Boot loop. Safe-mode stuck at fvevol.sys

[Skyz1]

One day, after creating a Linux bootable USB, I noticed that at start up I got an error message from avastui.exe "The application was unable to start correctly (0xc0000005) Click Ok to close the application."

The creation of the bootable USB might have had nothing to do with it and was probably just a coincidence.

To fix the issue, I reinstalled Avast.

Later when I tried to install mirc, I got an error message that it could not complete the installation. I thought "hmm weird"...and restarted the computer.

At the "Windows starting" screen, it went back to restart, showing me the recovery menu screen.

I selected safe mode but it would still not start...but rather again restart and go back to the recovery menu.

I noticed during the drivers load list when attempting to start at safe mode, it stopped at

\windows\system32\drivers\Aswardisk.sys

before restarting.

Another thing to note (in case this piece of info has any relevance) is a momentary, split second flicker of BSOD right after the Windows starting screen before proceeding to restart.

Things I've tried to remedy this issue:

1. Last known configuration (advanced).
   
   
2. Startup repair through Windows 7 installation disc. (No restore points so couldn't do that).
   
   
3. Booted through Linux live USB and deleted the Avast folder in programs folder.
   

4. chkdsk: c: /f /r

   Result shows 0 KB in bad sectors.
   
   
5. Renamed aswardisk.sys to aswardisk.sysa.
   Upon doing so, the drivers load list passed aswardisk.sys but then got stuck on another driver - aswbidsh.sys. So i did the same with that file.
   Again, it passed that file, but got stuck on another file called aswbuniv.sys.
   
   I continued this procedure with 2 more avast files - aswRvrt.sys and aswVmm.sys. But then it started to get stuck on non-Avast files, such as disk.sys and subsequently classpnp.sys.
   
   When I reached a file called fvevol.sys, renaming it did not result in safe mode passing/skipping the file like it did with the others, but rather go to a Windows Boot Manager screen like the 2nd screenshot here.
   
   

6. sfc /scannow /offbootdir=d:\ /offwindir=d:\windows

   Result says "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.log windir\Logs\CBS\CBS.log."

None of the above methods changed anything, obviously.

Could someone PLEASE help? Needless to say, I don't want to do a clean install because I need my files. Nor can I do a backup because I don't have a 2TB disk atm.

Thank you so much!

[Windows 7, 64]

 

[SIW2]

Boot winpe/winre open regedit

Load the system hive in regedit search for asw and set all those avast drivers to start type 4. Do it for all controlsets.
If one of the asw drivers is a filter, delete the entry for it from {71A27CDD-812A-11D0-BEC7-08002BE2092F}

Also
you need fvevol.sys there in it's original name.

 

[Skyz1]

Boot winpe/winre open regedit

Load the system hive in regedit search for asw and set all those avast drivers to start type 4. Do it for all controlsets.
If one of the asw drivers is a filter, delete the entry for it from {71A27CDD-812A-11D0-BEC7-08002BE2092F}

Also
you need fvevol.sys there in it's original name.

Thanks for your input! Do i need Windows 10 for this? (to create WinPE)

EDIT: I just created a Windows 7 PE using this method, booted into it, and now I see

x:\windows\system32>wpeinit

followed by

x:\windows\system32>_

Where do I go from here?

Surprisingly, the internet doesn't return any results on "how to use Windows PE, as results would just come back how to create one.

Appreciate any help!

 

[SIW2]

you should have it already.

boot.wim from the installation media, or winre.wim from your hiddden recovery folder.

Or you can borrow mine
17514x64v22.iso

 

[Skyz1]

you should have it already.

boot.wim from the installation media, or winre.wim from your hiddden recovery folder.

Or you can borrow mine
17514x64v22.iso

What tool do I use to create a bootable USB from this iso?
Also, what should I expect to see when I boot into it?

 

[Snick]

Skyz1

Use RUFUS to create bootable USB from ISO

Rufus - The Official Website (Download, New Releases)
Create bootable Windows installation media on a USB stick ...
How To - Use Rufus to Create Bootable Installation Media From an ISO File
Windows Preinstallation Environment - Wikipedia

WinPE, SIW2's ISO boots to Windows PE environment. It looks just like a Windows Desktop with SIW2s tools on desktop and in additional folders.

Snick

 

[Skyz1]

Skyz1

Use RUFUS to create bootable USB from ISO

Rufus - The Official Website (Download, New Releases)
Create bootable Windows installation media on a USB stick ...
How To - Use Rufus to Create Bootable Installation Media From an ISO File
Windows Preinstallation Environment - Wikipedia

WinPE, SIW2's ISO boots to Windows PE environment. It looks just like a Windows Desktop with SIW2s tools on desktop and in additional folders.

Snick

I have the Windows download tool. Can I use that instead of Rufus? For some reason, Rufus didn't work for me the last time I tried.

I also have already created WinPE using this method and booted into it. This is what I see. Is this not what's supposed to happen?

 

[SIW2]

You will see something similar to windows desktop.

Here it is running the built in windows defender antivirus

View attachment 412421

For some reason, Rufus didn't work for me the last time I tried.

The iso can be extracted to usb with this, much simpler than rufus, just accept the default settings:
View attachment 412420

 

[SIW2]

I also have already created WinPE using this method and booted into it. This is what I see. Is this not what's supposed to happen?

That looks like the basic winpe from the big wadk download.You could do it from that - at cmd prompt, type regedit then press enter.


It will be easier to use mine so you can see what you are doing.

 

[SIW2]

If anybody wants to know how to make winpe from what is already on their hard disk, a standard efi and bios bootable version including ms system recovery options can be made in 60 seconds. No need for waik/wadk.

 

[Skyz1]

That looks like the basic winpe from the big wadk download.You could do it from that - at cmd prompt, type regedit then press enter.


It will be easier to use mine so you can see what you are doing.

OK! I'm in! Need a little help. You said load system hive in regedit. Could you please elaborate how? Where is the systems hive that I should load in?

 

[SIW2]

click on HKLM (hkey_local_machine) in regedit.
View attachment 412422


Click load hive
View attachment 412423

Browse to your windows installaion windows\system32\config folder
select system

View attachment 412424

give it a name e.g. LOOKHERE
View attachment 412425

you can make changes to the LOOKHERE entries.
View attachment 412426

You will need to use the Find function to search for ASW in both controlsets.
It stops on each it finds, press F3 to look for the next - there will be several entries.

when done, unload hive

 

[SIW2]

OR

after you loaded the system hive as the name LOOKHERE in regedit, you could use regscanner to search for ASW- it is much faster and will list them all

regscanner is under the start menu\programs in a folder called regworkshop

According to your first post, you are looking for these

aswardisk
aswbidsh
aswbuniv
aswRvrt
aswVmm

 

[Skyz1]

click on HKLM (hkey_local_machine) in regedit.
View attachment 412422


Click load hive
View attachment 412423

Browse to your windows installaion windows\system32\config folder
select system

View attachment 412424

give it a name e.g. LOOKHERE
View attachment 412425

you can make changes to the LOOKHERE entries.
View attachment 412426

You will need to use the Find function to search for ASW in both controlsets.
It stops on each it finds, press F3 to look for the next - there will be several entries.

when done, unload hive

OR

after you loaded the system hive as the name LOOKHERE in regedit, you could use regscanner to search for ASW- it is much faster and will list them all

regscanner is under the start menu\programs in a folder called regworkshop

According to your first post, you are looking for these

aswardisk
aswbidsh
aswbuniv
aswRvrt
aswVmm

Beautiful! Thank you! Another question. Sorry. Tried to figure it out on my own but failed. You said "set all those avast drivers to start type 4" and "If one of the asw drivers is a filter, delete the entry for it from {71A27CDD-812A-11D0-BEC7-08002BE2092F}"
Could you guide me on how to go about doing those things? Below is and example of what i see.

I also used RegScanner and searched the first file "aswArDisk. It pulled up a whole list for only that file... 6 in \Set001\services and 6 in \Set002\services. And a {4D36E967-E325-11CE-BFC1-08002BE10318} in each Set folders. Am i working on all those 14 entries?

 

[SIW2]

Yes. remove the aswardisk from upperfilters. partmgr needs to stay there

double click on the word upperfilters
delete aswardisk
click ok

when you come across the drivers under the services key , change the start type to 4 (disabled)

double click on the word Start
set the value to 4
click ok

 

[Skyz1]

click on HKLM (hkey_local_machine) in regedit.
View attachment 412422


Click load hive
View attachment 412423

Browse to your windows installaion windows\system32\config folder
select system

View attachment 412424

give it a name e.g. LOOKHERE
View attachment 412425

you can make changes to the LOOKHERE entries.
View attachment 412426

You will need to use the Find function to search for ASW in both controlsets.
It stops on each it finds, press F3 to look for the next - there will be several entries.

when done, unload hive

Yes. remove the aswardisk from upperfilters. partmgr needs to stay there

double click on the word upperfilters
delete aswardisk
click ok

when you come across the drivers under the services key , change the start type to 4 (disabled)

double click on the word Start
set the value to 4
click ok

OK done. I just - only - edited the "Upperfilters" and "Starts". Nothing else. ��?

Could you explain this part?..."If one of the asw drivers is a filter, delete the entry for it from {71A27CDD-812A-11D0-BEC7-08002BE2092F}"

 

[SIW2]

In your case, the filter was in here
{4D36E967-E325-11CE-BFC1-08002BE10318}

If you did all that properly, then avast drivers should have no effect on getting into windows.

If you still have a problem, it is something else. I assume you named fvevol.sys back to how it should be?

 

[Skyz1]

In your case, the filter was in here
{4D36E967-E325-11CE-BFC1-08002BE10318}

If you did all that properly, then avast drivers should have no effect on getting into windows.

If you still have a problem, it is something else. I assume you named fvevol.sys back to how it should be?

Yes, I named fvevol.sys back to its original. But now it's stopping at CLASSPNP.sys. How to proceed now?

 

[SIW2]

It now appears that it wasn't the avast drivers causing the problem.

Is there any reason why you haven't done an install onto another partition. It only takes about 15mins.
Or if there is enough space, you could install onto the same partition - the existing windows namespace folders will be moved into windows.old so you can fish data out later.

 

[Skyz1]

It now appears that it wasn't the avast drivers causing the problem.

Is there any reason why you haven't done an install onto another partition. It only takes about 15mins.
Or if there is enough space, you could install onto the same partition - the existing windows namespace folders will be moved into windows.old so you can fish data out later.

How do i do that? I am worried of losing my data. That's why I haven't done it. They are not only stand alone files, but also programs with data that i need. I am afraid of losing the programs and subsequently my data. I have 307 GB free in the partition where Windows is installed and 85.1 GB on the other partition i created to store files.

Could this be an issue caused by my GPU. I dropped my laptop a while ago. I think that caused one of my integrated graphic cards to physically come loose because whenever I started Windows the screen would be pixelated and green. Pressing down on the keyboard area would return things to normal, but letting go would return the pixelation.

I used to disable that graphic card form device manager upon starting windows. Also, my keyboard is faulty. Could either one of these be the issue, even though they weren't for a long time and how this started was from Avast?
In any case, if it's a possibility, how can we rule them out?

EDIT: If it's stopping at CLASSPNP.sys, isn't the problem the driver after it, and not classpnp.sys?
On the other laptop, the driver after classpnp.sys is aswbuniv.sys.

I just tried loading system hive following the previous instructions but...
1) there is no more ControlSet002 and...
2) I can no longer find aswardisk.sys.
Is it because of what we did?

Thoughts?