Author Topic: AVAST Causing BSOD?  (Read 2214 times)

0 Members and 1 Guest are viewing this topic.

jared19

  • Guest
AVAST Causing BSOD?
« on: July 21, 2011, 12:27:55 AM »
Hi,

Lately my pc suddenly halt on me. Windows seems to fail on writing a core dump most of the time, but when it finally do, it listed aswSnx.sys as the culprit, after much investigation.

A little background: when my PC halted on me the 1st 2 times, I wonder what's going on. After searching the net I thought my RAM is bad. So I downloaded Memtest86 v3.5b and run it. It found no errors. Dumbfounded, I use it normally, and it went fine. Almost 2 days without power down nor reboot since then, my PC halted again. This time, I tried Windows Driver Verifier. My PC can boot normally after I chose to standard test all drivers in my system, but it ran sluggish. So, I thought "OK, still dumbfounded", I reset the Driver Verifier and reboot. That's when the BSOD happened. Luckily, this time Windows is able to write a dump. Here's the undecoded snippet of the dump:

Code: [Select]
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000003c, ObReferenceObjectByHandle is being called with a bad handle.
Arg2: 000000a4, Handle value specified by the caller.
Arg3: 00000000, Object type specified by the caller.
Arg4: 00000000

Debugging Details:
------------------

BUGCHECK_STR:  0xc4_3c
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO
PROCESS_NAME:  nvsvc32.exe
LAST_CONTROL_TRANSFER:  from 8065979c to 804f9f33

STACK_TEXT: 
b4c20d00 8065979c 000000c4 0000003c 000000a4 nt!KeBugCheckEx+0x1b
b4c20d20 a7ba5d0e 000000a4 00000000 00000000 nt!VerifierReferenceObjectByHandle+0x6c
WARNING: Stack unwind information not available. Following frames may be wrong.
b4c20d48 a7ba66cf 000000a4 008bfcd4 b4c20d64 aswSnx+0x36d0e
b4c20d58 8054161c 000000a4 008bfcd4 7c90e4f4 aswSnx+0x376cf
b4c20d58 7c90e4f4 000000a4 008bfcd4 7c90e4f4 nt!KiFastCallEntry+0xfc
008bfcd4 00000000 00000000 00000000 00000000 0x7c90e4f4


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSnx+36d0e
a7ba5d0e ??              ???

SYMBOL_STACK_INDEX:  2
SYMBOL_NAME:  aswSnx+36d0e
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: aswSnx
IMAGE_NAME:  aswSnx.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  4e11a5ca
FAILURE_BUCKET_ID:  0xc4_3c_aswSnx+36d0e
BUCKET_ID:  0xc4_3c_aswSnx+36d0e

As seen, the offending driver was "aswSnx.sys". My question is, does that driver vital for AVAST to work? Can I delete it? I use AVAST mainly for offline scanning, and the only real-time shield I use are Web, Network, and Script shields. I can do without the shields as I also use Outpost Firewall.

My system is:
Pentium D 3GHz, 2GB RAM, Nvidia 8500GS 512MB (card from GigaByte)
Windows XP SP3 32bit
AVAST v6.0.1203

Thanks