avast aswSP.sys BSOD

Avast Free Antivirus / Premium Security
1

i keep getting an avast BSOD. it mentioned aswSP.sys and i found out through googling this is from avast. i checked my windows log but i couldn’t find the bug code that the BSOD showed togethor with this file. i even uninstalled avast and the aswSP.sys was gone so it must be from avast. then i installed it again but it’s the same thing again. a BSOD. i didn’t had this problem before but it’s been like this since last thursday. i hope someone can help me.

2

What Operating System are you using ?

What version of avast are you using free/pro/ais 7.0.1426 (is the latest version number) ?

  • Upload any minidump or memory.dmp files, zipped to reduce size. Give the zip file you are uploading a unique name (e.g. forumusername-mem-dump.zip, etc), so they can identify it. It might not be a bad idea to create a text file (readme.txt) with any relevant information, avast topic URL, user name, etc. etc. in the zip file. Not to mention posting the name of the file you uploaded in the topic acts as another searchable reference.

  • Memory dump locations, Mini Dump files in, C:\Windows\Minidump\ - Full Kernel dump file, C:\windows\memory.dmp

Upload the zip file to the ftp server ftp://ftp.avast.com/incoming:

  • Using Windows Explorer, Connect to the link and drag the file into the Right pane and drop it, that starts the upload, you don’t have read access to this folder.
    Or
  • Upload it using the Run command-line in Windows: Windows Key + R (to get the run box), copy and paste this [nobbc]explorer ftp://ftp.avast.com/incoming[/nobbc] and drag the file into the window, from another explorer window.

####
Excuse me if I’m teaching your granny to suck eggs:

  • First you have to create your zip file with the unique name, containing the dump files and the readme.txt file, before you even consider connection to the ftp location [nobbc]explorer ftp://ftp.avast.com/incoming[/nobbc]. You do not have read permissions on the [nobbc]explorer ftp://ftp.avast.com/incoming[/nobbc] location, so you won’t see it has been uploaded.

Now you make your first windows explorer connection to the ftp link [nobbc]explorer ftp://ftp.avast.com/incoming[/nobbc], now open another explorer window where you locate your unique zip file containing the dump and readme.txt files; drag and drop that file into the other explorer window (right hand side), no need to click enter or any other action.

3

My OS is windows 7 home premium and the avast free antivirus version is 7.0.1426. The mini dump folder is empty and there is no memory.dmp in C:\Windows which i find really weird as there are a whole lot of things listed in my windows logbook. However i found other log files by looking at the poperties of my windows logbook. They have the extension .evtx. I uploaded them just now but i don’t know if they are of any use.

4

For your information:

The EVTX file type is primarily associated with ‘eventvwr.msc’ by Microsoft Corporation.
The EVTX file type is the new version of EVT, primarily associated with ‘eventvwr.msc’ by Microsoft Corporation and is based on XML.

EVTX files are Microsoft Event Viewer logs that can be viewed using Event Viewer. To launch Event Viewer hold Windows Button whilst pressing R and then type eventvwr.msc in Run window.

You might not be able to view all event messages in an EVTX file that was created on another computer. Events are recorded through .DLLs which are required to read a particular message. If a particular .DLL is not available on your PC you will get an error message for that event.

5

It is strange if you have no mini dumps but the Full Kernel dump file windows\memory.dmp may not be there as it depends on your Recovery settings.

A BSOD that remains on screen and doesn’t reboot automatically (?) should at the very least create the mini dump file/s and they should remain in place unless you remove them, where the windows\memory.dmp if created is overwritten (as it can be large).

Check your Control Panel, System, Advanced system settings, Startup and Recovery and ensure that your system doesn’t automatically restart on System Failure. You can also set what debug information to write.

I think these are event viewer log files, so I’m not sure if they will provide enough help to find the cause of a BSOD.

Have (or did) you another Anti-Virus installed in this system, if so what was it and how did you get rid of it ?

6

When i bought this pc there was indeed another virus scanner on it. But i can’t remember what one it was. I just uninstalled it via the “programs and features” in control panel.
After that i installed Avast and reinstalled it once a couple of days ago to see if it would fix the BSOD problem.

7

OK the presence of an other AV or remnants could certainly throw a spanner in the works.

If you can try and identify what AV was pre-installed there are other program uninstall tools - Uninstall possible remnants of previously installed AVs see, http://singularlabs.com/uninstallers/security-software/, this has a collection of manufactures removal tools, so that should remove any remnants, registry, etc.

8

It’s weird. I never had this problem before. I searched through the registry for possible virus scanners on that list that sounded familiar but i couldn’t find anything. I do run Malwarebytes Anti Malware alongside Avast but i’ve had this program for a while and never expierenced any problems. Malwarebytes detects malicious files avast says are not infected so i use it for that.

9

MBAM shouldn’t be a problem, certainly not in this regard.

Were your Startup and Recovery settings that I mentioned two post ago set so that it didn’t reboot and also create dump files ?

10

It wasn’t set to not reboot on BSOD. But “Register an event in the system logbook” was set. When you told me to set them like that i did.

11

Yes, on the reboot option you don’t get any of the dumps, just the very minimal event viewer entry.

Now that it is set not to reboot and either small or Kernel dump it should collect much more useful information in the mini or full dump files.

Now it is a case of waiting to see if it happens again, now you have made those changes it probably won’t happen (sod’s law).

12

I just had a BSOD and i checked the folders for any dumps but there wasn’t any there. these are my settings for startup and recovery:

http://i48.tinypic.com/2k3ti9.png

it’s in dutch though. so it’s really weird nothing is in those folders.

13

They are the same settings as mine (the layout is the same, even if the language is different), so I’m at a loss as to why it isn’t generating the dump files.

The %SystemRoot%\ is the Windows folder on the windows drive, e.g. c:\windows\memory.dmp, so that is where it should be if that is the drive that windows is on. Presumably this isn’t a hidden folder (?) and that you can see the file types for known file types (?) would show the file extensions.

14

The windows folder isn’t hidden and i can see every file extension. My windows location is in c:\windows but nothing’s in there.

15

Not sure what else can be done, I will try and attract some attention to this topic by one of the avast team.