WinXP Pro freezes on boot in normal and Safe Mode - stops at aswRvrt.sys...?

[thekochs]

Another thread where Essebox goes thru the steps....look at reply #3. http://forum.avast.com/index.php?topic=131070.0
Perhaps you can get ahead of the game and get the logs posted.
Note.....he does say: I can remove Avast or any malware but there is no guarantee this will work as a few systems have been broken by windows updates

For the CD key....check her machine...usually a sticker put on it that is very hard to peel off...so usually they are there.
....sometimes on notebooks they are on bottom of machine.....just check all around the box.

I'll cross my fingers for you.

[Darkstrike]

There is an XP Home key on the side of her tower case, but I don't think that is the one I used on her machine....pretty sure her machine has XP Pro as we were given the computer by a friend of hers and I recall being the one who formatted it, but I am fairly certain I had used my own XP copy.

I would post the logs, but I can't seem to get into Reatogo to run FRST as all I get when I boot Reatogo is a blue screen with a mouse cursor and seemingly nothing else....maybe my download for it is corrupt? I see Essexboy mentions an ISO for it in that link you posted, but I don't see a download link to the ISO anywhere...?

[Darkstrike]

An update! I decided I'd try re-burning the CD for Reatogo in case the burn failed at a higher speed, so I burned it at 2X speed and it boots now! Going to run FRST and post the logs in a few.

[Darkstrike]

Log complete and attached:

[thekochs]

Going to bed....long night.....hopefully Essexboy will see in morning and post.
I took a quick look and there is a lot of restore points (daily, good job Mom !!!) on machine.......good deal.....may be one avenue.
Don't get creative and try stuff....wait.

==================== Restore Points (XP) =====================

RP: -> 2014-01-24 17:46 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP394

RP: -> 2014-01-23 19:56 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP393

RP: -> 2014-01-22 12:16 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP392

RP: -> 2014-01-21 10:48 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP391

RP: -> 2014-01-20 10:35 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP390

RP: -> 2014-01-19 10:00 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP389

RP: -> 2014-01-18 08:05 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP388

RP: -> 2014-01-16 21:24 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP387

RP: -> 2014-01-15 20:37 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP386

RP: -> 2014-01-14 18:53 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP385

RP: -> 2014-01-13 16:46 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP384

RP: -> 2014-01-12 10:48 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP383

RP: -> 2014-01-10 21:57 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP382

RP: -> 2014-01-09 01:08 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP381

RP: -> 2014-01-07 20:27 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP380

RP: -> 2014-01-06 16:34 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP379

RP: -> 2014-01-05 13:57 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP378

RP: -> 2014-01-04 07:47 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP377

RP: -> 2014-01-03 02:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP376

RP: -> 2014-01-02 01:46 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP375

RP: -> 2014-01-01 01:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP374

RP: -> 2013-12-31 00:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP373

RP: -> 2013-12-29 23:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP372

RP: -> 2013-12-28 22:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP371

RP: -> 2013-12-27 22:12 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP370

RP: -> 2013-12-26 18:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP369

RP: -> 2013-12-25 18:32 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP368

RP: -> 2013-12-24 15:45 - 024576 _restore{9511F5F1-E81D-431B-87D3-2D54CE80FF0A}\RP367

[Darkstrike]

Will do....I work tomorrow from 9am-5pm Atlantic Standard Time, so I probably won't be able to try anything until after I get home in the evening...mom will have to borrow my Linux Mint netbook for now to check her e-mail and stuff I guess!

[essexboy]

Hi first we will try a restore point

I will take you back to the 9th

Download the attached fixlist.txt to the same location as FRST
Run FRST and press FIX
On completion try a normal boot

[Darkstrike]

Hi EssexBoy, thanks so much for your help (and thanks to you too TheKochs!), I'll try it right now in the few minutes before I head to work...

Tried the Restore Point - FRST says it was successful, but the machine still won't boot into Windows normally, and it still won't boot into Safe Mode...it stops in the same place as it did before: aswRvrt.sys

Is the next step trying to remove the Avast drivers from startup? I won't be home until after 5:30pm my time this evening (9:30pm your time), so whatever you suggest next I will have to try then! Thanks again for the help so far from you both!

[essexboy]

OK that is the next setp

Download the attached fixlist.tx to the same location as FRST
Run FRST and press fix
On completion try a reboot

[thekochs]

Hi first we will try a restore point
I will take you back to the 9th

Essexboy. I have a "theory"......granted with absolutely no proof behind it but with lack of response to me Avast Team questions on all these aswRvrt.sys hangs all I can do is "theorize"......that Avast9 is much more intrusive (to try to be a better A/V) and it can see on some Windows updates those as major PC changes.  I say this because most of these folks see this all seem to be after Windows Update....which requires boot and then the hang.  My only point is Avast Team should really take a look at this possibility because clearly there is correlation to Avast (I know some machines are HDD hardware, come have been file system issues) but seems too coincidental to me not to at least investigate.

Anyway, back to the thread.......perhaps Darkstrike should confirm when he did the XP O/S updates.  I only say this because if before the 9th which you RP to then perhaps this needs to go back further ?  Either way getting rid of Avast via FRST should be telling too.  Thx for coming to the thread !

[Darkstrike]

@ TheKochs - I did the updates literally last night and then restarted the machine within 5 minutes of the updates finishing, that is when all this started, so the 9th would've been a good choice for a restore point, but sadly, hasn't worked.

As for the "removing-Avast'from-startup" fixlist EssexBoy just gave me, trying that one now.........and it didn't work, fix was successful (fixlog attached), but when trying to boot Windows normally now, I end up with the same symptoms as before, but the screen is black.

As for trying it in Safe Mode, it goes down the list as far as Mup.sys, trying to boot SPTD.sys, and then it also freezes there.

[essexboy]

Does the last known good option work on the safe menu ?

[Darkstrike]

I had tried that already and it didn't work, should I try it again? (NOTE: I had tried it before any of the FRST.exe stuff)

[essexboy]

We could trey to remove the daemon tools component

Download this fixlist and run as before

[Darkstrike]

I haven't tried removing Daemon Tools yet, but....new symptom. For the hell of it, I let it sit at trying to boot into Safe Mode with Networking while I went up to get seconds for supper and when I came down, it is now at a screen that says:

Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair.



Doesn't sound good....