Each time I attempt an installation, using the latest version, I get a BSOD and cannot get back to Windows or Safe Mode, so I do not have any dumps. Each time I use UBCD4WIN to get to the uninstaller, then I clear out the registry and delete the Avast files in Windows\System32. I have tried this 3 times.

The system I am using is a Acer Notebook running Win XP Home SP3. There are no other Anti-Virus application on the system and I have run an online scan of the system as well as Malwarebytes.

I’ve run Memtest86, Scandisk (each time after the crash) and Hitachi diagnostics as well as swapped out both memory modules. At the present time I reloaded the system and it is running fine with the exception of no Anti-Virus.

Any ideas on how to get around this error?

Thanks

Joe P

When do you get the BSOD - during the installation, or on the subsequent reboot?
Why can’t you get into Safe Mode?

I cannot get into safe mode due to a BSOD with that file name. On the first attempt to install the software it crashes after the reboot.

Thanks

Joe P

Hi Joepwpb,

do you have any memoru dump files (minidumps, kernel dump or full memory dump) that you would be able to upload or send us ?

Thanks. Lukas.

As stated iin my original post, no I cannot get a dump.

Joe P

avast! drivers, including aswTdi.sys, are not loaded in safe mode… so I’m afraid it doesn’t really make much sense to me - it can’t cause a bluescreen when not loaded.

If there are any dumps in Windows\Minidump folder, you could copy them using UBCD4WIN as well. However, if you just removed avast! files, the dumps should have remained there, had there been any.

Thanks igor,

I will attempt another install (#5) and this time I will immediately go into UBCD and look for a dump. Previously, there were no dumps.

Stay tuned !

Joe P

I think the dump files are created inside pagefile and copied into the minidump folder only after the PC has booted at least full dumps do. So it may be possible to boot the system (with the drivers removed from bootable cd) after the crash - which should give windows enough time to create the dumps.

Especially they are NOT loaded in Safe Mode (Without Networking) !!!

OK, here is the sequence of events of the last failed attempt to install Avast:

Run ATF Cleaner
Clean up Registry
Check for Windows Updates
Launch the install file
Run, next, next, I agree, next, next, next, next…Installation started
NO to Schedule boot-time scan
Restart – YES
Reboot, Login
Avast loaded in the tray and then

CRASH!!

Here is the information from the BSOD:

STOP 0x0000008E (0xc0000005, 0xbaafc2ad, 0xa963fa30, 0x00000000)

Aswtdi.sys - address BAAFC2AD BASE AT BAAF8000, Datestamp 498b54cb

I immediately went into UBCD4Win and checked for a dump and there were none. Just to be sure, I looked in User>Local Setting>Temp and C:Windows\Minidump.

Now what? I am curretnly booted into UBCD4Win and have not tried any additional boots.

Joe P

1. the dump is not created in Temp folder but in Windows\Minidump\ or Windows\memory.dmp – but I assume there was non as well

2. I suggest booting into Safe Mode without Networking - aswtdi is definitelly not loaded in this situation so in the case of possible blue screen again it should not be displayed as a possible cause (but it does not mean anything anyway)

3. if booting into safe mode causes blue screen again, boot into the UBCD and delete the aswtdi.sys file from windows\system32\drivers folder and remove the HKLM\System\ControlSet001\Services\aswtdi entry if you state that that should help

4. boot the system, now it should not crash and after booting it might (should) create a memory dump, either in \windows\memory.dmp file or a minidump in \windows\minidump\ folder.

Thanks lukor…

As I stated in the beginning, once I get a crash I cannot boot into Windows OR Safe Mode. The only way I can get the system back is to go into UBCD and remove Avast.

Please advise.

Joe P

CORRECTION:

After the second attempt I was able to get into Safe Mode… and found a file named Memory.dmp but it is 1.99 GB not MB but GB !

Updare…

I went into Event Viewer and here is the data from the last 3 errors. There are others but I do not know exactly which one is from the crash.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/11/2009
Time: 1:08:36 PM
User: ACER\Joe P
Computer: ACER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments “” in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/11/2009
Time: 12:53:04 PM
User: ACER\Joe P
Computer: ACER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments “” in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 4/11/2009
Time: 12:51:24 PM
User: N/A
Computer: ACER
Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswSP
aswTdi
BANTExt
BIOS
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
vsdatant

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

That’s the full dump - it should be located in Windows folder directly, not in Windows\Minidump
Of course, the full dump would also be interesting if it’s related to the recent bluescreens (what is its timestamp? generating a full dump takes quite a few minutes during the bluescreen, so you would probably notice), but uploading it may take a while.

What is your setting in Control Panel / System / Advanced / Startup and Recovery / Settings / Write debugging information?

Yes, it was located in C:\Windows. The “Write Debugging Information” setting is set to “Complete memory dump”

I decided to go back into Event Viewer and post all of the errors after the last good entry. So, those posted here along with those in my previous post are ALL of the errors after the last good entry.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/11/2009
Time: 12:50:53 PM
User: ACER\Joe P
Computer: ACER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments “” in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 4/11/2009
Time: 12:51:00 PM
User: NT AUTHORITY\SYSTEM
Computer: ACER
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments “” in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2009
Time: 12:51:24 PM
User: N/A
Computer: ACER
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2009
Time: 12:51:24 PM
User: N/A
Computer: ACER
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2009
Time: 12:51:24 PM
User: N/A
Computer: ACER
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.
*******************************************************************************************8
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2009
Time: 12:51:24 PM
User: N/A
Computer: ACER
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 4/11/2009
Time: 12:51:24 PM
User: N/A
Computer: ACER
Description:
The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at »go.microsoft.com/fwlink/events.asp.

Problem Resolved…

After many,many hours of searching and testing it was discovered that there was a corrupt Zone Alarm Firewall file which was causing the conflict with Avast. Once I uninstalled ZA and reinstalled Avast the problem was resolved. I was able to reinstall ZA without any problems.

Thanks

Joe P

Thanks for posting back. From time to time, ZA brings troubles to avast installations…