aswTdi.sys BSoD on Win XP.

Avast Free Antivirus / Premium Security
1

I’m running the demo version of avast! 4.7 Professional and according to WinDbg a BSoD that has just happened was probably caused by the aswTdi.SYS file.

Microsoft (R) Windows Debugger Version 6.7.0005.0 Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\Mini050707-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRVc:\symbolshttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805535a0
Debug session time: Mon May 7 18:32:56.265 2007 (GMT+9)
System Uptime: 0 days 7:34:48.861
Loading Kernel Symbols

Loading User Symbols
Loading unloaded module list

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {16, 2, 0, 804f8f66}

*** WARNING: Unable to verify timestamp for aswTdi.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
*** WARNING: Unable to verify timestamp for cmdmon.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdmon.sys
Probably caused by : aswTdi.SYS ( aswTdi+44d )

Followup: MachineOwner
---------

At the time I was printing to a network pinter (which is a Canon i560 running off a WinXP machine) from Firefox 2.0.0.3. I have only had one BSoD and don’t want to print anything to this network printer until I can fix the (alleged) problem. I have had avast! installed for about a week and haven’t had any BSoD’s on this machine before, and haven’t actually used the network printer while having avast! installed.

My avast! 4 version numbers are:

Build: May 2007 (4.7.1001) Xtreme Toolkit version 1.9.4.0 Using ActiveSkin version 4.2.7.3

Compilate date: 05/05/2007
File version: 000738-3

I have read this thread from 2005 and found posts searching for this SYS file that said this problem had been fixed in a previous version.

I am going to run the printer locally for now, but am curious if this error will occur transferring files and using Remote Desktop to another machine on the LAN? It hasn’t so far but would still like to know.

Is there anything I can do to fix this problem?

Thanks.

2

Hi, can you send me the crash-dump or upload it to our ftp ?

Thanks,
Lukas.

Avast! Antivirus contains several drivers. Although we test them carefully it is possibly there is a problem we are not yet aware of. If you believe your problem is caused by avast! you may send us the memory dump file for analysis. Minidumps are small enough to be sent by email (zipped and accompanied with a description of steps that cause the computer to stop). If you want to send us your complete memory dump, please use the public ftp server (at ftp://ftp.avast.com/incoming) to upload the file. (for more info about upload larfer files please refer to: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=18)
3

Hi,
I’ve just looked into one of the similar dumps we currently have on the same address and we are not doing anything strange (in fact we are doing almost completely nothing) in this case. aswTdi works like a filter driver, some of the network requests are interesting for it and others not. In this case all it does is simply forward the request down without any processing.

The actual error seems to be in here: nt!KeSetEvent+0x30, which apparently means the original parameters (e.g. the Event object) are somehow invalid.

I suggest contacting COMODO as their driver is higher on the stack and the request is most probably created by them. (and if not, only them with their private debugging symbols might tell us more)

On the other hand, as I have still not seen YOUR dump, I might be mistaken.
Lukas.

4

Hi lukor. Thanks for the reply. What is the avast! FTP address you want me to upload it to, or would you prefer me to e-mail it to your address in your profile? Thanks.

5

Craig, please see my previous post:

public ftp server is at the ftp://ftp.avast.com/incoming

6

I’ve just upload the MiniDump file to /incoming/Craig07. I will search for that comodo file as well and see what info I get. Thanks for your help!

7

Craig,
your dump is really similar to the others we have, so I may just repeat what I have written earlier - we have not modified a thing in the IRP request, so the incorrect parameters are most probably already pre-set by COMODO…

Lukas.

8

By the way: I’ve just spoken with a developer from the Comodo team, and their attitude is that version 2.x is no longer being developed, there should be ver. 3.0 soon with the new network driver which will contain no bugs :wink:

Sorry. Lukas.

9

Lukor, why does this happen with only few XP + avast + Comodo installations and not all of them?
Which are the ‘bad’ circumstances for the crash to happen?

10

It’s quite likely that the crash would occur even without avast installed - but only trying it actually out would confirm this. :slight_smile:

11

I haven’t experienced any crash with Comodo in last months… I had in the past.

12

Thanks lukor. I’ve submitted my MiniDump to the Comodo forums and will see what they can find.

For now, I think I’ll just connect that printer locally, though I haven’t tried to print to it over the network since that BSoD, so am unsure if it would re-occur (but I’m not game - blue isn’t my favourite colour).