Hi,

my system will sometimes stop while booting to windows. It doesn’t happen every time, but seems to be random. It happens about one out of two times I start my computer. It’s been happening for quite a while, at least several months without me being able to figure out why. A week or so ago I ran msconfig and enabled /BOOTLOG in boot.ini, and today I’ve analysed my boot log file (c:\windows\ntbtlog.txt) and see that every time my system stopped it was after loading aswMon2.SYS.

The file is located in windows\system32\drivers and is described as “avast! File System Filter Driver for Windows XP”, version number is “4.8.1296.0”.

One thing I notice is that the boot log says it’s loading aswMon2.SYS, while the actual file name is aswmon2.sys (lower-case). I guess it doesn’t matter though since it works some times and the log says that the file is being loaded, but the windows file system (NTFS) is actually supposed to be case-sensitive (see: http://support.microsoft.com/kb/100625).

Seeing that the driver has something to do with file systems (description is “avast! File System Filter Driver for Windows XP”), I should inform that I’m using Ext2 IFS driver to be able to access an ext2 partition on my hard drive.

I have several partitions on my drive, 2 NTFS, 3 FAT32, 1 FAT, 1 ext2 and 1 CDFS (Alcohol 120% virtual drive). I suppose the virtual drive isn’t a physical partition on my drive though, just thought I’d mention it too. I only have one internal hard drive, but occasionally I’m connecting an external drive (FAT32). The problem does not seem to have anything to do with the external drive though, as it may occur whether or not the external drive is connected.

I’m attaching ntbtlog.txt to this post in case it may be of help. It’s in norwegian; “Lastet driver” means driver was loaded, “Driver ble ikke lastet inn” means it was not loaded.

Edit: the forum didn’t upload the file properly, and attaching it as zip didn’t work. Trying to rename it as .log and see if that works…

Does anyone have any advice for me on how to fix this? I guess I could un-install avast, but I’d rather have it fixed.

What exactly does it mean “stopped”? Froze or restarted/bluescreened?

I mean “froze”. It hangs and will not move on. I have to force shutdown and then re-start the computer (there’s no re-start button on my laptop), and then it may or may not work.

There’s no blue screen or error message.

If you have a PS/2 keyboard (i.e. not USB), could you please try to generate the memory dump at the moment when the computer is frozen, as described e.g. here, and upload it to our server?

Thanks for looking into it.

I’ve uploaded MEMORY.7z to ftp://ftp.avast.com/incoming. Hope it’s ok that I used the 7-zip format. The dump file was only 768MB, the size of my page file limit, while my RAM size is 2GB. Do you need a dump of the entire memory or may this be enough? I’ll have to clear out some disk space and increase my page file limit, but that won’t be a problem if you need it.

You could try: Program Settings > Troubleshooting > (check) Delay loading of avast! services after other system services.

Thanks, but it didn’t help. It was looking promising, the computer booted properly 3 times, but on the fourth boot the same problem occured.

Hi ev,

could you please try the following: go to avast settings, Troubleshooting page, and check the “Delay loading of avast services” box.

Would that make any difference?

Thanks
Vlk

Afraid not, that’s what Everready asked me to do 3 posts ago, to which I replied that it didn’t help.
I did that, booted the computer 3 times successfully, then on the fourth boot the computer stopped again (this is “normal” btw, with this problem anyway). Seeing that it didn’t help, I unchecked that setting again.

Do you need another memory dump with the setting enabled?

It would actually be helpful. But ideally, I’d need a full dump (i.e. not a truncated one).

BTW you can temporarily reduce the size of RAM used by the system by using a boot.ini setting /MAXMEM=
(see http://technet.microsoft.com/en-us/sysinternals/bb963892.aspx for details).

Well now suddenly it’s playing nice… I’ve booted the computer successfully about 20 times or so this morning. I don’t get it. I can’t think of what might have changed. Maybe it’s not entirely random, that it depends on certain circumstances which has not been reproduced the last 20 boots. Nothing changed between these 20 boots btw, they were done consecutively without interruption. I’ll report back when/if the problem reoccurs.

Do you know what exactly aswMon2.SYS does? Any guesses as to what the problem might be? Maybe I could be able to reproduce it if I had a better idea of what the problem is/was.

Well isn’t that typical?

Of course, it’s the avast Standard Shield provider. It is one of the key components of avast.

Analysis of the (truncated) dump indicated that this might be a weird locking issue somehow related to the loading of the graphics drivers… :-\

Thanks
Vlk

That might make sense… I often connect an S-video out from my computer to an external screen, maybe it has something to do with the S-video port or something. I’ve booted a couple of times with the S-video plugged in and then unplugged, but have still not been able to reproduce it. I guess we can assume that the “Delay loading of avast services” option has fixed the issue for now. It’s strange though that when at first I enabled this option it didn’t seem to help.

In case anyone has similar problems later, I can inform that my computer is a dell inspiron 9300 with ATI mobility radeon x300 graphics card.

It happened again today, but apparently I had forgotten to raise the page file size limit, so again the memory dump was only 768MB (RAM is 2GB). I have no idea why it happens, it seems totally random. Nothing connected, nothing changed.

In case it helps I’ve uploaded 20081223.1230-memory-dump.7z, and I’ve increased the page file limit now for the next time it happens.

Happened again and this time I’ve got a complete memory dump. Uploaded 20090104.1400-memory-dump.7z to ftp://ftp.avast.com/incoming.

I noticed that a program called savedump.exe was running for a couple of minutes after the following reboot which seemed to do some editing to the dump file (the “last edited” time stamp of memory.dmp was changed after savedump.exe had finished), but I assume that’s normal.

There is no file in your FTP site.

You don’t have read access, only write.
You can’t see the uploaded file but it should be there