Author Topic: BSOD avastsvc.exe & aswmonflt.sys  (Read 3003 times)

0 Members and 1 Guest are viewing this topic.

Offline Mordeen

  • Newbie
  • *
  • Posts: 1
BSOD avastsvc.exe & aswmonflt.sys
« on: May 04, 2012, 11:39:13 PM »
Sorry if this is a double-post, but I got an error in the forums on the first try.

Anyway, I have a Gateway FX7026 with a clean install of Windows 7 Pro 64-bit, with Avast Home Free, CCleaner, Malwarebytes Free, Office 2007 Enterprise, and league of Legends. Three days in to the new install, and I get a BSOD, for which the windbg crash analysis is pasted below. Any help on the cause/solution would be fantastic. Thanks in advance!

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000002, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
   bit 0 : value 0 = read operation, 1 = write operation
   bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002efe932, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030ff100
 0000000000000002

CURRENT_IRQL:  2

FAULTING_IP:
nt!KxWaitForLockOwnerShip+12
fffff800`02efe932 48890a          mov     qword ptr [rdx],rcx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  AvastSvc.exe

TRAP_FRAME:  fffff88005fb8e10 -- (.trap 0xfffff88005fb8e10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000019 rbx=0000000000000000 rcx=fffff88005fb9040
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002efe932 rsp=fffff88005fb8fa0 rbp=0000000000000000
 r8=fffff88005fb9040  r9=0000000000000006 r10=0000007c40004048
r11=0000007ffffffff8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt!KxWaitForLockOwnerShip+0x12:
fffff800`02efe932 48890a          mov     qword ptr [rdx],rcx ds:0206:00000000`00000002=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ecd2e9 to fffff80002ecdd40

STACK_TEXT: 
fffff880`05fb8cc8 fffff800`02ecd2e9 : 00000000`0000000a 00000000`00000002 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`05fb8cd0 fffff800`02ecbf60 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffff800`03102d68 : nt!KiBugCheckDispatch+0x69
fffff880`05fb8e10 fffff800`02efe932 : 00000000`00000000 fffffa80`06aff4e0 00000000`00000000 fffff800`03042e80 : nt!KiPageFault+0x260
fffff880`05fb8fa0 fffff800`02ed6e1e : fffff800`03102d68 fffff800`03095f20 00000000`00000000 fffff980`0fb0003f : nt!KxWaitForLockOwnerShip+0x12
fffff880`05fb8fd0 fffff800`02eecfab : 00000000`00000000 00000000`000d5c18 fffff800`03102d48 00000000`000d8a97 : nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+0x7e
fffff880`05fb9020 fffff800`02edd05c : 2aaaaaaa`aaaaaaab fffffa80`02814480 00000580`00000000 fffffa80`02814480 : nt!MiInsertPageInList+0x12b
fffff880`05fb9070 fffff800`02ef115f : 00000000`0023f000 fffffa80`02814480 00000000`00000000 fffff880`05fb9368 : nt!MiPfnShareCountIsZero+0x19c
fffff880`05fb90e0 fffff800`031dd9a9 : fffff980`10380000 fffff8a0`0d201980 fffff8a0`00000000 00000000`00000000 : nt!MmUnmapViewInSystemCache+0x51f
fffff880`05fb93c0 fffff800`02ef098b : 00000000`00200000 fffffa80`066302d0 00000000`00000000 00000000`00300000 : nt!CcUnmapVacb+0x5d
fffff880`05fb9400 fffff800`02ee3219 : fffff980`10680001 00000000`00300000 fffffa80`06bae6e0 fffffa80`06630e10 : nt!CcUnmapVacbArray+0x1bb
fffff880`05fb9490 fffff800`031b6aa2 : 00000000`00000000 00000000`00300000 fffff880`05fb9560 fffff880`05fb95f0 : nt!CcGetVirtualAddress+0x38a
fffff880`05fb9520 fffff880`012c4f08 : fffff880`00000000 00000000`00000005 fffffa80`06bc1d60 fffffa80`00080001 : nt!CcCopyRead+0x132
fffff880`05fb95e0 fffff880`0103b098 : fffffa80`069408c0 fffffa80`06bc1cf8 00000000`00000000 00000000`00000001 : Ntfs!NtfsCopyReadA+0x1a8
fffff880`05fb97c0 fffff880`0103e8ba : fffff880`05fb98b8 fffffa80`09957203 fffff880`05fb9a00 00000000`00000000 : fltmgr!FltpPerformFastIoCall+0x88
fffff880`05fb9820 fffff880`0104c1a0 : 00000000`00000004 00000000`00000000 fffffa80`069408c0 00000000`00000000 : fltmgr!FltpPassThroughFastIo+0xda
fffff880`05fb9860 fffff880`04850633 : fffffa80`067c1880 fffffa80`00000000 00000000`00000001 fffffa80`0a1866f0 : fltmgr!FltReadFile+0x260
fffff880`05fb9940 fffffa80`067c1880 : fffffa80`00000000 00000000`00000001 fffffa80`0a1866f0 fffff880`07ed0020 : aswMonFlt+0x7633
fffff880`05fb9948 fffffa80`00000000 : 00000000`00000001 fffffa80`0a1866f0 fffff880`07ed0020 fffffa80`00000004 : 0xfffffa80`067c1880
fffff880`05fb9950 00000000`00000001 : fffffa80`0a1866f0 fffff880`07ed0020 fffffa80`00000004 fffff880`05fb9a08 : 0xfffffa80`00000000
fffff880`05fb9958 fffffa80`0a1866f0 : fffff880`07ed0020 fffffa80`00000004 fffff880`05fb9a08 00000000`00000000 : 0x1
fffff880`05fb9960 fffff880`07ed0020 : fffffa80`00000004 fffff880`05fb9a08 00000000`00000000 00000000`00000000 : 0xfffffa80`0a1866f0
fffff880`05fb9968 fffffa80`00000004 : fffff880`05fb9a08 00000000`00000000 00000000`00000000 fffffa80`06652f30 : 0xfffff880`07ed0020
fffff880`05fb9970 fffff880`05fb9a08 : 00000000`00000000 00000000`00000000 fffffa80`06652f30 00080000`00000004 : 0xfffffa80`00000004
fffff880`05fb9978 00000000`00000000 : 00000000`00000000 fffffa80`06652f30 00080000`00000004 00000000`00000000 : 0xfffff880`05fb9a08


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswMonFlt+7633
fffff880`04850633 ??              ???

SYMBOL_STACK_INDEX:  10

SYMBOL_NAME:  aswMonFlt+7633

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswMonFlt

IMAGE_NAME:  aswMonFlt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4f56a56f

FAILURE_BUCKET_ID:  X64_0xA_aswMonFlt+7633

BUCKET_ID:  X64_0xA_aswMonFlt+7633

Followup: MachineOwner
---------

0: kd> lmvm aswMonFlt
start             end                 module name
fffff880`04849000 fffff880`04880000   aswMonFlt T (no symbols)           
    Loaded symbol image file: aswMonFlt.sys
    Image path: \??\C:\Windows\system32\drivers\aswMonFlt.sys
    Image name: aswMonFlt.sys
    Timestamp:        Tue Mar 06 16:01:51 2012 (4F56A56F)
    CheckSum:         0001E1F5
    ImageSize:        00037000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Offline Hellion

  • Full Member
  • ***
  • Posts: 138
  • Success is commemorated; Failure merely remembered
Re: BSOD avastsvc.exe & aswmonflt.sys
« Reply #1 on: May 10, 2012, 12:13:41 PM »
Hi Mordeen,

I'm just a forum member, But I'm going to give you some suggestions.

First things first, Is Avast and the Operating system fully updated?

Can you reproduce this error? for example does it happen when you do something specific?

Try disabling the the sandbox, if the BSOD still occurs switch it back on.

Then try disabling Shields one by one to see if one of them are at fault.

How often does this BSOD error occur?

Regards,
Hellion