Boot problems - aswrvrt.sys

A week or so ago I tried to logon to my desktop but got the following error: “The User Profile Service failed the logon. User profile cannot be loaded.” and my machine wouldn’t logon at all under my primary administrator account. I tried to logon to my son’s account (no admin privileges) and was able to logon normally. However, when I tried to access any critical features, I was prompted to enter my administrator password and got another error message.

So, today I tried to boot in safe mode to see if I could remedy the user account problem, but froze on the aswrvrt.sys line (like many others).

I ran the FRST and have attached the log here.

Any help is appreciated!

Regards,
Joe

Hi,

I will get someone to help you. sems like you have 2 issues. A Windows Logon issue and not booting, as if I’m not mistaken they are both seperate.

Hi it is a user account corruption, to fix that we will need to do the following :

Open up the system administrator account
Create a new administrator profile
Copy the old administrator data over to the new account
Close the system administrator account

To begin :

Boot the computer to the safe mode menu
Select the command prompt item
At the command prompt type the following command and press enter :

net user administrator /active:yes (there is a space between administrator and the backslash /)

When you get the completed reply reboot the computer
You will now see an Administrator logon use that
Let me know if you can now access the system

Wow, thank you for the speedy responses. I will try this as soon as I get home from work today and will report back here.

Thanks,
Joey

I tried to boot to command prompt, but the boot seems to freeze on:

Loaded: \Windows\Syetem32\Drivers\aswRvrt.sys

After another attempt to boot in safe mode to the command prompt, I was successful.

I was able to creat the administrator account and login with it. The reboot took a long time (much longer than normal when the machine was running well) and upon logging in as administrator, I got the following popup message:

Microsoft .NET Framework
Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.

Failed to connect to an ICP Port: The system cannot find the file specified

I did not click anything on the error box, but was able to access the administrator functions through the control panel.

OK now create a new administrator login to replace the broken one
Reboot and sign in to the new account
Is that working OK

Created the replacement admin account and logging in now.

I’m in the new admin account. It took about 20 minutes to boot up, but is running well now.

OK next task will be to copy the user data from the old account to the new one http://windows.microsoft.com/en-us/windows/fix-corrupted-user-profile#1TC=windows-7

Once done reboot and try out the new account and let me know how it is running

So, I’ve got the new account up and running, but I’m having trouble getting all of the data to switch over. My documents all copied over to the new user account, but nothing else seems to have copied over despite my following the instructions carefully. I am going to try to get them separately copied over in the morning, and if I am unable to, I will create another user account and start from scratch.

My main concern now is that shutting down or starting up the machine takes a very long time - 20 minutes or more. Any thoughts? If this is outside the scope of your willingness or ability to help I completely understand, but thought I might as well ask.

Nope, we will look at that once you are ready, although I would suggest a disc defragment initially to start the process

OK, I copied over all of the user data, completely backed up the old user file to an external drive, then deleted the old/corrupted user file.

Defrag is running now.

Any thoughts on how to make startup and shut down normal again - i.e. not 20-30 minutes for each task?

Thanks,
Joey

If you could run OTL once done I will look at the startups and drives

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Here are the scan logs.

Let me know if the startup improves after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2013/05/16 10:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2013/07/01 09:55:40 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/02 11:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/03/21 10:24:12 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2011/10/21 10:46:49 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/09/09 16:57:05 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
DRV:64bit: - [2013/06/07 20:04:53 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/02 11:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 11:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F2C4EF8F-E81C-11E2-9A50-B8AC6FCD7617}
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {C4327731-20D2-4ED9-BDFD-E20B323C0A39}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm261YYUS&ptnrS=ZLxdm261YYUS&si=1579M&ptb=vySWsnVBtorv2lC7SuxGpg&ind=2011102114&n=77defba2&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={F2C4EF8F-E81C-11E2-9A50-B8AC6FCD7617}
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/08 14:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin [2013/12/15 08:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/08 14:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@bettersurfplus.com: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha676.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha676\ff [2013/12/20 08:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta940.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta940\ff [2014/01/09 13:26:05 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
[2014/04/10 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\LogMeIn Rescue
[2014/04/10 21:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\DealPlyLive
[2014/04/10 21:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\CRE
[2014/04/10 21:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\ContentWatch
[2014/04/10 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\Conduit
[2014/04/10 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\Amazon Browser Bar
[2014/04/09 08:11:59 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\LogMeIn
[2014/04/09 08:11:58 | 000,000,000 | ---D | C] -- C:\Users\Joey and Andrea\AppData\Local\LogMeIn Hamachi
[2014/04/11 23:25:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/08 13:54:25 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\AmiUpdXp.job
[2013/10/04 07:35:53 | 000,000,286 | ---- | C] () -- C:\Windows\Tasks\Dealply.job

:Files
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Amazon Browser Bar
C:\Program Files (x86)\MyWebSearch
C:\Users\Joey and Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncbchahdjphahkafgcoepjngkooealnl

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Ok, I ran both programs and have attached the log files.

The shutdown and startup speed has increased some, but is still slower than before we had the problem.

I’m also running malwarebytes right now to see if that turns anything else up.

Once MBAM has finished we will try a clean boot to see if we can determine what is causing the delay

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

Is the start faster now

I tried to run Malwarebytes twice, both times the scan seemed to get hung up on the following file: ativpsrm.bin

The second time I ran the scan I let it run for 5 hours and it never got past that file, which seemed to be about 1/8 of the way through the scan.

I next tried the clean boot as you described, but shutdown and startup still took a long time.

OK the ATI file is one of your video drivers. Could you update your drivers

Download Slimdrivers to your desktop
Install the programme and on completion run
On the first page select Start Scan

https://dl.dropboxusercontent.com/u/73555776/slimdriver.JPG

Once it has completed click the download link on the right hand side (you can only download one driver at a time)

https://dl.dropboxusercontent.com/u/73555776/slimdriverscan.JPG

Allow the creation of a restore point prior to downloading and installing.
The driver will now be downloaded and backed up for safety. A reboot will be required on completion

Do this initially just for the video drivers