 fffff803`12641364 : fffff180`c5b14fe8 00000000`00000040 ffff8801`eded9b30 00000000`0480f000 : nt!KiExceptionDispatch+0x13c
ffffee09`7c9e3f00 fffff803`1e6a9163 : fffff803`1e681b0a ffffd883`91f888b0 0000018b`00000000 ffffee09`7c9e4200 : nt!KiSegmentNotPresentFault+0x364
ffffee09`7c9e4098 fffff803`1e681b0a : ffffd883`91f888b0 0000018b`00000000 ffffee09`7c9e4200 0000018b`629fe001 : aswArPot!ARPOT2IDP_SET_CALLBACK+0xbe13
ffffee09`7c9e40a0 fffff803`1e688b90 : ffffee09`7c9e4140 0000018b`629fd000 fffff803`00000002 01d9ce19`a6dccd95 : aswArPot+0x1b0a
ffffee09`7c9e4100 fffff803`1e68a5aa : ffffc58d`58402050 ffffee09`7c9e4310 ffffee09`7c9e4308 ffffee09`7c9e4340 : aswArPot+0x8b90
ffffee09`7c9e42c0 fffff803`1e690229 : ffffee09`7c9e4500 00000000`00002ea4 ffffc58d`7f6d5670 ffffee09`7c9e4880 : aswArPot+0xa5aa
ffffee09`7c9e44c0 fffff803`128c9975 : 00000000`00000000 00000000`00000001 ffffee09`7c9e4880 ffffee09`7c9e4880 : aswArPot+0x10229
ffffee09`7c9e4640 fffff803`128b4108 : 00000005`00000001 ffffee09`7c9e4880 00000000`00000000 00000000`00501801 : nt!CmpCallCallBacksEx+0x235
ffffee09`7c9e4770 fffff803`12646826 : 00000000`00000000 fffff803`12805f57 00000000`00000000 00000000`00000000 : nt!NtSetValueKey+0x5f8
ffffee09`7c9e4970 00007ffa`2a20f944 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x43b
00000005`89f7b7f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`2a20f944

SYMBOL_NAME: aswArPot!ARPOT2IDP_SET_CALLBACK+be13

MODULE_NAME: aswArPot

IMAGE_NAME: aswArPot.sys

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: be13

FAILURE_BUCKET_ID: AV_aswArPot!ARPOT2IDP_SET_CALLBACK

OS_VERSION: 10.0.22621.1928

BUILDLAB_STR: ni_release_svc_prod3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {8ff7db7f-56bf-dd92-baaf-7b871e77b969}

Followup: MachineOwner

Nom · « **Reply #1 on:** September 15, 2023, 04:03:26 AM »

It doesn't hurt to check the RAM. Although some kind of conflict is possible, as here - https://forum.avast.com/index.php?topic=234416.0
It is also worth running avast - troubleshooting - fix errors in the settings. To exclude options with file corruption, it is also worth checking the hard disk and system files with the commands: chkdsk c: /r and sfc /scannow
The main question is whether avast was updated before the errors appeared. Maybe there was a system update or installation / update of other software.
I think if the problem was in avast, messages like yours would be massive. But there were none in my memory. So most likely you have something individual.

Cluster-Lizard2014 · « **Reply #2 on:** September 15, 2023, 02:06:04 PM »

I would suggest the OP Googles that, possible culprit, AVAST module name: aswArPot as there appear to be a number of threads here and elsewhere about similar problems connected with it that may provide a fix.

Angel228 · « **Reply #3 on:** September 16, 2023, 09:11:52 PM »

Hi Thanks,

I run chkdsk:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
1191936 file records processed.
File verification completed.
Phase duration (File record verification): 18.84 seconds.
17403 large file records processed.
Phase duration (Orphan file record recovery): 11.45 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 1.67 milliseconds.

Stage 2: Examining file name linkage ...
903 reparse records processed.
1485096 index entries processed.
Index verification completed.
Phase duration (Index verification): 32.94 seconds.
0 unindexed files scanned.
Phase duration (Orphan reconnection): 4.37 seconds.
0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 979.62 milliseconds.
903 reparse records processed.
Phase duration (Reparse point and Object ID verification): 10.84 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 1062 unused index entries from index $SII of file 0x9.
Cleaning up 1062 unused index entries from index $SDH of file 0x9.
Cleaning up 1062 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 50.10 milliseconds.
146581 data files processed.
Phase duration (Data attribute verification): 1.86 milliseconds.
CHKDSK is verifying Usn Journal...
36109648 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 262.43 milliseconds.

Stage 4: Looking for bad clusters in user file data ...
1191920 files processed.
File data verification completed.
Phase duration (User file recovery): 9.93 minutes.

Stage 5: Looking for bad, free clusters ...
48856017 free clusters processed.
Free space verification is complete.
Phase duration (Free space recovery): 28.78 seconds.

Windows has scanned the file system and found no problems.
No further action is required.

477744127 KB total disk space.
280604120 KB in 740140 files.
409404 KB in 146582 indexes.
0 KB in bad sectors.
1306535 KB in use by the system.
65536 KB occupied by the log file.
195424068 KB available on disk.

4096 bytes in each allocation unit.
119436031 total allocation units on disk.
48856017 allocation units available on disk.
Total duration: 11.37 minutes (682721 ms).

Internal Info:
00 30 12 00 24 81 0d 00 75 5e 18 00 00 00 00 00 .0..$...u^......
65 01 00 00 22 02 00 00 00 00 00 00 00 00 00 00 e..."...........

and SFC

no problems found (I check in %Windir%\logs\cbs\cbs.log as well)

Run memory diag tool I seen in event viewer:

The Windows Memory Diagnostic tested the computer's memory and detected no errors

Last updates:
2023-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5030219)
Successfully installed on 9/12/2023
2023-09 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5031217)
Successfully installed on 9/12/2023
2023-09 .NET 60.22 Security Update for x64 Client (KB5030559)
Successfully installed on 9/12/2023
2023-08 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057)
Successfully installed on 8/30/2023
2023-08 Cumulative Update Preview for Windows 11 Version 22H2 for x64-based Systems (KB5029351)
Successfully installed on 8/22/2023

Nom · « **Reply #4 on:** September 17, 2023, 05:03:51 AM »

There were errors in the file system, but it's not a fact that they are the reason. Perhaps they are consequences.
Did you do the Error correction item in the avast settings?
It may need a clean reinstall. There may also be a conflict with another program or with the tails remaining after their removal.

RedFan · « **Reply #5 on:** September 17, 2023, 09:17:13 AM »

Another strange thing here too, on my daughters HP laptop with windows 10 when avast installed after a few hours her laptop crashes with a notification about overheated, happens several times a day.
When install Bitdefender free on her laptop it stays awake a no crashes and runs without any BSOD and with no problems , so there must be something wrong with avast , as soon avast is installed on this laptop starts crashing several times a day (and this is already 2 years that were trying to use avast on that laptop) with another AV that laptop runs fine. so we no longer use avast on that machine !

Nom · « **Reply #6 on:** September 17, 2023, 04:34:27 PM »

Quote from: RedFan on September 17, 2023, 09:17:13 AM

Another strange thing here too, on my daughters HP laptop with windows 10 when avast installed after a few hours her laptop crashes with a notification about overheated, happens several times a day.

Maybe the cooler needs to be cleaned?

It's really strange, I've probably installed avast on thousands of computers, but I've never seen anything like it. Moreover, you have HP and if there was a case of some incompatibility, then this forum and the avast company would have already been flooded with such messages. I think something is wrong with your operating system. There can be no other explanation.

igor · « **Reply #7 on:** September 18, 2023, 08:26:41 AM »

Angel228: Is it possible to get the actual dump, not just the text analysis? Thanks.

Angel228 · « **Reply #8 on:** September 18, 2023, 10:52:35 PM »

Sure But dump takes 2.5 GB, How can I send it to you safely?

Spec8472 · « **Reply #9 on:** September 19, 2023, 06:53:45 PM »

Please upload it using Avast FTP: https://support.avast.com/en-eu/article/ftp-file-upload/#pc

Author Topic: BSOD Windows 11 (Read 1274 times)

Angel228

BSOD Windows 11

Nom

Re: BSOD Windows 11

Cluster-Lizard2014

Re: BSOD Windows 11

Angel228

Re: BSOD Windows 11

Nom

Re: BSOD Windows 11

RedFan

Re: BSOD Windows 11

Nom

Re: BSOD Windows 11

igor

Re: BSOD Windows 11

Angel228

Re: BSOD Windows 11

Spec8472

Re: BSOD Windows 11