Blue Screen caused by avastsvc.exe v.2014.9.0.2018

Avast Free Antivirus / Premium Security
1

Hi,

I had a blue screen in Windows 8.1 x64 using avast today and I wanted to report it to see if it is a known issue and whether a fix is available. Below is the windbg trace from the dump file.

Thanks
Paul

Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\051014-23781-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred http://msdl.microsoft.com/download/symbols
Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17041.amd64fre.winblue_gdr.140305-1710
Machine Name:
Kernel base = 0xfffff8039421b000 PsLoadedModuleList = 0xfffff803944e52d0
Debug session time: Sat May 10 08:44:18.095 2014 (UTC + 1:00)
System Uptime: 0 days 14:11:54.849
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.




Loading User Symbols
Loading unloaded module list

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

Use !analyze -v to get detailed debugging information.

BugCheck A, {ffffe101fe1585e0, 2, 0, fffff803942fadc7}

Probably caused by : NETIO.SYS ( NETIO!KfdClassify+6fd )

Followup: MachineOwner

1: kd> !analyze -v

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffe101fe1585e0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff803942fadc7, address which referenced memory

Debugging Details:

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8039456f138
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffffe101fe1585e0

CURRENT_IRQL: 2

FAULTING_IP:
nt!RtlLookupEntryHashTable+77
fffff803`942fadc7 488b4110 mov rax,qword ptr [rcx+10h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: AvastSvc.exe

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

TRAP_FRAME: ffffd0002868cef0 – (.trap 0xffffd0002868cef0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=5085a946b1e35d98 rbx=0000000000000000 rcx=ffffe101fe1585d0
rdx=ffffe00200037630 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803942fadc7 rsp=ffffd0002868d080 rbp=ffffd0002868d1b0
r8=ffffe00200f701e0 r9=ecc4b5485964d0a6 r10=ffffd0002868d280
r11=0000000000000008 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!RtlLookupEntryHashTable+0x77:
fffff803942fadc7 488b4110 mov rax,qword ptr [rcx+10h] ds:ffffe101fe1585e0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8039437aae9 to fffff8039436efa0

STACK_TEXT:
ffffd0002868cda8 fffff8039437aae9 : 000000000000000a ffffe101fe1585e0 0000000000000002 0000000000000000 : nt!KeBugCheckEx
ffffd0002868cdb0 fffff8039437933a : 0000000000000000 ecc4b5485964d0a6 ffffc6a881d38e00 ffffd0002868cef0 : nt!KiBugCheckDispatch+0x69
ffffd0002868cef0 fffff803942fadc7 : 0000000000000000 fffff801a0b481c4 00000000000002fb 0000001600000001 : nt!KiPageFault+0x23a
ffffd0002868d080 fffff801a06021d9 : 0000000000000000 ffffd0002868d1b0 ffffe001fdfd91b0 fffff801a0b11a2d : nt!RtlLookupEntryHashTable+0x77
ffffd0002868d0b0 fffff801a0b9b364 : ffffe001fced2078 fffff801a08c0887 0000000000000001 ffffe001fdfe2300 : NETIO!KfdClassify+0x6fd
ffffd0002868d530 fffff801a0b48b7c : ffffd0002868e090 fffff8010000000e 0000000000000000 0000000000000002 : tcpip!WfpTlShimInspectSendTcpDatagram+0x754
ffffd0002868d830 fffff801a0b455b8 : fffff8010000fab3 ffffe00100000000 ffffe0010000000b ffffe00100007010 : tcpip!IppInspectLocalDatagramsOut+0x82c
ffffd0002868db60 fffff801a0afce62 : ffffd0002868dff0 0000000000000007 fffff801a0cb6180 ffffe001fced2010 : tcpip!IppSendDatagramsCommon+0x3f8
ffffd0002868dd50 fffff801a0b1dbe0 : ffffe001fd0a5240 0000000000000000 0000000000000000 000000000000000b : tcpip!IpNlpFastSendDatagram+0xf2
ffffd0002868de30 fffff801a0b1f6f5 : ffffd0002868e212 0000000000000000 ffffe001ff934310 ffffd0002868e530 : tcpip!TcpTcbSend+0x780
ffffd0002868e180 fffff801a0b1ef8a : 0000000000000000 ffffe001fced2010 ffffd0002868e211 ffffd0002868e500 : tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xa5
ffffd0002868e1b0 fffff801a0b1f2f8 : 0000000000000000 0000000000000000 ffffe001fce10a00 0000000000000000 : tcpip!TcpEnqueueTcbSend+0x2aa
ffffd0002868e2b0 fffff803942f5256 : ffffd0002868e2d0 0000000000000000 00000000000000f0 0000000008a4da60 : tcpip!TcpTlConnectionSendCalloutRoutine+0x28
ffffd0002868e330 fffff801a0b1f5a2 : fffff801a0b1f2d0 ffffd0002868e450 0000000000000000 fffff801a178b6cb : nt!KeExpandKernelStackAndCalloutInternal+0xe6
ffffd0002868e420 fffff801a17a6577 : ffffe001fce10a20 ffffd0002868ecc0 000000000000000b 0000000000000003 : tcpip!TcpTlConnectionSend+0x72
ffffd0002868e490 fffff801a178a451 : ffffe001ff103e10 ffffe001ffd8eb30 0000000000000005 0000000020206f49 : afd!AfdFastConnectionSend+0x387
ffffd0002868e650 fffff803946173f4 : ffffe00200f073c0 0000000000000000 ffffe001ff103e10 0000000000000001 : afd!AfdFastIoDeviceControl+0x441
ffffd0002868e9c0 fffff803946181c6 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x3d4
ffffd0002868eb60 fffff8039437a7b3 : ffffe001ffafd568 ffffe001fd03b880 fffff6fb7dbed000 fffff6fb7da00000 : nt!NtDeviceIoControlFile+0x56
ffffd0002868ebd0 0000000077742772 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
0000000008a4ea58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x77742772

STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!KfdClassify+6fd
fffff801`a06021d9 4c8bc0 mov r8,rax

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: NETIO!KfdClassify+6fd

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 5215f7e4

IMAGE_VERSION: 6.3.9600.16384

BUCKET_ID_FUNC_OFFSET: 6fd

FAILURE_BUCKET_ID: AV_NETIO!KfdClassify

BUCKET_ID: AV_NETIO!KfdClassify

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_netio!kfdclassify

FAILURE_ID_HASH: {0e14637a-385d-0a7b-00b2-7ee608277b22}

Followup: MachineOwner

2

Please remove the report and attach it to your post.

3

Hi,

Thanks for the quick reply. I am not overly comfortable attaching a minidump file for public consumption as it contains personally identifiable information. I am more than happy to send it to an empoloyee of Avast however. Are you an employee? If so can you let me have your work email address and I will email it to you.

I hope you understand my reluctance. In fairness I do not know who you are. No disrespect intended.

Many thanks
Paul

4

so… I have logged a ticket with Avast Support. Ref: #DKB-937-93744 and attached the minidump file to the support request.

Cheers,
Paul

5

Mate,

Looking at the minimal information that you posted.

I would suggest that you start with a offline scan and fix.
Open a command prompt as Administrator and type in:


chkdsk c: /offlinescanandfix

Then reboot. The check will take place when you restart.

I would suggest then that you update the driver for your network card.

Hope this helps.

6

Hi,

Thanks for that - Will do as you suggested. I use the fast startup/hibernate option with Windows 8 so it could well be the driver issue you suggest. I do seem to get the odd “dirty disk” too - but I guess this could be a symptom of the crashes.

Thanks for the tip.

Paul

7

Hi,

The LAN drivers are the latest ones for 8.1 from realtek website (I have a Realtek PCIe GBE Family Controller card on my motherboard) so I can’t update it. I could downgrade it to an earlier version I guess.
Did the scanandfix and its all okay.

If someone would like to see my minidump file then I’m more than happy to PM it - I just didn’t want to attach it to a public forum that could be seen by undesirables. I didn’t mean to come across all snooty :slight_smile:

I suspect its a combination of the new Windows 8.1 hibernation / faststart features and my slightly older motherboard that is not oficially certified for 8.1 (its a gigabyte GA-MA770-UD3 Rev 2.0). Its a shame as in all other respects this mobo seems to be working well with 8.1 and this crash is only occasional. I guess I can live with it as I do regular backups…

Cheers,
Paul

8

You could try a uninstall and reinstall.

I would suggest:
1/ Download the latest version of Avast!
2/ Uninstall your current version using Avast’s utility. http://www.avast.com/uninstall-utility
3/ Reboot
4/ Install the latest version of Avast that you downloaded.

Hope this helps.

9

It is known that there are several (many?) problems with hibernation/power saving in Windows.
A well known problem is that Windows often loads a application before it has loaded the drivers that the application needs.
My advise is not to use hibernation/sleep mode.
Powering down safes more energy :wink: and the change of problems are way lower.

For a real clean install of avast I recommend this:
Go to the windows update website. ( http://update.microsoft.com ) and install all updates available for your system.
You may have to visit that website/reboot multiple times before everything is installed.

Check device manager and make sure there are no errors there at all.
No red cross(es), no exclamation mark(s).
If any is there, solve that first by installing the latest correct drivers for the device.

Next:
First make sure there are no remnants of a previously install av other than avast.
http://www.ache.nl > malware > remove (old) av

  1. Download Avastclear, Rejzors uninstall tool and the appropriate Avast program edition.
    Here are the installer links. Note: You need to be ONLINE during this install.
    http://files.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
    http://files.avast.com/iavs9x/avast_pro_antivirus_setup_online.exe
    http://files.avast.com/iavs9x/avast_internet_security_setup_online.exe
    http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exe

Avastclear : http://files.avast.com/iavs9x/avastclear.exe
Rejzors Uninstall tool: http://rejzor.wordpress.com/avast-cleanup-tool/

  1. Uninstall Avast by control panel [If you don’t have Avast in control Panel go to #4]
  2. Uninstall in Safe Mode using Avastclear.
    http://www.avast.com/uninstall-utility
  3. Run Rejzors Uninstall Utility in Normal Mode (removes traces avastclear doesn’t) - reboot.
    http://rejzor.wordpress.com/avast-cleanup-tool/
  4. Be Sure Too Check Once Uninstall is Complete:Device Manager>View>Show Hidden Devices
    If there is anything related to Avast with a yellow triangle then uninstall it (highlight, right click) and reboot.
  5. Install the version you downloaded.
  6. Reboot.

offline installers:
http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs9x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs9x/avast_internet_security_setup.exe
http://files.avast.com/iavs9x/avast_premier_antivirus_setup.exe

10

When you say it crashes occasionally, what is happening at the time when it crashes? Can you please be more specific.

FYI You can turn off the Fast Start and hibernation in Desktop → Start → Control Panel → Hardware and Sound → Power Options → System Settings → “Choose what the power button does”
You might have to click on “Change settings that are currently unavailable”

Because you need to un-tick:
“Turn on fast startup”

If you think that is the problem, I would switch off hibernation and fast start and see if the crashes stop.

11

Hi,

I will reinstall avast and turn off the faststart and monitor the situation to see if things improve. It only happens very occasionally however so may be some time before I can report back - but I will do so…

Cheers,
Paul

12

Been around PCs for years…OK decades…yes, I’m old. :slight_smile:
It may be all the history I have or bad experiences (was IT guy for awhile) but the VERY first thing I do with a new PC is disable Hibernate mode. Granted, I’m still on Windows 7 on all my PCs, all the ones at office are too, but Hibernate needs so many things to work right to get it to work and one small change and things go badly…yup, seen BSODs. Frankly, sleep mode seems fine for me/times when I don’t want to boot down my PC…plus, even Avast wakes up from sleep to run reliably.

Anyway, just my two cents but if you want to disable Hibernate in system it is very easy…see link…you can always re-enable.
http://www.sevenforums.com/tutorials/819-hibernate-enable-disable.html

13

Ok, a couple of things, the OP is running Windows 8.1 so thing are a little different.

Windows 8.1 doesn’t use “update.microsoft.com” that site was for Win XP and earlier.

Use this procedure to update Windows 8 / 8.1 http://www.pcruneasy.com/tutorials/windows-8/windows-update/index.php

The way to disable hibernate and Fast Start in Windows 8 : http://mywindows8.org/fast-start-up-in-windows-8/

14

It is semantics but the link you show is to “turn off/on” the feature.
The link I showed about it to actually “disable” the hibernate “ability” in the system…the link covers W7 & W8.
I think either way will work but since I personally hate hibernate…and some programs try to re-enable…I want the “ability” gone.
http://www.sevenforums.com/tutorials/819-hibernate-enable-disable.html
Just me…obviously, up to OP.

15

Well… I uninstalled Avast eventually as I had several more BSOD incidents (not always with the same as the above crash report) and have not had a single BSOD since.

This was after reinstalling carefully as advised above. I did log a ticket with support but by the time they got back to me (about a week later) it was already uninstalled and I did not feel compelled to reinstall it for some generic “please send me your system logs” help as I have been there before with some other applications and generally speaking I have not got great support (as the other product was also a free one).

I am happy to reinstall it and help support discover what the issue it but for that I would want a named contact in support and straight through to a level 2 tech who can perform some remote access. I think that’s only fair as it will take a lot of my time and effort too. I have a working solution (Avira) now so I I have no massive urgency to work on this but it’s a shame as I liked Avast (apart from the blue screens). I also installed it for numerous friends and family but now this has put me off a bit.

Thanks
Paul

16

At this point your issue could very well be caused by any of the previous suggestions (ie, old hardware, outdated drivers, mobo BIOS or chipset compatibility issues, etc) so I will just reinforce a few of the previous suggestions:

If you are running a desktop, and you don’t need hibernation or fast startup, you can kill two birds with one stone by deleting your hibernation file completely. To do this, simply open an elevated command prompt and type/enter: powercfg /h off

The above will disable hibernation and automatically untick “fast startup enabled.”

If for some reason, the above doesn’t help and/or you decide you need both again, simply enter this message: powercfg /h on

BTW, doing the above has no affect on your rig’s ability to invoke “sleep.” That should still work as designed.

Good luck to you.

plsrepli

17

Many thanks,

Problem is that I like and use hibernation every day and really want to keep it. I like to have 0 watts when I shutdown (but retain the ability to be able to continue where I left off).

Avast was removed and the problem went away and has not happened again for a week. Wouldn’t this suggest it was more likely a software or filter driver issue (i.e. Avast) rather than a hardware issue or system drive problem? I guess that’s probably too simplistic as cause and effect are not necessarily the same thing (i.e. something else might be broken and Avast is causing it to manifest itself)

Anyway - I have changed my mind - I think I was being a bit unfair to Avast and a bit impatient (as I have used avast for many years for free and been happy with it. I just removed avira and put avast back on and I will see if I get the problems come back. If they do I will send the information requested by support and see if we can’t get to the bottom of it.

Bottom line though - If its a choice between Avast and Hibernation then Hibernation will win for me. I know many people don’t like it but - up until now it has been fine for me and I find it very useful.

Cheers,
Paul

18

Well,

Within 30 minutes of reinstalling Avast I got a system freeze. Had to hard reset the machine. No minidump and nothing in the system or application logs to suggest an issue.

The problem I have here is that support have asked for the minidump from before (now not necessarily relevant) and I have nothing to provide them from this system freeze.

I ran avira for 1 week with probably 20 or more hibernation cycles and not a single freeze or BSOD. As soon as I put avast back on the system freezes.

I will update my support ticket with the relevant information and let’s see if it can be fixed. The ticket is #DKB-937-93744 just in case there’s an avast support person following this.

Cheers,
Paul

19

support ticked duly updated.

20

Good luck with your issue. It sure sounds like it might be an Avast compatibility issue of some sort because of you testing with another AV solution; however, I hope you also provided your system specs because many are running your version of Windows without issues so there is something uniquely different about your situation. Now, it may boil down to be a software compatibility conflict (with some other resident program) that only effects Avast for some reason but you might also want to check your event viewer for time-coincident events with that freeze because not all freezes generate a BSOD. Good luck to you.