Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sglinert on January 03, 2014, 06:54:26 PM
-
So, the power went off in the office. I turned on the computer (running XP SP3) and it ran very very slowly. I booted into Safe mode. The computer ran very slowly, but I was able to schedule a ChkDsk.
I rebooted. Chkdsk ran, The Windows logo came up and went to a black screen with an arrow. The hard drive light flickers, but Windows won't load any further.
Went into Safe mode. The OS stopped loading at aswRvrt.sys.
Checked around the Internet, which is how I ended up on this forum. My situtation seems to be a fairly common problem with older versions of Windows + Avast.
I loaded the Recovery console, ran another ChkDsk, which didn't find anything.
I did a search in the System32 folder for all drivers starting with ASW.
I checked that each one of them was used by Avast, and I disabled them via the Recovery Console.
Windows still won't load...same black screen.
Windows in Safe Mode stops at MUP.sys.
I am stumped. I really really don't want to reinstall Windows, but I can't think of anything else to do to get rid of Avast and get my system running again.
-
To get rid of avast! (completely) run both avastclear and Rejzors uninstall utility. The other instructions mentioned are to do a clean install.
1. Download Avastclear, Rejzors uninstall tool and the appropriate Avast program edition
Note: You need to be ONLINE during this install
http://files.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
http://files.avast.com/iavs9x/avast_pro_antivirus_setup_online.exe
http://files.avast.com/iavs9x/avast_internet_security_setup_online.exe
http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exe
Avastclear : http://files.avast.com/iavs9x/avastclear.exe
Rejzors Uninstall tool: http://rejzor.wordpress.com/avast-cleanup-tool/
2. Uninstall Avast by control panel [If you don't have Avast in control Panel go to #4]
3. Uninstall in safe mode using Avastclear.
4. Run Rejzors Uninstall Utility in Normal Mode (removes traces avastclear doesn't) - reboot.
Check : Once uninstalled check in device manager>view>show hidden devices if there is anything related to avast with a yellow triangle.. if so, uninstall it and reboot.
5. Install the version you downloaded.
6. Reboot.
-
If the power went down and XP hangs at mup.sys then it is Windows , not avast that is the issue.
Try some of these :
http://answers.microsoft.com/en-us/windows/forum/windows_xp-system/mupsys-error-on-windows-xp-pro/b1483aab-cc1c-4ab5-b7de-9a5ae9a10a40
http://www.aitechsolutions.net/mupdotsysXPhang.html
http://www.bleepingcomputer.com/forums/t/393442/windows-xp-freezes-at-mupsys-in-safe-modeno-administrator-passowrd/
-
Well, I can't load Safe Mode or Normal Mode Windows. Any other ideas?
Any solution will have to run the Recovery Console.
-
If the power went down and XP hangs at mup.sys then it is Windows , not avast that is the issue.
The problem is Avast, because Safe Mode stopped at all the ASWxxx.sys entries until I disabled them.
I also lose the keyboard if I disable aswkbd.sys. What the heck is up with this? The program shouldn't be sitting on my keyboard like that.
-
Hello,
Follow this guide (If you cannot Boot the computer) and attach FRST.txt log http://forum.avast.com/index.php?topic=53253.0
-
Since it is a office system, why not let the admin solve it?
Andrey, that will not work since he can't get windows to boot.
Perform a in-place-repair to make windows work again:
http://www.michaelstevenstech.com/XPrepairinstall.htm (http://www.michaelstevenstech.com/XPrepairinstall.htm)
-
Windows still won't load...same black screen.
Windows in Safe Mode stops at MUP.sys.
MUP.sys is trying to run chkdsk...
When run in Safe Mode, the last thing you see is MUP.sys being loaded.
EDIT - additional infomation:
It can appear that the computer is "stuck".
If the HDD light is flashing, chkdsk is running...it may take a while to complete.
-
Eddy, he need to create a bootable cd with OTLPE following the guide and run Farbar Recovery Scan Tool from Reatogo desktop. Of course he need in other PC to create a bootable cd and download FRST.
@sglinert
try to run this command from the command prompt:
Chkdsk c: /r
This will reset the boot data
Then try a reboot to normal windows
-
Eddy, he need to create a bootable cd with OTLPE following the guide and run Farbar Recovery Scan Tool from Reatogo desktop. Of course he need in other PC to create a bootable cd and download FRST.
@sglinert
try to run this command from command prompt:
Chkdsk c: /r
This will reset the boot data
Then try a reboot to normal windows
If the HDD light is flashing, he needs to let chkdsk complete before doing anything else.
-
Aha. Chkdsk is indeed running. That answers that. Safe Mode loaded to the screen where it says Safe Mode in all four corners, but there's still no desktop. I will let it run overnight. I ran ChkDsk /r from the Recovery Console yesterday in the hopes that it would reset the flag. Obviously, that didn't work.
I also ran a Repair from the Recovery disk yesterday. That did not fix the problem.
That's when I disabled all the ASW drivers in the hope that I could get into Safe Mode.
I will follow these steps...
Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Note that Avast on this computer did NOT like the FRST file and tried to abort the download.
And I am the SysAdmin around here.
Thanks for the help. I will return in a while. I want to let Chkdsk finish in the hopes that I can delete Avast from Safe Mode before I try Plan Q.
-
Okay, I seem to be stuck in ChkDsk Hell. After two days of waiting for ChkDsk to finish and Safe Mode to load, I gave up, inserted the bootable cd with OTLPE...told the machine to boot from the CD...and....ChkDsk started up and is currently preventing anything else from happening. Either that, or the Windows screen I see is actually Windows on my hard drive, and the OTLPE CD doesn't actually boot. I can't test this with another machine. I did download the file and burn it to a CD. Not much else to do there.
-
Well, try to boot from usb stick.
Download Peazip (http://peazip.googlecode.com/files/peazip-4.7.3.WINDOWS.exe) to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly
(https://dl.dropbox.com/u/73555776/peazip.jpg)
Download the following files to the desktop .. Right click the links and select save as...then select desktop
Rufus (http://rufus.akeo.ie/downloads/rufus_v1.3.2.exe)
OTLPE_standard (http://oldtimer.geekstogo.com/OTLPEStd.exe)
Right click OTLPE on your desktop and select ..Open as archive
(https://dl.dropbox.com/u/73555776/Unzup%20archive.png)
Select OTLPE standard
(https://dl.dropbox.com/u/73555776/select%20archive.PNG)
Click Extract, ensure that desktop is selected
(https://dl.dropbox.com/u/73555776/extract%20archive.PNG)
Insert the USB stick Then run Rufus
(https://dl.dropbox.com/u/73555776/rufus.JPG)
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
(https://dl.dropbox.com/u/73555776/RufusISO.JPG)
Once the USB has burnt then
- Download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to a flash drive.
- Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
- Your system should now display a Reatogo desktop.
- run FSRT
- The tool will start to run.
(https://dl.dropboxusercontent.com/u/73555776/FRST%20Start%20scan.GIF)
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
This file: OTLPEStd.exe
Cannot be opened as an archive. When I right-click, I do not see the option to open as an archive.
PeaZip says it's an executable and can't find anything to extract. It did ask me if I wanted to try a password.
-
Ah. I see why the CD isn't bootable. I just copied the file to the CD. I didn't try to extract it. But see my previous post. My Win7 machine sees it as an executable file and won't extract anything.
head:::desk
-
Okay. I managed to extract OTLPE_New_Net.iso from the file I downloaded yesterday. I burned it to disk using the imgburn.exe program that was bundled with it. It's not bootable, that is, the computer refuses to boot from this cd.
-
Gasp. I finally got the bootable USB drive working. Here is the listing from the frst.txt file.
-
Let's try to use a restore point.
Download the attached fixlist.txt to the same location as FRST
Run FRST as before and press fix
On completion try a reboot to normal windows.
-
No joy. Same problem. I renamed chkdsk.exe and ntfschk.exe so they wouldn't run at startup, so that's no longer a problem.
Safe mode loads to the point where the screen says Safe Mode in the four corners, but the desktop doesn't load. The hard disk light flashes continuously, like it's running something. The mouse works and the WiFi light is on.
Standard Windows loads the startup screen, but the screen goes black with a (working) pointer...hard disk light flashes as in Safe Mode, but the sign-in screen never loads.
-
I see you have 2 antivirus program (avast and symantec), it can be a problem, if you are agree I can delete both of them but I need in a fresh FRST log
-
That would be terrific. Note that I did uninstall Symantec before I installed Avast. The Symantec folder is actually empty, but clearly there are still startup commands around.
The new file is attached.
-
Download the attached fixlist.txt to the same location as FRST
Run FRST as before and press fix
On completion try a reboot to normal windows.
-
Perform the in-place-repair as I said.
-
Nope. That didn't work. I am attaching the log of the fix, as well as part of ntbtlog.txt, which shows an Avast driver as the last one being loaded, which should not have happened if the program was uninstalled, right?
I could not attach the entire ntbtlog.txt...it's too big.
-
First part of boot log.
-
Last part of boot log
-
Just some FYIs on Norton (Symantec)......their stuff is really hard to get off PC.....directory may not be "empty" (ie, hidden files) as well as registry items.....who knows.
Here is one tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us
Another 3rd party: http://www.appremover.com/
Not sure which Symantec you had but here is list: http://www.appremover.com/supported-applications#security-applications?windows-xp
I'll leave it up to the experts on the thread but how about Windows O/S CD and get to command prompt and uninstall Norton & Avast using the EXEs ?
-
Yeah, I know. I shall wait for the Big Brain here to get back to me before I do anything else.
It was a very very old copy of Symantec...I've been using Avast for more than a year. No complaints until last week.
-
Try to delete these files manually which located in WINDOWS\system32\drivers\ folder:
aswVmm.sys
aswRvrt.sys
aswNdis2.sys
aswFW.sys
AswRdr.SYS
aswTdi.SYS
aswSP.SYS
aswSnx.SYS
aswMonFlt.sys
aswFsBlk.sys
-
I'll leave it up to the experts on the thread but how about Windows O/S CD and get to command prompt and uninstall Norton & Avast using the EXEs ?
In case you do not have a XP CD: http://c2nsoft.blogspot.com/2013/06/free-download-windows-xp-professional.html
-
I did that. I also ran Avastclear.exe from the USB.
No change. It's doing something with the hard drive, but I can't figure out what.
-
>>In case you do not have a XP CD: http://c2nsoft.blogspot.com/2013/06/free-download-windows-xp-professional.html
I have one. That's how I've been able to run recovery mode.
-
OK, let's try one trick.
In the "config" folder at C:\Windows\System32\config, locate the current registry hive files ...
system
software
security
sam
default
re-name them by appending .old to the filename
In C:\Windows\System32\config\RegBack folder you can find registry backup files:
system
software
security
sam
default
Copy them into C:\Windows\System32\config folder
On completion try a reboot to normal windows.
-
I'll give it a try in a sec. I did run Avastclear and ran a bootlog session. The last two commands before stuff stops loading..
Loaded driver aswVmm.sys
Loaded driver aswRvrt.sys
This would seem impossible, as I searched the drive for all asw files. So these are clearly hidden from me.
And then we still have the mysterious....
Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys
Which would also seem to be impossible...
-
I don't have a C:\Windows\System32\config\RegBack folder.
In the C:\Windows\System32\config\ folder, there is a set of files with a .SAV extension.
system.sav
software.sav
security.sav
sam.sav
default.sav
These are dated 1/1/14; that is, after the problem surfaced. Should I swap them anyway?
-
yes, in the "config" folder at C:\Windows\System32\config, locate the current registry hive files ...
system
software
security
sam
default
re-name them by appending .old to the filename
re-name files with .SAV extension by deleting ".SAV", so that they now look like this
system
software
security
sam
default
On completion try a reboot to normal windows.
-
I get the error message...
Windows could not start because the following file is corrupt:
system.sav
Then it said I could attempt a repair via the CD-ROM
-
I think it's time to reinstall windows...
I'll try another restore point if it'll fail you need to reinstall windows
Download the attached fixlist.txt to the same location as FRST
Run FRST as before and press fix
On completion try a reboot to normal windows.
-
I think it's time to reinstall windows...
A repair install...........not a new install that blows away your HDD....... :)
http://www.michaelstevenstech.com/XPrepairinstall.htm
Also, prior to the above another thing to try is SFC /scannow ......this can repair O/S issue.
http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm
-
I don't have a C:\Windows\System32\config\RegBack folder.
In the C:\Windows\System32\config\ folder, there is a set of files with a .SAV extension.
system.sav
software.sav
security.sav
sam.sav
default.sav
These are dated 1/1/14; that is, after the problem surfaced. Should I swap them anyway?
No files prior to the issue ?...obviously you want to restore to prior.........
Also, here is good link on the process
http://community.spiceworks.com/how_to/show/214-perform-a-system-restore-manually-when-windows-is-not-bootable
-
This didn't work.
I restored the default registry from the windows\repair folder, copying into windows\config and renaming the files correctly.
Same problem.
Which leads me to believe that installing a fresh copy of Windows will have no effect because a bootlog shows:
Loaded driver aswVmm.sys
Loaded driver aswRvrt.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys
In other words, Avast has so corrupted the drive, that I will have to reformat the thing, and that might not even fix it.
-
I used this procedure...
http://www.aitechsolutions.net/winxpnoboot.html
With no effect.
There is something about that mysterious \??\ partition that is probably causing the problem, as Avast seems to be loading itself from there.
So, I guess I will have to buy another hard drive, yes? And discard this Avasted one.
-
I don't think it's a registry problem...
A fresh copy of windows should be working fine.
No need to buy another hard drive I think, just reinstall windows.
-
It's clearly not a registry problem. Avast has somehow carved out part of the drive for itself...and I can't get to it. So installing a fresh copy of Windows won't fix it. I will have to throw the drive away after copying the files off the old one, leaving that \??\ partition behind.
-
Format your hard drive and install a fresh copy of windows and it should be working fine.
-
For very obvious reasons, I am reluctant to do that. I am going to find a partition manager first and see if it can even see the \??\ folder/partition or whatever it is. After that, I will copy everything over to a new drive and discard the Avasted one.
Needless to say, Avast is being removed from the other ten computers here. At least when Microsoft AV crashes, it blue screens, so it's easy to fix.
-
Try using Knoppix http://knoppix.net/ it makes a good rescue system.
-
These are dated 1/1/14; that is, after the problem surfaced. Should I swap them anyway?
But I thought you said you restored files that were after the issue ? If so, and a manual restore could fix it I would assume those files are corrupted too ?
http://community.spiceworks.com/how_to/show/214-perform-a-system-restore-manually-when-windows-is-not-bootable
It's clearly not a registry problem.
.....Agreed...........so if this is a O/S corruption issue why play with physical partitions just yet ?
I would sure try..........
1) System File Check SFC /scannow ......this can repair O/S issue.
http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm
2) A "Repair" install...........this is NOT, I repeat not, a format HDD with clean install of Windows.
http://www.michaelstevenstech.com/XPrepairinstall.htm
.....lastly reading thru the thread it sounded like chkdsk or some other function was thrashing the HDD.....however, you don't know what it was. Thus, if you can get to the command prompt perhaps try chkdsk c: /f and see if it fixes......you can always run without the /f to see the issues first. Be sure to run in the root directory.
-
Try using Knoppix http://knoppix.net/ it makes a good rescue system.
Since Knoppix is read only to the file system you may want to use BartPE.
http://en.softonic.com/s/bartpe-windows-xp
YouTube How-To: http://www.youtube.com/watch?v=wwpy55mb-nk
Here is how to run System Restore from BartPE
http://www.ehow.com/how_6158243_run-system-restore-bartpe.html
Another good recovery CD is UBCD: http://www.ubcd4win.com/
Also, for gurus on O/S & Recovery side of world there is a lot of Forums but here is ElderGeek.....good guys there.
http://www.theeldergeek.com/forum/index.php?s=29593ad23c269c5a992118c426f6cc1c&showforum=2
-
You need to bear in mind that windows reports the last successfully loaded driver and not the one causing the problem
-
Hello,
Follow this guide (If you cannot Boot the computer) and attach FRST.txt log http://forum.avast.com/index.php?topic=53253.0
Actually it is an Avast issue updated and the same thing happened to my system. So I went into safe mode and unistalled Avast and the system works fine.
-
You need to bear in mind that windows reports the last successfully loaded driver and not the one causing the problem
Question to you the expert (you)......there are SO many posts on during boot a lock with last driver shown as asw*****.**** and many folks with your guidance use FRST with the TXT file to delete Avast.....then system runs fine. To me this begs the question......what "Vast" driver is after these that is locking the boots or is the driver shown truly "completed" or possible it is but not released to next ? I've been reading this V9/2014 Forum for months now.....completely paranoid to try Avast V9......and over 90% of the solutions are to do a clean uninstall and re-install. I know for every poster of BSOD or lock that there is 1000 folks doing fine but with such a high percent of the postings pointing to some corrupt install (GUI, etc.) I just wanted to run by for your thoughts ?
-
Let me summarize the problem, because I don't think everyone understands what happens...and what I have done to fix it.
The system, in both Safe and Normal mode, loads part of the way, then starts thrashing the hard drive.
I loaded to a Bootlog system.
When I inspect the Bootlog file, the system loads normally in both modes until it encounters the following commands, after which it stops loading drivers, then it loads a driver, then it stops loading drivers, ad nauseum in a loop:
Loaded driver aswVmm.sys
Loaded driver aswRvrt.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys
Avast has been uninstalled and the default Windows registry files were copied from the Repair folder. I also did a manual search for all ASW files and there are none remaining on the drive.
Therefore, it's clearly not a registry problem, as the system does the same thing when a fresh registry is installed.
ChkDsk has been run, repairs have been run from the original Windows CD, the system has been restored to four different backup points, and the same drivers still try to load.
I am baffled as to exactly where these loading instructions are coming from. A fresh registry from the initial Windows installation should not allow this to happen. What other file(s) instruct Windows as to which drivers should be loaded? And why should these drivers be loading during Safe Mode at all?
-
Let me summarize the problem, because I don't think everyone understands what happens...and what I have done to fix it.
The system, in both Safe and Normal mode, loads part of the way, then starts thrashing the hard drive.
I loaded to a Bootlog system.
When I inspect the Bootlog file, the system loads normally in both modes until it encounters the following commands, after which it stops loading drivers, then it loads a driver, then it stops loading drivers, ad nauseum in a loop:
Loaded driver aswVmm.sys
Loaded driver aswRvrt.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys
Avast has been uninstalled and the default Windows registry files were copied from the Repair folder. I also did a manual search for all ASW files and there are none remaining on the drive.
Therefore, it's clearly not a registry problem, as the system does the same thing when a fresh registry is installed.
ChkDsk has been run, repairs have been run from the original Windows CD, the system has been restored to four different backup points, and the same drivers still try to load.
I am baffled as to exactly where these loading instructions are coming from. A fresh registry from the initial Windows installation should not allow this to happen. What other file(s) instruct Windows as to which drivers should be loaded? And why should these drivers be loading during Safe Mode at all?
OK....so clearly Avast is still trying to "load" something and there are remnants of the install. How & What did you use to uninstall if you can't boot to Safe Mode or Windows ?
I think the next steps should be for Essexboy to step you thru using FRST. He'll show you how to create bootable USB or CD with it and he can blow away all remainders of Avast. Also, just reaching for items but in http://forum.avast.com/index.php?topic=144233.0 the guy mentions "to get a reboot I renamed the file aswSP.sys (eg to aswSP.sys.bak) that is in the folder windows/system32/drivers".
Seems you can get to command prompt somehow since you said you have looked for Avast files ? If so, check for this one.
Also, hopefully Essexboy will chime in on FRST but looking at one of his "example" FRST logs here are some other locations of Avast files he was getting rid of in FRST. I only post them for you to see the path to look for..........if you find any I would rename, with .bak, not delete.
Note, you can see the drivers below you outline in your boot log......
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
...............for the below statement from..........
Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys
..........obviously look for the aswFW.sys as well.
FYI, you mention about "partition" but I'm only guessing that Avast uses a "hidden/virtual" partition to accomplish things.
Obviously, I am not expert nor have any official insight on how/what Avast does but just a guess on why you see the \??\.
-
I have already made a bootable USB as described, ran FRST, uninstalled Avast via a FIX file, the Avast Cleanup Tool, manual scrubbing of the System32 folder, and disable registry entry commands made via the Recovery Console. There should be no trace of Avast left, and yet, there apparently are still drivers somewhere that I cannot find.
So yes, I can boot from the USB drive and do things from there, such as copy and paste registries. But as I stated above, copying a brand-new default registry and pasting it into the \system\config folder does not fix the problem.
-
I am reinstalling Windows. Thanks anyway.
-
I am reinstalling Windows. Thanks anyway.
Why not try System File Check SFC /scannow to repair O/S first ? http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm
Then if this does not work do a "Repair" install...........which is not the same as formatting HDD with clean install of Windows. http://www.michaelstevenstech.com/XPrepairinstall.htm
Either way....let me know how it goes........