AVG hosed the OS - BSODs, bootrec/fixboot "Access is Denied"

[Appletax]

Got a custom gaming / business PC with Win 10 that keeps crashing with BSODs.

I checked the hardware to see if it could be causing problems. RAM and PSU tested good.

Kept showing "Your PC/Device needs to be repaired" - a required device isn't connected or can't be accessed. Error code: 0xc0000225. Pressed F8 for Startup Settings and tried various options - Safe Mode, disable driver signature enforcement, disable early launch anti-malware protection. All of these options caused a different BSOD - the OS could not be loaded due to an issue with File: \Windows\System32\drivers\avgVmm.sys, error code: 0xc000007b. That showed me that AVG was the culprit.

Tried to do a System Restore, but there were none available.

Booted Win 10 Installer USB and tried Startup Repair, System File Checker, Check Disk, deleted all the AVG files in the drivers folder using CMD - now it always goes to a BSOD saying, "Inaccessible_Boot_Device."

Tried using bootrec commands to fix it. bootrec/fixmbr always works, bootrec/fixboot always says "Access is denied" no matter what I try, bootrec/scanos shows 0 Windows installations.

Disabled fast boot, which could be a cause for the access denial.

Note: D: is the Windows partition's drive letter (which can be found using bcdedit |find "osdevice").

Used DiskPart to assign a drive letter (N to the EFI partition and then used the command format N: /FS:FAT32. Tried repairing the bootloader with the command bcdboot D:\windows /s N: /f UEFI, which says "boot files successfully created."

Directory of D:\Boot shows 3 directories and 0 files - <DIR> . , <DIR> .. , and <DIR> sm_da.

bcdedit /export C:\BCD_Backup

cd boot

attrib bcd -s -h -r results in "file not found - bcd."

Pics of some things I tried:




Edit: now it shows "Error code: 0xc0000001"

--

My brain is fried lol. I sooo badly just want to nuke and pave right now. I don't know what else to do. The only bad part is having to reinstall his programs, some of which may require having to call the software maker's tech support to install it.

It sure would be nice if the D:\Boot directory had 'BCD' in it. That might help.

 

[britechguy]

Well, if it's a Windows 11 machine, and he has the new Windows Backup of Apps and Settings turned on, there will be a lot less reinstalling of programs than you think.

I've now dealt with two different machines that were backed up that way, and apparently MS keys the machines with something completely distinctive to them, so when you nuke and pave, part of the re-paving is a question appearing that says there is a backup available for this machine, and with whatever name the computer had immediately prior to the N&P, and asking if you want to restore from it. It's astounding just how much of the user's precise Windows ecosystem, including installed apps, comes right back.

One of those could actually be AVG which, of course, should be promptly uninstalled.

 

[Appletax]

You could try removing the virus (AVG) using fellow 'nibbler @AlexCa[/USER[/URL]] 's Antivirus Removal Tool.[/URL]
[URL='https://www.technibble.com/forums/threads/windows-repair-toolbox.62121/page-30#post-763511']Also WRT (Windows Repair Toolbox) from [USER=104089]@AlexCa has a nice tool built in with which has uninstallers for just about every AV.
Both free programs, but if they work for you I'm sure the author could use a donation.
Complete removal may help.

How do I use them given that this PC cannot boot? Should I dock the SSD and run the program on my bench PC? Should I use something like Hiren's BootCD so I can have a live version of Windows?

 

[GTP]

How do I use them given that this PC cannot boot? Should I dock the SSD and run the program on my bench PC? Should I use something like Hiren's BootCD so I can have a live version of Windows?

Yes both run from a PE like Gandalf's.
Don't use Hirens its full of unlicensed proprietary software..

 

[GTP]

Sorry I messed up my post and deleted it but you obviously saw it before I did, lol

 

[Appletax]

Yes both run from a PE like Gandalf's.
Don't use Hirens its full of unlicensed proprietary software..

I cannot find a way to download Gandolf PE on www.WindowsMatters.com

I turned off uBlock Origin and still could not find it and the amount of ads on that site make it look like it has cancer. Also, lots of redirects.

Seems very sketchy:

 

[GTP]

I'm not sure where you ended up but I just went there and downloaded the new PE without trouble.
There were no ads, popups. warnings or anything else.

 

[Appletax]

I'm not sure where you ended up but I just went there and downloaded the new PE without trouble.
There were no ads, popups. warnings or anything else.

I tried Chrome, Firefox, as well as Safari on iOS and there's absolutely no download button anywhere. The ads and redirects are horrible without an ad blocker. You must have an ad blocker cleaning up that website for you. Does not make any sense that you can download it, but I cannot.

 

[Appletax]

Since I cannot use Gandolf PE, I tried Hiren's Boot CD.

It appears that I cannot do anything to remove AVG (and Avast) by using Windows Repair Toolbox because it only works inside of Hiren's Boot CD (drive letter X: ). It does not work with other drive letters such as C:. It appears the this program MUST be used within the Windows you want to change/repair - not in PE environments.

I tried using the AV remover and it didn't remove a thing. AIO repair tries repairing Hiren's. Used Hiren's to manually delete tons of AVG and Avast folders. Still BSODs to Inaccessible_Boot_Device.

I do not see an option to perform uninstalls and repairs on a different drive letter.

I do not think the solution is to remove AVG, but rather to get the boot loader to work.

 

[frase]

To me it looks like you have confused the boot sector in the partitions.

BACKUP ANY DATA BEFORE DOING ANYTHING!

I would use a PE disk or use Partition Manager Bootable to verify which partition is actually the boot sector as am unsure why it is marked as D:\

It cannot find the boot sector as it is not listed to where it should be listed via.
Disregard MB's security warning it in my opinion creates more issues than resolves any, uninstall MB if you can.
Use the recovery PE tool to boot into.
Use the program removal tool within the PE to uninstall AVG to remove all remenants relative to it.
Check the Partition Sequence via the Partition Manager and it's Drive Letter association to verify.

Have you tried using the repair BCD method within a USB bootable Win10 environment?


You can try this in relation to the denied access issue, has happened with myself on numerous occassion this seemed to work in my case.-

Assign Drive Letters to EFI System Partition

diskpartlist
diskselect disk 0  # (Replace 0 with your system disk number)
list volumeselect volume X  # (Replace X with the volume number of the EFI System Partition, usually around 100-500 MB)
assign letter=Zexit

Repair EFI Bootloader

bcdboot C:\Windows /s Z: /f UEFI  # (Replace C: with the letter of your Windows partition)

Remove Drive Letter Assignment

diskpart
select disk 0  # (Replace 0 with your system disk number)
select volume X  # (Replace X with the volume number of the EFI System Partition)
remove letter=Z
exit

Check Partition Status and Set Active

diskpart
list disk
select disk 0  # (Replace 0 with your system disk number)
list partition
select partition 1  # (Replace 1 with the partition number of your system partition)
active
exit

If nothing works, it maybe time to Nuke.

 

[Diggs]

Are you sure BIOS didn't flip from secure boot to legacy (or visa versa) and it's trying MBR/GPT (trying the wrong one) instead? I've seen it happen on a couple of machines where the onboard BIOS coin battery was dead and the power went out.

 

[Appletax]

The client needed it back ASAP for his business, so we opted to stop troubleshooting and just Nuke and Pave. Went from Win 10 to 11. It's working great now. He learned a hard lesson - stay away from AVG/Avast and keep data backed up and create system images.

Sure wish Windows had a Time Machine feature that you could use to backup specific things including software and you don't have to transfer it all to a new Mac - you can pick and choose what you want. That program is hella nice!

I will keep this thread bookmarked for the next time I run into this dreadful issue.

Thank you to all for helping me

 

[timeshifter]

Solution: nuke and pave.

Really wish you'd post this as your last post and not edit your original post and put this at the top. No point in reading the thread really at this point. It's kind of an insult to all who tried to help out, as very few are going to read what they wrote. When the first line says nuke and pave there's no incentive to follow what the group was thinking and learn from it.

 

[Appletax]

Really wish you'd post this as your last post and not edit your original post and put this at the top. No point in reading the thread really at this point. It's kind of an insult to all who tried to help out, as very few are going to read what they wrote. When the first line says nuke and pave there's no incentive to follow what the group was thinking and learn from it.

Ok, I will delete it now.

 

[britechguy]

Sure wish Windows had a Time Machine feature that you could use to backup specific things including software and you don't have to transfer it all to a new Mac - you can pick and choose what you want. That program is hella nice!

It may not be Time Machine, but if that client is an M365 user, I cannot urge you to open Settings, Accounts, Windows Backup quickly enough, then look at the Folder Sync Settings and other settings it handles.

It can and does back up your user data, apps, windows settings, etc. That's what I tried to tell you earlier. And when you nuke and pave a machine that was configured to use that feature, part of the "re-paving" process will be a prompt as to whether you wish to restore from a backup taken from {whatever machine was named} and showing an icon that typically looks like exactly the screen background that machine was using at last backup.

As far as I'm concerned, it's a game changer.

 

[Appletax]

It may not be Time Machine, but if that client is an M365 user, I cannot urge you to open Settings, Accounts, Windows Backup quickly enough, then look at the Folder Sync Settings and other settings it handles.

It can and does back up your user data, apps, windows settings, etc. That's what I tried to tell you earlier. And when you nuke and pave a machine that was configured to use that feature, part of the "re-paving" process will be a prompt as to whether you wish to restore from a backup taken from {whatever machine was named} and showing an icon that typically looks like exactly the screen background that machine was using at last backup.

As far as I'm concerned, it's a game changer.

It backs up "Apps" - does that mean only Microsoft Store apps, or all apps?

 

[britechguy]

It backs up "Apps" - does that mean only Microsoft Store apps, or all apps?

As I do not use Store Apps, I can't speak to those. It definitely backs up installed apps (or all the ones I had) including M365.

When I did the last N&P on a desktop I have, and restored from its backup, literally everything came back, down to the Personalization choices I had made.

The proviso is that this is directly linked not only to having sufficient cloud storage to make it happen, but it has to be OneDrive cloud storage. For the vast majority of M365 users in the residential world, that's not a problem. Very few of my clients (and even myself) come close to using 1 TB of storage space, period, but very very rarely indeed for "active content." Inactive content is another thing altogether and is best stored on archival media such as backup drives (with more than one copy of it, too).

 

[Appletax]

As I do not use Store Apps, I can't speak to those. It definitely backs up installed apps (or all the ones I had) including M365.

When I did the last N&P on a desktop I have, and restored from its backup, literally everything came back, down to the Personalization choices I had made.

The proviso is that this is directly linked not only to having sufficient cloud storage to make it happen, but it has to be OneDrive cloud storage. For the vast majority of M365 users in the residential world, that's not a problem. Very few of my clients (and even myself) come close to using 1 TB of storage space, period, but very very rarely indeed for "active content." Inactive content is another thing altogether and is best stored on archival media such as backup drives (with more than one copy of it, too).

Sounds like a better alternative and better value compared to using services like Carbonite, or using software like Macrium Reflect or
AOMEI Backupper to send system images to an external drive. I have it enabled on my personal PC and didn't know it lol.

For only $70 per year (MS 365 Personal), you get this feature + all the latest versions of the Office apps + 1TB of cloud storage + can be used on up to 5 devices + ransomware protection + Windows Defender identity theft monitory and dark web monitoring. Amazing value.

 

[GTP]

It appears the this program MUST be used within the Windows you want to change/repair - not in PE environments.

Emphatically No!
I used/use it from my PE's regularly. I Have Gandalf's PE on my IODD and I can run the tools built into WRT as well as any of the custom tools I have in the "Custom Tools" section of WRT.

And let me reiterate please. Hiren's has unlicensed proprietary software. If you're comfortable with that then go ahead.

I think the reason you can't download is because you haven't "made a donation" before. He's only asking for $20 US dollars. For what this PE does and how many times you will use it's worth a few dollars.

I've donated before so I get a link.

Also, there are no popup's redirects or ads for anything anywhere. I just used a vanilla version of Firefox, downloaded and run out-of-the-box. I dont know what youre doing to see that.

 

[Appletax]

Emphatically No!
I used/use it from my PE's regularly. I Have Gandalf's PE on my IODD and I can run the tools built into WRT as well as any of the custom tools I have in the "Custom Tools" section of WRT.

And let me reiterate please. Hiren's has unlicensed proprietary software. If you're comfortable with that then go ahead.

I think the reason you can't download is because you haven't "made a donation" before. He's only asking for $20 US dollars. For what this PE does and how many times you will use it's worth a few dollars.

I've donated before so I get a link.

Also, there are no popup's redirects or ads for anything anywhere. I just used a vanilla version of Firefox, downloaded and run out-of-the-box. I dont know what youre doing to see that.

Ah, I did not notice the text above the PayPal donation button. They do not mention if this only gets you this one version or if you also get future versions.



Here's what it looks like in Chrome without any ad blockers and without Malwarebytes running:

(It does this in all browsers on all my devices on all networks when there's no ad blocker running).



And then it redirected me to pr0n:



Me after seeing this ^ filth:



Edit: I was going to message the developer about this, but the only contact link I could find is his Twitter/X page that barely has any posts on it and the last post is from 2018 so I don't know if he would even get my message.