BSOD Windows 11

Hi, Last month my computer gets a lot of BSOD, I drilled down on this and found this: avast, please fix this
It crash with same error at least 3 time per week

Avast: 23.8.6078 (build 23.8.8416.791)

************* Path validation summary **************
Response Time (ms) Location
Deferred srvC:\MyServerSymbolshttps://msdl.microsoft.com/download/symbols
Symbol search path is: srvC:\MyServerSymbolshttps://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 22621 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22621.1928.amd64fre.ni_release_svc_prod3.230622-0951
Kernel base = 0xfffff80312200000 PsLoadedModuleList = 0xfffff80312e130e0
Debug session time: Sun Aug 13 13:09:15.315 2023 (UTC - 6:00)
System Uptime: 4 days 21:55:11.143
Loading Kernel Symbols




Loading User Symbols
PEB is paged out (Peb.Ldr = 00000005897e9018). Type ".hh dbgerr001" for details Loading unloaded module list .................................................. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff80312631250 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffee09`7c9e2dc0=0000000000000135
1: kd> !analyze -v


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

REGISTRY_FILTER_DRIVER_EXCEPTION (135)
This BugCheck is caused by an unhandled exception in a registry filtering driver.
This BugCheck indicates that a registry filtering driver didn’t handle exception inside
its notification routine. One can identify the driver by the 3rd parameter.
Arguments:
Arg1: ffffffffc0000005, ExceptionCode
Arg2: ffffee097c9e3670, Address of the context record for the exception that caused the BugCheck
Arg3: fffff8031e6900e0, The driver’s callback routine address
Arg4: ffffc58d8ab36e60, Internal

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 13437

Key  : Analysis.Elapsed.mSec
Value: 23610

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 0

Key  : Analysis.IO.Write.Mb
Value: 0

Key  : Analysis.Init.CPU.mSec
Value: 1078

Key  : Analysis.Init.Elapsed.mSec
Value: 4735

Key  : Analysis.Memory.CommitPeak.Mb
Value: 96

Key  : Bugcheck.Code.KiBugCheckData
Value: 0x135

Key  : Bugcheck.Code.LegacyAPI
Value: 0x135

Key  : Dump.Attributes.AsUlong
Value: 1800

Key  : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key  : Dump.Attributes.ErrorCode
Value: 0

Key  : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key  : Dump.Attributes.ProgressPercentage
Value: 100

Key  : Failure.Bucket
Value: AV_aswArPot!ARPOT2IDP_SET_CALLBACK

Key  : Failure.Hash
Value: {8ff7db7f-56bf-dd92-baaf-7b871e77b969}

Key  : Hypervisor.Enlightenments.ValueHex
Value: 1417cf94

Key  : Hypervisor.Flags.AnyHypervisorPresent
Value: 1

Key  : Hypervisor.Flags.ApicEnlightened
Value: 1

Key  : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0

Key  : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key  : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key  : Hypervisor.Flags.CpuManager
Value: 1

Key  : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key  : Hypervisor.Flags.DynamicCpuDisabled
Value: 1

Key  : Hypervisor.Flags.Epf
Value: 0

Key  : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1

Key  : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key  : Hypervisor.Flags.MaxBankNumber
Value: 0

Key  : Hypervisor.Flags.MemoryZeroingControl
Value: 1

Key  : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key  : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1

Key  : Hypervisor.Flags.Phase0InitDone
Value: 1

Key  : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key  : Hypervisor.Flags.RootScheduler
Value: 0

Key  : Hypervisor.Flags.SynicAvailable
Value: 1

Key  : Hypervisor.Flags.UseQpcBias
Value: 0

Key  : Hypervisor.Flags.Value
Value: 5116143

Key  : Hypervisor.Flags.ValueHex
Value: 4e10ef

Key  : Hypervisor.Flags.VpAssistPage
Value: 1

Key  : Hypervisor.Flags.VsmAvailable
Value: 1

Key  : Hypervisor.RootFlags.AccessStats
Value: 1

Key  : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1

Key  : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key  : Hypervisor.RootFlags.HostTimelineSync
Value: 1

Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key  : Hypervisor.RootFlags.IsHyperV
Value: 1

Key  : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1

Key  : Hypervisor.RootFlags.MceEnlightened
Value: 1

Key  : Hypervisor.RootFlags.Nested
Value: 0

Key  : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1

Key  : Hypervisor.RootFlags.Value
Value: 1015

Key  : Hypervisor.RootFlags.ValueHex
Value: 3f7

Key  : SecureKernel.HalpHvciEnabled
Value: 1

Key  : WER.OS.Branch
Value: ni_release_svc_prod3

Key  : WER.OS.Version
Value: 10.0.22621.1928

BUGCHECK_CODE: 135

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: ffffee097c9e3670

BUGCHECK_P3: fffff8031e6900e0

BUGCHECK_P4: ffffc58d8ab36e60

FILE_IN_CAB: MEMORY.DMP

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x1800

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: lsass.exe

STACK_TEXT:
ffffee097c9e2db8 fffff80312c12690 : 0000000000000135 ffffffffc0000005 ffffee097c9e3670 fffff8031e6900e0 : nt!KeBugCheckEx
ffffee097c9e2dc0 fffff80312a9f3d9 : ffffee097c9e4098 fffff8031e6a9163 ffffee097c9e3430 fffff803128c9975 : nt!CmpCallbackFatalFilter+0x24
ffffee097c9e2e00 fffff803125f0911 : ffffee0900000003 ffffee097c9e3e58 ffffee097c9de000 ffffee097c9e5000 : nt!CmpCallCallBacksEx$filt$0+0x19
ffffee097c9e2e30 fffff8031263c4bf : ffffee097c9e3e58 ffffee097c9e3430 ffffee097c9e3e00 fffff803128c9975 : nt!_C_specific_handler+0xa1
ffffee097c9e2ea0 fffff8031246e8b3 : ffffee097c9e44c0 ffffee097c9e3e58 fffff803128c9975 fffff80312312860 : nt!RtlpExecuteHandlerForException+0xf
ffffee097c9e2ed0 fffff80312522e5e : 0000000067766001 ffffee097c9e3f00 ffffee097c9e3f00 ffffee097c9e3670 : nt!RtlDispatchException+0x2f3
ffffee097c9e3640 fffff803126469fc : ffffee0900000001 0000000000989680 0000000000000000 ffffc58d3b038d40 : nt!KiDispatchException+0x1ae
ffffee097c9e3d20 fffff80312641364 : fffff180c5b14fe8 0000000000000040 ffff8801eded9b30 000000000480f000 : nt!KiExceptionDispatch+0x13c
ffffee097c9e3f00 fffff8031e6a9163 : fffff8031e681b0a ffffd88391f888b0 0000018b00000000 ffffee097c9e4200 : nt!KiSegmentNotPresentFault+0x364
ffffee097c9e4098 fffff8031e681b0a : ffffd88391f888b0 0000018b00000000 ffffee097c9e4200 0000018b629fe001 : aswArPot!ARPOT2IDP_SET_CALLBACK+0xbe13
ffffee097c9e40a0 fffff8031e688b90 : ffffee097c9e4140 0000018b629fd000 fffff80300000002 01d9ce19a6dccd95 : aswArPot+0x1b0a
ffffee097c9e4100 fffff8031e68a5aa : ffffc58d58402050 ffffee097c9e4310 ffffee097c9e4308 ffffee097c9e4340 : aswArPot+0x8b90
ffffee097c9e42c0 fffff8031e690229 : ffffee097c9e4500 0000000000002ea4 ffffc58d7f6d5670 ffffee097c9e4880 : aswArPot+0xa5aa
ffffee097c9e44c0 fffff803128c9975 : 0000000000000000 0000000000000001 ffffee097c9e4880 ffffee097c9e4880 : aswArPot+0x10229
ffffee097c9e4640 fffff803128b4108 : 0000000500000001 ffffee097c9e4880 0000000000000000 0000000000501801 : nt!CmpCallCallBacksEx+0x235
ffffee097c9e4770 fffff80312646826 : 0000000000000000 fffff80312805f57 0000000000000000 0000000000000000 : nt!NtSetValueKey+0x5f8
ffffee097c9e4970 00007ffa2a20f944 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceExitPico+0x43b
0000000589f7b7f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffa`2a20f944

SYMBOL_NAME: aswArPot!ARPOT2IDP_SET_CALLBACK+be13

MODULE_NAME: aswArPot

IMAGE_NAME: aswArPot.sys

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: be13

FAILURE_BUCKET_ID: AV_aswArPot!ARPOT2IDP_SET_CALLBACK

OS_VERSION: 10.0.22621.1928

BUILDLAB_STR: ni_release_svc_prod3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {8ff7db7f-56bf-dd92-baaf-7b871e77b969}

Followup: MachineOwner

It doesn’t hurt to check the RAM. Although some kind of conflict is possible, as here - https://forum.avast.com/index.php?topic=234416.0
It is also worth running avast - troubleshooting - fix errors in the settings. To exclude options with file corruption, it is also worth checking the hard disk and system files with the commands: chkdsk c: /r and sfc /scannow
The main question is whether avast was updated before the errors appeared. Maybe there was a system update or installation / update of other software.
I think if the problem was in avast, messages like yours would be massive. But there were none in my memory. So most likely you have something individual.

I would suggest the OP Googles that, possible culprit, AVAST module name: aswArPot as there appear to be a number of threads here and elsewhere about similar problems connected with it that may provide a fix.

Hi Thanks,

I run chkdsk:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure …
1191936 file records processed.
File verification completed.
Phase duration (File record verification): 18.84 seconds.
17403 large file records processed.
Phase duration (Orphan file record recovery): 11.45 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 1.67 milliseconds.

Stage 2: Examining file name linkage …
903 reparse records processed.
1485096 index entries processed.
Index verification completed.
Phase duration (Index verification): 32.94 seconds.
0 unindexed files scanned.
Phase duration (Orphan reconnection): 4.37 seconds.
0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 979.62 milliseconds.
903 reparse records processed.
Phase duration (Reparse point and Object ID verification): 10.84 milliseconds.

Stage 3: Examining security descriptors …
Cleaning up 1062 unused index entries from index $SII of file 0x9.
Cleaning up 1062 unused index entries from index $SDH of file 0x9.
Cleaning up 1062 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 50.10 milliseconds.
146581 data files processed.
Phase duration (Data attribute verification): 1.86 milliseconds.
CHKDSK is verifying Usn Journal…
36109648 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 262.43 milliseconds.

Stage 4: Looking for bad clusters in user file data …
1191920 files processed.
File data verification completed.
Phase duration (User file recovery): 9.93 minutes.

Stage 5: Looking for bad, free clusters …
48856017 free clusters processed.
Free space verification is complete.
Phase duration (Free space recovery): 28.78 seconds.

Windows has scanned the file system and found no problems.
No further action is required.

477744127 KB total disk space.
280604120 KB in 740140 files.
409404 KB in 146582 indexes.
0 KB in bad sectors.
1306535 KB in use by the system.
65536 KB occupied by the log file.
195424068 KB available on disk.

  4096 bytes in each allocation unit.

119436031 total allocation units on disk.
48856017 allocation units available on disk.
Total duration: 11.37 minutes (682721 ms).

Internal Info:
00 30 12 00 24 81 0d 00 75 5e 18 00 00 00 00 00 .0…$…u^…
65 01 00 00 22 02 00 00 00 00 00 00 00 00 00 00 e…"…

and SFC

no problems found (I check in %Windir%\logs\cbs\cbs.log as well)

Run memory diag tool I seen in event viewer:

The Windows Memory Diagnostic tested the computer’s memory and detected no errors

Last updates:
2023-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5030219)
Successfully installed on 9/12/2023
2023-09 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5031217)
Successfully installed on 9/12/2023
2023-09 .NET 60.22 Security Update for x64 Client (KB5030559)
Successfully installed on 9/12/2023
2023-08 Update for Windows 11 Version 22H2 for x64-based Systems (KB4023057)
Successfully installed on 8/30/2023
2023-08 Cumulative Update Preview for Windows 11 Version 22H2 for x64-based Systems (KB5029351)
Successfully installed on 8/22/2023

There were errors in the file system, but it’s not a fact that they are the reason. Perhaps they are consequences.
Did you do the Error correction item in the avast settings?
It may need a clean reinstall. There may also be a conflict with another program or with the tails remaining after their removal.

Another strange thing here too, on my daughters HP laptop with windows 10 when avast installed after a few hours her laptop crashes with a notification about overheated, happens several times a day.
When install Bitdefender free on her laptop it stays awake a no crashes and runs without any BSOD and with no problems , so there must be something wrong with avast , as soon avast is installed on this laptop starts crashing several times a day (and this is already 2 years that were trying to use avast on that laptop) with another AV that laptop runs fine. so we no longer use avast on that machine !

Maybe the cooler needs to be cleaned? ;D
It’s really strange, I’ve probably installed avast on thousands of computers, but I’ve never seen anything like it. Moreover, you have HP and if there was a case of some incompatibility, then this forum and the avast company would have already been flooded with such messages. I think something is wrong with your operating system. There can be no other explanation.

Angel228: Is it possible to get the actual dump, not just the text analysis? Thanks.

Sure But dump takes 2.5 GB, How can I send it to you safely?

Please upload it using Avast FTP: https://support.avast.com/en-eu/article/ftp-file-upload/#pc