Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sony Win 7 stalls to black screen on aswrvrt.sys


  • This topic is locked This topic is locked
16 replies to this topic

#1 WheresMyOS

WheresMyOS

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 21 July 2013 - 09:57 PM

I have a Dell Vaio E series, model VPCEB33FM running Windows 7 64-bit. It shut down after installing the July 9th Windows updates. When I turned on my computer again, the VAIO screen appeared, it looked like the computer was starting to boot, and then it went to black screen, no cursor.

I tried tapping F8 and booting in safe mode; same result. Last known good configuration didn't help. Startup Repair was unable to fix the computer. I turned the computer off and booted with command prompt, and the installation stalled on aswrvrt.sys. (I use Avast, and I think Avast updated the same day as the Windows updates.) I checked recovery options, and restoring to a previous point was not offered. Hard drive tests showed no errors.

I tried rebooting with a recovery disk (first disk of 3 created through a wizard when I first got the computer) and was not able to boot to Windows. Someone gave me Hiren's boot disk14.? And I've been able to boot to mini WinXP with that. I tried following Avast's uninstall instructions, and it deleted files in the target folder, but that doesn't change the boot problem.

I found information on Farbar and created a fix file to take out aswrvrt.sys. Now my computer boots to VAIO rescue, which I guess is an improvement, but it tries startup repair and then wants to do a system recovery. I'd rather fix the existing installation if possible.

The only programs I've installed recently are Logitech setpoint and uberoptions, which have been buggy but seemed to be playing nice for the past couple of weeks. I also installed LogMeIn to help a friend pull photos out of their weird camera software, but we hadn't found time to use it yet and the program hasn't seemed to disturb anything for the two weeks since install.

I'm tempted to take out the rest of the avast .sys files with Farbar but I'm afraid of doing more damage than good.

I'd be grateful for any help you can give me in getting this system running again.

BC AdBot (Login to Remove)

 


#2 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 21 July 2013 - 10:13 PM

Oh, forgot to include that Windows boot now stalls on aswVmm.sys, which is why I'm tempted to take out the rest of the avast sys files with Farbar.

#3 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 July 2013 - 08:17 PM

.... Any suggestions? I desperately need to get this computer working. If I need to provide more info, please let me know what's needed.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:23 AM

Posted 25 July 2013 - 12:15 PM

Let me see if I understand these words...you have a Dell system...used a Sony CD to try to install Windows or repair Windows...is that correct?

 

You mention two manufacturers, each of which has an E-series line.   Dell and Sony...what is the exact model of the computer system, please?

 

Louis


Edited by hamluis, 25 July 2013 - 12:16 PM.


#5 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 July 2013 - 12:26 PM

So sorry, I don't know why I said Dell; it's a Sony VAIO. It says E-series on one of the labels. If you cross out "Dell" in the first sentence and replace it with "Sony", the sentence is accurate including the model number. The computer worked fine til shutting down as part of a Windows update earlier this month, and wouldn't boot to Windows when I restarted it. The recovery disks I tried first were created by a wizard on the same computer.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:23 AM

Posted 25 July 2013 - 01:06 PM

Thanks :).

 

Although your desire to fix, rather than restore to factory defaults, is understandable...I would have done so long before now.  My personal allowance for problems to remain on a system is 3 days...then I have to take some action to restore order.

 

From what I see...it appears possible that you are infected, see http://forum.avast.com/index.php?topic=120531.0 .

 

If you cannot boot into Windows, it really limits your options, IMO.

 

Louis



#7 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 July 2013 - 01:26 PM

So there's no way to use my registry backups to fix the boot issue, or to remove the sys files that are stalling the boot? I can boot with Hiren's disk, though I realize that's not the same as booting to the native Windows system.

Thanks for the link, I will run the tests mentioned there. I didn't assume an infection because between Avast, a firewall, Threatfire, and a bit of caution the system has stayed clean (as far as I can tell). The system was rebooting fine right before the Windows and Avast updates, so it seems like the infection would have to coincide with the time of the updates.

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:23 AM

Posted 25 July 2013 - 02:07 PM

I'm not familiar with Hiren's, so I can't speak of how to use it.

 

If the cause of your problems was/is a malware infection...you need to be in a different forum since this forum doesn't try to deal with issues beyond the scope of Windows 7 O/S problems.

 

Registry backups...are only useful on a system that boots into Windows or where the user has tools to to replace the registry in the Windows install.  I can't address such because I've never attempted or accomplished such.  Replacing the registry is (IMO) not guaranteed to even address your situation.  Did you receive any onscreen message indicating that your registry had a problem?

 

I think that you'd better await some inputs from other members here.

 

Louis



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:23 AM

Posted 25 July 2013 - 03:51 PM

Hmm, this could either be a problem with Avast!, malware or corrupt system files (from what I have seen). If you don't want to restore then I suggest making a topic in the malware removal forum with your FRST log. They may be able to help you remove Avast! too, but no promises on that.
This is a long shot, but you could try this (I'm not sure if it will work, but worth a try), although make sure you have your windows product key: http://www.sevenforums.com/tutorials/3413-repair-install.html

Also, what did you use to make registry backups (Regedit, ERUNT, e.c.t)?

xXToffeeXx~

Edited by xXToffeeXx, 25 July 2013 - 03:54 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 July 2013 - 11:13 PM

The registry backups were made regularly with ccleaner.



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:23 AM

Posted 26 July 2013 - 05:43 AM

Also, when you say windows stops on each of the Avast! drivers, it means that these drivers have been loaded successfully, and the driver after these ones which they stop on are causing the problem. So both of these Avast! drivers are fine, but the ones after are not.

 

 

Well that's no good about the backups. CCleaner's registry backups are useless if you cannot get into any mode, ERUNT is much better as you can use it to restore the registry when Windows cannot boot.

 

Since you have registry backups from CCleaner, I imagine you are using the registry cleaner. If you are not, then you can ignore this.

 

 

The following was originally posted by Animal, one of our Site Administrators.

 
Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
 
• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
--------------------------------------------------------------
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
 
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
 
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
 
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in unpredictable results.
 
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning toolsunnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting againFor routine use, the benefits to your computer are negligible while the potential risks are great.
 

 

---------

 

Your options are pretty limited as you cannot boot into any mode, you can either try the repair install (you won't lose any data), or post the FRST log in the malware removal section and see what they can achieve. Sorry I cannot help you more, but there is no proven solution to your problem, and from what I have seen this often it ends in a re-install of windows. The whole nature of the situation is difficult, due to having no idea what driver is really causing the stop.

 

xXToffeeXx~

 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2013 - 07:30 AM

Thank you, Toffee. A few more questions before I toddle off to the malware section--first, - you referred to the windows product key; that would be the key on the sticker on the bottom of the laptop, right? (still running original operating system.)

 

Also, my computer prompted me to make a set of 3 "recovery disks" from a wizard when I first bought it. I always thought a recovery disk would include a boot disk, but disk 1 of 3 was definitely not a boot disk. Didn't think to try the other two. Now I'm looking at these disks and wondering what, exactly, they're good for. Can you enlighten me?



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:23 AM

Posted 26 July 2013 - 07:55 AM

Thank you, Toffee. A few more questions before I toddle off to the malware section--first, - you referred to the windows product key; that would be the key on the sticker on the bottom of the laptop, right? (still running original operating system.)

 

Also, my computer prompted me to make a set of 3 "recovery disks" from a wizard when I first bought it. I always thought a recovery disk would include a boot disk, but disk 1 of 3 was definitely not a boot disk. Didn't think to try the other two. Now I'm looking at these disks and wondering what, exactly, they're good for. Can you enlighten me?

Yes, that is correct. Might be easier to make a note of that, rather than trying to read it off the bottom of your laptop (I tried it, it was not easy and I ended up getting it wrong xD).

 

Well, they are good if you want to restore your computer back to factory basics, but you will loose all your data. If you want to use them, then I suggest attempting to backup your data using puppy Linux or slaving your hard drive to another computer. If you have the instruction booklet for your computer then it will probably have instructions on how to use them.

I would say if do use them, a lot of the programs you probably do not use (like bloatware) will be added back into your computer.

 

Anyway, good luck in the malware section (you know where to go?), you may have to wait a little bit though.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 July 2013 - 09:02 AM

Thanks; everything is already backed up.I just hate the thought of all the hours it will take to restore my work environment if I have to reinstall.

I looked for a malware forum and found 'am I infected' , is that the right one?

#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:23 AM

Posted 26 July 2013 - 09:15 AM

Thanks; everything is already backed up.I just hate the thought of all the hours it will take to restore my work environment if I have to reinstall.

I looked for a malware forum and found 'am I infected' , is that the right one?

It may come to that, but I hope not.

 

Well, considering your problem a post here: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ would be more appropriate. When you create your topic, make sure you include your latest FRST log and a recap of your problems so the team can help you. You'll be in good hands, and I'll be watching your topic :)

 

Just post back here with a link to your topic and you should be good to go.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users