Author Topic: After updating Avast engine and definitions, windows crashed and won't re-start (Read 17254 times)

avastuniverse · « **on:** October 23, 2013, 09:51:02 PM »

Good afternoon-

Hoping someone/anyone here can help.

Was updating the Avast engine and definitions... was just about done and then the computer crashed and went blue screen.

When the computer attempted reboot, I got the following message:

"Windows failed to start - a recent hardware or software change might be the cause."

File: Windows/sytem32/Drivers/aswVmm.sys
status: 0xc000000d

Windows failed to load because a critical driver is missing or corrupt.

Please note I cannot boot at all - not in normal mode nor safe mode. And of course, I didn't make a recovery disk. Can anyone help?

Using Windows 7

Thanks for your help!

Para-Noid · « **Reply #1 on:** October 23, 2013, 10:12:08 PM »

I will PM another member who knows where to download an ISO on a flashdrive for Win7x64.
Have some patience please.

Alikhan · « **Reply #2 on:** October 23, 2013, 10:13:52 PM »

Have you tried clean boot mode and last known good configuration? Is it possible to get to startup repair and do a system restore?

avastuniverse · « **Reply #3 on:** October 23, 2013, 10:25:17 PM »

Alikhan - Thanks for the idea, but I already tried that. No luck. Can't get into anything that even looks like windows including system repair or last known config.

Para-Noid. Thanks - waiting for advice.

Any and all other suggestions are most welcome!

essexboy · « **Reply #4 on:** October 23, 2013, 11:43:13 PM »

http://forum.avast.com/index.php?topic=53253.0 go to this thread and scroll down to the section

If you cannot Boot the computer

Please print these instruction out so that you know what you are doing

•Download OTLPENet.exe to your desktop

•Download Farbar Recovery Scan Tool and save it to a flash drive.

I will then remove the corrupt driver for you

avastuniverse · « **Reply #5 on:** October 24, 2013, 12:39:54 PM »

Thanks Essex! OK, will do.

avastuniverse · « **Reply #6 on:** October 24, 2013, 06:43:57 PM »

Essex - Should I just run it - or is there anything else?
Thanks!

essexboy · « **Reply #7 on:** October 24, 2013, 07:53:25 PM »

If you use the reatogo CD to run FRST and attach that log here I can remove the corrupted file and its registry entries so that you can boot and repair Avast

avastuniverse · « **Reply #8 on:** November 05, 2013, 01:47:40 AM »

Essexboy -
Thank you again for your help. Will post in multiple entries since file exceeds post limit.
Here's the file - sorry it took so long - hadn't used the CD drive in a year. Thought it was broken too... turns out it was just came unseated. Please guide me through the rest Obi Wan!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by SYSTEM on REATOGO on 04-11-2013 20:38:03
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\KG\...\Run: [SkyDrive] - C:\Users\KG\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [ 2013-08-15] (Microsoft Corporation)
HKU\KG\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [ 2013-09-25] (Google)
HKU\KG\...\Run: [AdobeBridge] -

========================== Services (Whitelisted) =================

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-10-11] (Adobe Systems Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2010-10-17] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2010-10-17] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856384 2009-06-10] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [118680 2013-10-01] (Mozilla Foundation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [174440 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
S3 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [451936 2010-11-11] (Ralink Technology, Corp.)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [162672 2013-07-25] (Skype Technologies)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [411432 2010-09-20] (Valve Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
S3 CrashPlanService; "G:\Windows7\Program Files\CrashPlan\CrashPlanService.exe"

S4 djangostackPostgreSQL; M:/BitNami/POSTGR~1/bin/pg_ctl.exe runservice -N "djangostackPostgreSQL" -D "M:/BitNami/POSTGR~1/data"

S4 djangostackPostgreSQL-1; C:/PROGRA~1/BITNAM~1/POSTGR~1/bin/pg_ctl.exe runservice -N "djangostackPostgreSQL-1" -D "C:/PROGRA~1/BITNAM~1/POSTGR~1/data"

==================== Drivers (Whitelisted) ====================

S3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-23] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-23] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-23] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-23] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-23] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-23] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2242720 2010-01-19] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 LEqdUsb; C:\Windows\System32\DRIVERS\LEqdUsb.Sys [74320 2010-08-24] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\DRIVERS\LHidEqd.Sys [13392 2010-08-24] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41040 2010-08-24] (Logitech, Inc.)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [215040 2009-05-22] (Realtek )
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2011-04-26] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2010-09-28] (Apple, Inc.)
S3 motandroidusb; System32\Drivers\motoandroid.sys

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys

S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

avastuniverse · « **Reply #9 on:** November 05, 2013, 01:48:03 AM »

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-04 20:36 - 2013-11-04 20:36 - 00000000 ____D C:\FRST
2013-10-23 14:01 - 2013-10-23 14:01 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-16 13:17 - 2013-10-16 13:17 - 00000000 ____D C:\Users\KG\Documents\Fax
2013-10-11 17:16 - 2013-10-11 17:16 - 00002102 _____ C:\Users\KG\Desktop\nowintheusa2.html
2013-10-11 17:07 - 2013-10-11 17:07 - 00072364 _____ C:\Users\KG\Desktop\ARCHRISTY.ttf

==================== One Month Modified Files and Folders =======

2013-11-04 20:36 - 2013-11-04 20:36 - 00000000 ____D C:\FRST
2013-11-04 20:36 - 2013-04-26 15:43 - 00000000 ____D C:\users\KG
2013-10-23 14:01 - 2013-10-23 14:01 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-23 14:00 - 2013-04-26 17:14 - 01032416 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00409832 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00205320 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00092544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00084328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00065776 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00065264 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-10-23 14:00 - 2013-04-26 17:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-23 14:00 - 2013-04-26 17:14 - 00038984 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-10-23 14:00 - 2011-01-17 10:45 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-10-23 14:00 - 2010-09-27 01:27 - 01572828 _____ C:\Windows\WindowsUpdate.log
2013-10-23 13:58 - 2010-09-27 18:32 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-23 13:56 - 2013-04-29 15:34 - 00000000 ___RD C:\Users\KG\SkyDrive
2013-10-23 13:55 - 2013-04-26 18:20 - 00005022 _____ C:\Windows\setupact.log
2013-10-21 11:37 - 2010-09-28 00:52 - 00803384 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-10-21 08:58 - 2009-07-13 23:45 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 08:58 - 2009-07-13 23:45 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 08:54 - 2009-07-14 00:13 - 00718346 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-21 08:48 - 2009-07-13 23:45 - 09811672 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-21 08:47 - 2013-04-26 20:13 - 00006108 _____ C:\Windows\PFRO.log
2013-10-17 09:30 - 2010-09-27 19:39 - 00000000 ____D C:\Windows\Minidump
2013-10-16 13:18 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-10-16 13:17 - 2013-10-16 13:17 - 00000000 ____D C:\Users\KG\Documents\Fax
2013-10-14 16:08 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2013-10-11 17:20 - 2013-09-19 11:37 - 00000000 ____D C:\Users\KG\AppData\Roaming\FileZilla
2013-10-11 17:16 - 2013-10-11 17:16 - 00002102 _____ C:\Users\KG\Desktop\nowintheusa2.html
2013-10-11 17:08 - 2013-04-26 15:43 - 00569280 _____ C:\Users\KG\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-11 17:07 - 2013-10-11 17:07 - 00072364 _____ C:\Users\KG\Desktop\ARCHRISTY.ttf
2013-10-11 16:06 - 2013-04-26 17:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 16:06 - 2011-06-01 16:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 16:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-28 07:19] - [2011-02-26 01:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93

C:\Windows\System32\winlogon.exe
[2010-09-27 01:40] - [2009-10-28 01:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

C:\Windows\System32\wininit.exe
[2009-07-13 18:52] - [2009-07-13 20:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2009-07-13 18:38] - [2009-07-13 20:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\System32\userinit.exe
[2009-07-13 18:50] - [2009-07-13 20:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

C:\Windows\System32\Drivers\volsnap.sys
[2009-07-13 18:20] - [2009-07-13 20:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

1
Restore point made on: 2013-10-23 13:59:43

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3071.23 MB
Available physical RAM: 2731.36 MB
Total Pagefile: 2895.88 MB
Available Pagefile: 2823.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.65 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (Home) (Fixed) (Total:59.53 GB) (Free:13.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Dev) (Fixed) (Total:49.29 GB) (Free:49.12 GB) NTFS
Drive e: (Office External 1TB) (Fixed) (Total:931.51 GB) (Free:477.06 GB) NTFS
Drive f: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
Drive g: (Programs) (Fixed) (Total:24.41 GB) (Free:24.28 GB) NTFS
Drive h: (Storage) (Fixed) (Total:159.18 GB) (Free:81.22 GB) NTFS
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 60 GB) (Disk ID: 359E015C)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 1F6589C5)
Partition 1: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7F8A7D50)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 963 MB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=957 MB) - (Type=06)

LastRegBack: 2013-10-21 09:09

==================== End Of Log ============================

essexboy · « **Reply #10 on:** November 05, 2013, 03:21:16 PM »

This will remove the registry entries for Avast and the corrupt file

On completion reboot and you will need to repair Avast. Initially I would recommend trying repair from the control panel

Download the attached fixlist.txt to the same location as FRST
Run FRST as before and press fix.
On completion reboot

avastuniverse · « **Reply #11 on:** November 05, 2013, 05:21:07 PM »

Thank you Essexboy!! The computer is back up and running - and now with a brand spankin' new Avast 2014!

essexboy · « **Reply #12 on:** November 05, 2013, 06:55:12 PM »

Grand, so all is now well

avastuniverse · « **Reply #13 on:** November 07, 2013, 09:16:41 PM »

Essex - I spoke just a little too soon....
Now that I've re-installed Avast, it won't quite load. Everything seems to be installed, but despite registering etc. I'm "unprotected" and when I click "resolve all" or "start" from the status screen, nothing happens. Nothing - as if it doesn't know those are clickable. And when I try to "connect" installation to my account, it keeps telling me to that it could not connect to my device and to try again later...
Any ideas?

essexboy · « **Reply #14 on:** November 07, 2013, 11:24:26 PM »

I may have damaged it more that I thought

Download Avast clear to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

Run Avastclear and allow to boot to safe mode
Once complete reboot your system
Reinstall Avast

----------

Author Topic: After updating Avast engine and definitions, windows crashed and won't re-start (Read 17254 times)

avastuniverse

After updating Avast engine and definitions, windows crashed and won't re-start

Para-Noid

Re: After updating Avast engine and definitions, windows crashed and won't re-start

Alikhan

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Re: After updating Avast engine and definitions, windows crashed and won't re-start

essexboy

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Re: After updating Avast engine and definitions, windows crashed and won't re-start

essexboy

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Re: After updating Avast engine and definitions, windows crashed and won't re-start

essexboy

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Re: After updating Avast engine and definitions, windows crashed and won't re-start

essexboy

Re: After updating Avast engine and definitions, windows crashed and won't re-start

avastuniverse

Not quite fixed....Re: After updating Avast engine/definitions, windows crashed

essexboy

Re: After updating Avast engine and definitions, windows crashed and won't re-start