Safe Mode hangs after aswrvrty.sys

Hello all, starting a new thread for myself about what appears to be a common issue. I’ve been reading through this thread but haven’t done anything yet:

https://forum.avast.com/index.php?topic=120531

Computer: Dell XPS 8300 with Win 7 Home Premium 64-bit

Recent history:

Was using the computer two days ago (9/8) with a software sythesizer program from Arturia. The program crashed, but apparently these programs aren’t totally stable and this is not uncommon. Shut down the computer overnight and started it back up 9/9. Windows completed some updates. Used the computer for some time, no issues. I recently added a second monitor and have been working to color calibrate them to eachother. I had gone through the color calibration program in Windows but wanted to remove those calibrations and start over. Went in and deleted both ICC profiles and left the standard Dell U2412M profiles in place. Restarted the computer to get them to take effect.

On restart, computer goes to Windows splash screen and hangs. Eventually forced power down. Restarted into Recovery Mode but said it could not correct errors. No restore points available, which is odd because I always have that on. Ran Command Prompt and ran CHKDSK but could not run CHKDSK /R. Said Windows was in use or something like that. Restarted the computer and went into Safe Mode. Brief pause after aswrvty.sys loaded, but other than that it started just fine. Ran Command Prompt from there and CHKDSK /R couldn’t run, but said it would run on restart. Restarted computer but it went to the splash screen and hung before I could do anything. Had to force shut down again and then tried to run Safe Mode with Command Prompt. At that point, the system now hangs after aswrvty.sys and that’s where I am now.

Since this is a Dell, I do not have a standalone Win 7 CD. I downloaded a Win 7 Home Premium 64 ISO from this link:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/windows-7-home-premium-64bit-iso-download/709dcc12-d120-435d-91cd-52e1dd0f4c24

I have this on the desktop of the machine I’m typing this from, which is an older laptop with XP. Haven’t done anything with the ISO yet. I have tried resetting the BIOS but haven’t done anything like pulling the BIOS battery. BIOS sees the hard drive but I just tried running SeaTools for DOS from a CD and it couldn’t find any drives. The drive is a WD but I don’t think that should matter. At some point I ran the Dell diagnostics and it returned error code 2000-0142, which claims the drive has failed, but I have a really hard time believing that. To me drives don’t just completely fail on restarts. I think it’s some kind of software of virus issue.

Suggestions on where to go with this would be much appreciated.

OK as you have the windows ISO first you will need to either burn that to a CD or USB. USB would be better

Download the following two programmes to your desktop :

  1. Rufus
  2. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus

https://dl.dropbox.com/u/73555776/rufus.JPG

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

https://dl.dropbox.com/u/73555776/RufusISO.JPG

Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

Windows 7 and Vista screenshots

When you reboot you will see this.
Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

Thanks, so I’m assuming that I’d use the Windows 7 ISO I mentioned above? On your older posts about this, you provided a third link to what I believe was a recovery console ISO but you didn’t provide that link this time around.

I actually already made the bootable USB of the Win7 ISO using Rufus (thanks) and I put FRST on it as well. Booted the machine with that and tried to run repair, which didn’t work. Here’s the info it spit out:

Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.17600.16385
Problem Signature 03: unknown
Problem Signature 04: 374
Problem Signature 05: ExternalMedia
Problem Signature 06: 1
ProblemSignature 07: NoRootCause
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

From there I started the command prompt and ran CHKDSK /R. Started that about three hours ago. Chugged along for a while until it got to Step 4 and now it’s hung on file 130939 of 418800. It’s been there for probably close to an hour. Shall I abort that and run FRST?

Alternatively, if I can’t get into Safe Mode, is there some sort of bootable Linux OS that I can run and pull files from this drive? I feel like perhaps I should do that first?

From your description it sounds as though the MFT is corrupt and chkdsk should fix that. If you wish to recover files then you could use OTLPE, this will give an XP type interface
Details at the bottom of the first post here https://forum.avast.com/index.php?topic=53253.0

How long shall I let CHKDSK sit there hung as it is before I abort? Could you possibly learn something additional if I aborted it now and ran FRST?

Lastly, if the MFT is indeed corrupt but CHKDSK won’t complete, is there another way to fix it?

You could abort and run FRST

Is it still on the same block ?

Yes, it was stuck there for a few hours so I just aborted it and ran FRST. Take a look. Nothing looks particularly interesting to me.

Initially I will reset the registry and see where we can go from there. It may be necessary to run start up repair two or three times after this fix

Download the attached fixlist.txt to the same location as FRST
Run FRST and press fix
On completion try a normal boot

I’m happy to do that but take a look at this first. While I was waiting, this was what I did.

  1. Burned OTLPE to a CD and tried to start the computer. Took a while to load and then it blue screened before fully starting up. Got a STOP 0x7B error.

  2. Restarted the computer using Rufus, went through the automated repair (which failed) and went back to Command Prompt. This time ran CHKDSK /F. Here are the results:

CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap.
CHKSDK discovered free space marked as allocated in the volume bitmap.
Windows has corrected the file system.

962828287 KB total disk space.
318089684 KB in 371190 files.
202168 KB in 50140 indexes.
0 KB in bad sectors.
556159 KB in use by the system.
65536 KB occupied by the log file.
643980276 KB available on disk.

4096 bytes in each allocation unit.
240707071 total allocation units on disk.
160995069 allocation units available on disk.
Failed to transfer logged messages to the event log with status 50.

I haven’t tried starting the computer since that. Your thoughts? Shall I restore the registry to the earlier point?

Try a reboot first along with a startup repair if needed

SO what I did was I actually restored the registry first like you suggested. Then I tried a reboot. No dice. Just hung at the splash screen. From there I rebooted (from the hard drive, not from the USB) and booted into Safe Mode. Stopped briefly after loading aswvrty.sys but then loaded into safe ode just fine. I’ve been running that for the past few hours and it was stable the whole time. Was able to get my Seagate expansion drive plugged in and was able to back up all my files.

Any suggestions on where I should go from here?

I rebooted the computer this time into the Repair console. I went back to the Command Prompt and ran CHKDSK /F, which completed this time and found no errors. So I decided to run CHKDSK /R after that. Just like before, it ran until:

CHKDSK is verifying file data (stage 4 of 5)
11 percent complete. (130939 of 422640 files processed)

I was about to shut off the screen for the night but it quickly finished. It generated a whole series of similar messages.

The disk does not have enough space to replace bad clusters detected in file 130977 of name .

It gave similar messages for files 130979, 130980, 130983, 130986, 130987, 130989, 130990, 130991, 130992, 130993, 130994, 130996, 130998, 130999, 131001, 131002, 131005, 131009, 131010, 131011, 131013, 131015, 131016 and 131017.

After that the final line was:

An unspecified error occurred (6e74667363686b2e b34).

At this point I’m convinced that the drive really is dying. But the fact that no file name was given on any of the errors seems odd to me.

If you have a bad cluster it may not be able to read the name… Does it now boot to normal mode

Sorry, work had me really tied up the last two days. I was never able to get back into the computer with a normal startup. But safe mode works just fine. I have to assume that the bad clusters contained files essential to Windows.

I’ve gone ahead and ordered two new identical drives and a copy of Windows 7 Professional. I’m just going to have to do a fresh load of Windows and rebuild all the programs and files this weekend. I’m going to use the mirroring/software RAID function in Windows 7 moving forward. It’s been many years but this isn’t the first drive that’s died on me, so for an extra $55 I figured the redundancy was worth it.

I’m going to try and be more diligent about backing everything up moving forward. Right now, I only have files (music, pictures, etc) backed up on my external drive, but I think I’d rather just back up an entire drive image. Any suggestion on a program to do that?

Well you could use the one I do Macrium reflect

Download and install Macrium Reflect free

CREATE EMERGENCY USB

Once installed run the programme
Insert a 4GB USB drive into the system
On the left of the dialogue select Other Tasks
Select Create bootable Rescue media
In the window that opens select Windows PE 5.0
Click Next

https://dl.dropboxusercontent.com/u/73555776/macriumbootdisc.JPG

Select Default base WIM on the next dialogue and press next

https://dl.dropboxusercontent.com/u/73555776/macriumpe.JPG

On the next dialogue select your USB drive and enable multiboot MBR/EUFI USB support (If available)
Click Finish and your rescue USB will be created

https://dl.dropboxusercontent.com/u/73555776/macriumburn.JPG

Once the burn has finished you will be asked to test the USB
Do this by rebooting the computer with the USB inserted
The computer should then start in the recovery mode
Exit from this and remove the USB
Keep the USB safe as this will enable an unbootable computer to boot

TO MAKE AN IMAGE

Connect your external Hard Disc
Run the programme and tick the partitions you wish to image (In my case I have selected System and OS )

https://dl.dropboxusercontent.com/u/73555776/macriumselect.JPG

Then click Image selected disc on this computer at the top left
Ensure that the correct partitions are selected to image
Under destination locate and select the external drive in my case G

https://dl.dropboxusercontent.com/u/73555776/macriumexternal.JPG

Click next and a summary of actions will be shown
If you are happy click finish

https://dl.dropboxusercontent.com/u/73555776/macriumconfirm.JPG

You will be asked to confirm the backup
Select OK

Once it has completed select close and unplug the external drive. Job done

https://dl.dropboxusercontent.com/u/73555776/macriumcomplete.JPG

To use the image from an unbootable computer
Start the computer with the recovery USB
Plug in the external drive and just follow the prompts :slight_smile:

So what you’re saying is that I could image the failing drive to an external drive, then I should be able to repair it because there are no bad sectors on the external drive? Following that, I could move the repaired image to the new drive?

That is correct. The image replacement will take about 15 minutes. Although being as you are copying to a new drive then maybe a clone would be better than image

http://www.macrium.com/help/v5/reflect_v5.htm in the index tab type clone and then have a look

Well this is certainly an interesting development. The last thing I had done while operating in Safe Mode and moving my files was to uninstall Avast. I was pretty certain that the driver that the computer was hanging on was another Avast driver that loads right after aswrvrty.sys

I had browsed around to look at what files had been modified right before the computer locked up and noticed that a number of Avast drivers had been modified just prior to the restart that hung.

So this morning I decided to let the computer try and start up normally. There was a decent pause but it did ultimately start. I turned on System Restore, did a quick disk cleanup and scheduled CHKDSK to run when I restarted the computer. That’s currently chugging along and while it has paused or gone extremely slow in spots, it is currently still running and is at 43% complete. It completed Stage 4 and is working through Stage 5 (verifying free space). I’m waiting to see what the results are at the end.

As far as I know aswvrt is the last avast driver to loaded in the list, so the one it is hanging on is the one after that

CHKDSK finally finished running and I was able to get into the computer with a normal startup. I’ve attached the CHKDSK log. Looks like it found 400 bad clusters on the drive. Not sure if there were ones from before?

Thinking I might just start a fresh load of Windows on these new drives so I can take advantage of the mirroring capability in Win 7 Pro.