Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on July 22, 2014, 11:09:12 AM
-
Hi I have Win 7 Home x64 almost up to date (missing from 6th July 2014).
I had this problem with previous Avast! free program update, and now it's time to update the program again and .. same issue.
I was running Avast! before.
I used the online installer, straight from the GUI.
I got a BSOD caused by aswHwid.sys
I rebooted, and downloaded the latest aswclear.exe from the Avast website (today).
I ran it, rebooted to safe mode and pointed it to the directory and selected free/pro/suite option.
I rebooted, and downloaded the online installer from the website.
I unticked to install Chrome (doesn't everybody?).
I clicked Regular Installation.
The files downloaded.
The installation began, and I got the same BSOD, from aswHwid.sys.
I looked in C:\Program Files\Avast Software\Avast and found AvastGUI.exe
I ran it, and it said this version of Avast is not compatible with this version of Windows (paraphrased!).
I repeated the aswclear process and tried again, same installer, exactly the same failure.
I have some experience posting about BSODs, and I find the process tedious. If this is a known issue, I'd appreciate someone pointing me to a solution for me to try first, rather than getting me to post BSOD-related things.
Many thanks for your support guys.
-
Have you had in the past other AV's on this machine? If so, how did you uninstall them?
What other security software do you have?
-
Sorry I forgot to mention that. I did have Avast, but I ran aswclear long ago for that.
I also moved to Avira for a short time last time I had this problem, but I quickly ran Avira's registry cleaner and came back to Avast no problem.
Malwarebytes is also installed, but free version not constantly scanning it's only on demand.
-
You should run the Avira Uninstaller Tool again to make sure you got rid of everything: http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/902 (http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/902).
After running it, reboot, then clean your machine with something like CCleaner http://www.piriform.com/ccleaner/builds (http://www.piriform.com/ccleaner/builds) - select the bottom one for Slim build and it will get rid of temp. internet files, cache, and crap. It's free and most of us use it.
Let us know if this solves your problem. If not, you may need to uninstall and reinstall Avast if there were traces of Avira in your machine.
-
Here is FAQ on uninstalling other A/V: http://www.avast.com/faq.php?article=AVKB11#artTitle
Here is full un/re-install How-To:
Avast Clean Un- & Re-Install
1. Download Avastclear, Rejzors uninstall tool and the appropriate Avast program edition.
Avastclear : http://files.avast.com/iavs9x/avastclear.exe
Rejzors Uninstall tool: http://rejzor.wordpress.com/avast-cleanup-tool/
Here are the Avast installer links. Note: You need to be ONLINE during this install.
http://files.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
http://files.avast.com/iavs9x/avast_pro_antivirus_setup_online.exe
http://files.avast.com/iavs9x/avast_internet_security_setup_online.exe
http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exe
......Now............
2. Uninstall Avast by Control Panel>Programs [If you don't have Avast in control Panel go to #4]
3. Run Avastclear in Normal Mode and allow it to Reboot PC into Safe Mode to complete the removal process.
4. Run Rejzors Uninstall Utility in Normal Mode (removes traces avastclear doesn't) - reboot.
5. Be Sure To Check PC's Device Manager....Control Panel>System Once Uninstall is Complete.
Make sure to show any hidden devices by selecting pull-down menu Device Manager>View>Show Hidden Devices
If there is anything related to Avast with a yellow triangle then uninstall it (highlight, right click) and reboot.
If you get an error just right-click & delete.
6. Install the Avast version you downloaded.
7. Reboot.
-
Hi, thanks for those pointers, I'd done all of the above before (even selecting configuration in Avira removal tool and ticking all registry hives), except that tool from the wordpress site. Just done all again with reboots between each step. Same result I'm afraid :(
Next step?
-
Update: I retried, this time running all the cleaners twice. CCleaner pulled up a handful of extra registry items from Avast, on the second run. Everything else appeared clean. So, I ran CCleaner registry again, and it came with another single registry entry (invalid class). On running a 4th time, what looked like that very same entry (I can upload the registry backups if it helps) appeared again. 5th run, system clean.
But, I got the same end result. BSOD after downloading.
I did notice some larger files that downloaded had 32 in the filename, e.g.
vps_32-dcc.vpx.dld took ages
vps_win32-ddd.vpx.dld also took some time
But afterwards, this file downloaded so maybe my theory of the online installer selecting incorrect version is wrong?
vps_win64-a6e.vpx.dld
[EDIT] Just found offline installer in another post. Downloading now.
Each download is taking about 1.5hrs, since I'm in rural South Africa relying on an EDGE internet connection :( I have now lost 3 days setting up my business on this because if I try to do something else while Avast is downloading (not yet reached the installation part), then Avast simply stops downloading. ANNOYING. Plus obviously I am running unprotected all that time.
Your assistance is therefore very very very much appreciated!
-
Hi jfgoodhew1,
Just an observation: Registry cleaners often cause more issues than they fix, sometimes to the point a clean (re) install of the operating system is required to get things back to where they should be in the first place. Snake oil. Even IT people fear to tread in the Windows Registry and only do so when they have to.
Win 7 system here has never seen a BSOD other than one time where 4 GB (two sticks) of memory was installed on a 48-bit Intel chip that runs the memory cards. (Means that system does not see more than 3.25 GB of 4.0 GB system RAM as it predates true 64-bit operation) Solution: Replace second stick with original 1 GB stick.
This is on a system running Win 7 Home Premium SP1 64-bit install date May 1, 2013. Runs just fine without any issues.
Never used any registry cleaners other than the one offered by CCleaner, and even then only removed entries related to uninstalled applications, if any. 99% of the time, I leave all orphan registry entries alone. I feel the less cleaning the better. The only exception to this rule is finalizing removal of old a/v programs followed by a reboot or two to clear things up.
It only takes one orphan entry mistakenly removed to possibly cause issues such as above.
I suggest a run of sfc /scannow to see if that helps clear up your issue. Please be patient, and allow this program to complete. Report back your findings. (Copy/paste this command sfc /scannow into the cmd window as administrator and press Enter)
I'd also consider running all the registry cleaner backups you've saved, newest back to the oldest, reboot, and then run sfc /scannow again to see if things improve. [EDIT:] Second step done only if you feel it would help. Running sfc as system is now will give you a better idea as to operating system condition before continuing.
[EDIT:] See attached below for sfc scan window before and after scan:
-
I also read that about registry cleaners, and only ever use them when advised by experts on forums such as this one... LOL that this might be the cause! Thanks for the handy hints about restricting cleanup operations to the program you actually want to remove though.
Will try sfc /scannow now. Wish me luck, and thanks so much for posting.
[EDIT] SSD so didn't take long at all :D
SFC found no integrity violations in Windows.
What now?
-
OK so I ran the registry backups, then ran CCleaner again. Praise be to the AutoDESK Gods for creating so many registry entries that aren't removed when you uninstall......
So, I only removed AutoDESK ones, Opera ones, Avast ones, one Avira one that came back, and a NORTON one I found in the list.
I think Norton came with something unexpected like the Opera install I downloaded long ago. Didn't expect ****ware to come bundled with Opera (or whatever other sensible-seeming program it was at the time). It's a bit like not expecting Avast to be bundled with an internet browser...
I will run a Norton (Symantec?) removal tool and report back.
[EDIT] Done, no change.
NB If I run the install file, don't click anything just close it, I get the screen saying installation did not complete, with option to view setup log. Next, if I close, I get a different BSOD caused by:
gjgkson.sys driver trying to access memory after it has been freed.
[Edit] Now I've tried the offline installer from 26th June, to see if the download was getting interrupted/corrupted. That gives the same BSOD with aswHwid.sys immediately after showing "installing redistributable package" on screen. I also uninstalled Malwarebytes just in case. No dice.
Do you think I'm infected now and that's what's refusing to allow an AV installation?
-
Sure you've got the system driver spelled correctly?: http://systemexplorer.net/searchse?q=gjgkson.sys%20driver (http://systemexplorer.net/searchse?q=gjgkson.sys%20driver)
https://www.google.com/search?q=gjgkson.sys+driver&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=nts (https://www.google.com/search?q=gjgkson.sys+driver&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=nts)
Running anytime w/o some sort of real-time a/v protection will bring increased risk of a compromised system, doesn't matter what a/v vendor you used to use; it's the fact that no resident a/v program is installed that brings you no protection for security exploits and malware infections.
Which is why another protected system should be used and this one should stay offline until this issue is fixed and any malware cleansed and removed. You can use the protected system to transfer over any needed diagnostic programs to the sick one and back to post the logs here.
Suggest this link to see if your system is clean: https://forum.avast.com/index.php?topic=53253.0 (https://forum.avast.com/index.php?topic=53253.0) Run only the first three programs and no other unless told otherwise.
Attach your logs in your next reply. A certified malware removal expert will be contacted for you once this is done.
You mentioned a SSD drive. Was this install a clean, fresh install of the operating system or was it cloned from the original spinning hard drive (HDD)?
-
Hi, thank you for the next steps. I am aware of the risk, however with my internet connection running at approx 100kbps and bandwith occupied 90% of the time, I was taking the risk. I am now using my partner's laptop.
The SSD was installed when I bought the laptop. It wasn't "as described" so I got £100 discount. Ch-Ching.....
MBAM log attached, those PUPs (excluding Conduit) were not UPs.
aswMBR gave an instant blue screen, but this time didn't specify the driver that caused the crash.
Codes:
C4, F6, 128, FFFFF9805CAAAB300, FFFFF8000354F8C5
Farbar download was getting stuck at 89% every time with DownloadThemAll (necessary with this connection...). It sped up for a minute so managed to get it straight from FF. Log attached.
I ran a chkdsk /f /r on the ssd last night as well, log attached. At this stage with so many Avast BSODs and so few other ones, it would've been a bit too much to expect coincidental disk failures, but you never know...
-
Hi,
So I wasn't sure about the spelling. And it made me think I ran Avast Setup and it extracted its files to C:\Program Files etc then BSOD. I cleaned it off as above.
Then I tried running setup from clean, but cancelling. BSOD on close.
Then I cleaned.
Then I tried setup from clean, BSOD, reboot, setup again, then close.
It appeared to close successfully. I tried running setup again, no dice - setup is already running.
Check Task Manager - sure enough Avast setup is running.
End task -> new BSOD caused by nocgmken.sys, code D5.
Does that help?
[EDIT] Then I tried running setup, cancelling, watching task manager and waiting. Avast Setup was running for a few seconds. Then instup.exe *32 started running. Few seconds later BSOD related to some other never heard of .sys file. ghmindoe.sys I think it was.
Is it that *32 that's causing it? Trying to install 32-bit instead of 64?
-
Good job attaching the logs. A malware expert has been contacted for you. Please be patient.
-
Many thanks mchain! Patience is my middle name. I'm working on the offline part of my new business now.
-
Please don't make any changes to your machine (the infected?) one in the meantime until the malware specialist assists you. If you are connected to a network, disconnect this machine from the network, and do not sync this machine with any device. And don't use a USB stick with this machine. Thanks.
-
There are still two avast services present and one is an emergency update for aswhid. I will remove those and see if that was the root problem
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02]
S4 aswSP; No ImagePath
S3 aswEmHWID2; \??\C:\Users\THINKP~1\AppData\Local\Temp\aswEmHWID.sys [X]
2014-07-24 12:58 - 2014-07-24 12:58 - 00043152 _____ () C:\Windows\avastSS.scr
2014-07-24 12:58 - 2014-07-24 12:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-24 12:57 - 2014-07-24 12:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-02 18:08 - 2014-07-02 18:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1405094970209
2014-07-02 18:08 - 2014-07-02 18:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1405094970209
2014-07-02 18:08 - 2014-06-03 13:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
C:\Users\THINKP~1\AppData\Local\Temp\aswEmHWID.sys
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {FDED6212-DEC4-4FB4-85E2-D274135F22B8} URL =
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-24]
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
-
Hi EssexBoy, just been reading some of your work in other posts!
So, I did exactly that, BSOD caused by aswHwid.sys
No logs.
What's next?
[EDIT] Should my system currently be clean of Avast (aswclear, rejzor tool, ccleaner)?
-
Could you run a fresh FRST scan please so that I can ensure it is all gone :)
-
Sorry, ensure what is all gone?
-
Attached logs from fresh FRST scan.
-
Once this fix has run could you post the fix log that will pop up as I want to see why the aswhid is not moving
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
S4 aswSP; No ImagePath
S3 aswEmHWID2; \??\C:\Users\THINKP~1\AppData\Local\Temp\aswEmHWID.sys [X]
2014-07-25 12:27 - 2014-07-25 12:27 - 00043152 _____ () C:\Windows\avastSS.scr
2014-07-25 12:23 - 2014-07-25 12:27 - 00307344 _____ () C:\Windows\system32\aswBoot.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
-
Same BSOD, no log.
See edit above, should I have already run aswclear?
-
Could you run that fix from safe mode please and see if it generates a log then
Yes try aswclear
-
OK aswclear ran success.
frst in normal mode gave same bsod.
frst log attached from fix (2nd one, shorter) run in safe mode (success).
-
That has now deleted the aswhid services
So the thought now is do you wish to try one further install
-
Sure. SUCCESS.
This has taken 5 days to solve overall...
THANK YOU.
So aswHwid.sys - could I have just done net delete aswHwid.sys, or whatever the service name is?
-
It looks as though there was an emergency update to the aswhid file but for some reason it was not being applied (or was corrupt)
Just deleting the file would have done no good as the service registry key needed to be removed as well. However, as an added embuggerance Avast was protecting that service from deletion in normal mode :)
Still all is well that ends well
-
Yeh, joy of all joys but you knew what you were looking at and I didn't. So I'm very *very* grateful.
Sorry to come back to the question about deleting the service, I don't think I was clear (and since looking it up I definitely wasn't). I meant in cmd, run the commands:
[net stop "SERVICENAME"]
followed by
[sc delete <service_name>]
Doesn't that delete the registry key as well? If it had failed I'd have tried safe mode too... If I'd known it was a service to delete/uninstall, and I'd found out its name, I could actually have solved it in about an hour (it was the online installer taking the time on a 100k connection. Reboots etc. are no problem with SSD)...
BTW I did try renaming the file, and replacing with one from a working Avast installation, but that didn't work. Should probably have guessed service as a next step, but oh well live and learn!
-
Yes that would do it but to save messing around with the command prompt a batch works just as well :)
-
Ya but it's easier than running FRST with text file custom made by a forum advisor with proviso that it's only for this one computer, meaning nobody else can use the solution...
Anyone can tell a user to go to safe mode, run cmd and type those 2 commands :) Earlier in this problem someone had me run sfc /scannow...
Might be a way forward for future posts, help get your job done faster :):)
Over and out, I'm done here solution found issue resolved.
-
The problem is you are the only one so far with this specific problem