EDIT in case someone reads this in the future:
These issues may have been exacerbated by:
a. An issue with one of my RAID 0 HDDs starting to fail (with some errors in empty clusters)
b. Windows’ own System Image restore utility being particularly finicky if restoring to a RAID array.
I never learned what ultimately caused aswVmm.sys to get corrupted, but in the end did a fresh install of Windows after removing the suspect HDD and changing to a simpler non-RAID configuration.
In summary, two related issues on a Win 10 Pro PC:
Something went amiss with aswVmm.sys
This led to forever stuck in an ‘Automatic Repair’ loop, with no way to get even to Safe Mode
My Win 10 Pro PC is now stuck in a cycle of ‘Automatic Repairs’, with this entry within the logfile SrtTrail.txt:
Root cause found:
Boot critical file c:\windows\system32\drivers\aswvmm.sys is corrupt.
Moreover I cannot get it to actually go into Safe Mode (hoping to uninstall Avast there), even though I can get to the F8 option for Safe Boot and I use the bcdedit /set technique here: (http://winaero.com/blog/how-to-stop-an-automatic-repair-loop-in-windows-10-and-windows-8/). (Nor does choosing disable driver signature enforcement or disable early launch anti-malwire drive help avoid the auto repair.)
I do have a previously built USB recovery drive, but booting from it still results in Automatic Repair only.
I’ve tried oddball things like ‘hiding’ the aswvmm.sys file; copying the file from another PC… no change in the insistence on Automatic Repair.
So looking for advice for any paths like the following, understanding for now all I have is Win recovery mode and a Command Prompt:
How to fix this aswvmm.sys file so it will boot past it
How to uninstall Avast from a command prompt
How to get Win out of its infernal Repair loop to boot to real Safe Mode where I might be able to uninstall Avast.
(This started with the next boot after either a forced Windows update and/or a recent update to Avast. Obviously a full Win and app reinstall because of this aswvmm.sys file would be a Bad Thing
Attached are a FRST scan and a zip of the aswVmm.sys file (with fake filetype txt to allow upload).
Eddy, thanks much for your reply… Unfortunately part of my issue is I can only boot in recovery mode (not even Safe Mode), and AFAIK Farbar will not produce Additions.txt unless in normal or Safe Mode.
In case it is useful, attached are a FRST.txt now with MD5 included, as well as a separate Search for asw*.sys.
BTW, I do have a System Image Restore Point (created with Windows), but in attempting to restore this during my journey, it generated an error:
System Restore failed while restoring the directory from the restore point.
Source: AppxStaging
Destination: %ProgramFiles%\WindowsApps
An unspecified error occured during System Restore. (0x80070091)
Per this info (http://borncity.com/win/2017/02/22/windows10-version-1607-system-restore-error-0x80070091/), I effectively renamed WindowsApps and tried a restore again; again it failed, but with an unspecified error.
If this looks like a very odd one-off issue with aswvmm.sys to you experts with no clear fix, then I’m leaning toward capitulation and doing a full fresh install of Windows and my apps. Since I don’t know the real root cause of the issue (for example, I had to do a Repair of Avast a week ago after getting the “UI Failed to Load” issue) or if the aswvmm error is a red herring among more serious stability issues, a fresh, clean restart will probably give me a more stable system. Sigh…
@Spec8472: Unfortunately this is an older PC (Dell XPS 8100, circa 2009) with traditional BIOS and no UEFI support AFAIK.
Perusing the BIOS settings I don’t see anything equivalent to secure boot.
I have checked your FRST.txt file and the correct aswVmm.sys for your (x64) computer is this:
C:\Program Files\Alwil Software\Avast5\Setup\INF\x64\aswVmm.sys
[2017-05-04 08:53][2017-05-04 08:53] 0339696 _____ (AVAST Software) E76C21203E29F2DCC489EF585E0B1A38
However, the file, OS is trying to load at boot is not the same, but it should be very same.
C:\Windows\System32\drivers\aswVmm.sys
[2017-06-16 15:10][2017-05-04 08:53] 0339696 _____ () 6CCAD3C64A6A3515CBAF1F184E4A0C2C
This looks like some installer issue. I guess you have already reinstalled the afflicted PC. Am I right?
Thanks Spec8472… No, I have not yet tried re-installing over this PC. (I’m waiting just in case there is a simpler solution)
I have 3 subscriptions to Avast Pro, so I verified that on one of my other PCs this is the hash for aswVmm.sys:
C:\WINDOWS\system32\drivers\aswVmm.sys E76C21203E29F2DCC489EF585E0B1A38
So this matches your entry for the correct version.
I therefore tried a brute force method of copying this correct version above to my problem PC, overwriting the ‘incorrect’ version, then rebooting. It still insisted on ‘Automatic Repair’ (and failing). However, one small difference: the SrtTrail.txt log file now only admits “Startup Repair has tried several times but still cannot determine the cause of the problem.”, whereas before I replaced the file it cited the aswvmm.sys error (as the first pass at the bottom of the log). (Both logs attached as FYI)
So maybe this now ‘fixes’ the aswvmm.sys problem, but windows will still no longer boot out of recovery mode, as if it has given up trying.
FYI, I’m also concerned that there may be many other asw*.sys files with different hashes / signatures on my good PC vs the bad PC (looking at a comparative frst.txt log), so perhaps aswvmm.sys is just one part of the issue. Not sure if bulk copying of such drivers from one PC to another is a safe thing to try ;D
Some other possible clues:
The time/date stamp on the ‘incorrect version’ of aswvmm.sys is 5/4/2017, whereas I’m certain I’ve upgraded Avast and even performed an ‘Avast Repair’ within the last 10 days or so. (The time stamp on the correct version on my ‘good’ PC is 6/16/2017)
So I wonder: Could using the Avast ‘Repair’ operation about 10 days ago (when I had the 'UI Failed to Load" issue) have somehow reverted to a mix of older driver files?
Yes, thanks… chkdsk /f showed no errors.
I also did chkdsk /r, which also showed no errors for clusters with ‘user files’. Once it got to empty clusters it was taking forever (as in 20 hours and still lots to go) so I aborted before it was done.
Thus it doesn’t seem like it is an HDD issue, but I can’t really be 100% sure whether the slow /r progress was just because of a 1TB drive versus it was getting lots of errored (but empty) clusters.
(Hence why I’ll replace the HDD if I eventually punt and do a full re-install from scratch)
I dusted off my old diags CD that came with the PC and ran the rigorous ‘Verify Test’ on one of my two RAID 0 HDDs, and after a while started getting some unreadable block errors, and eventually even some IRQ delay error. This would reconcile with some excessive chkdsk /r execution time on empty sectors I mentioned above. So even though user file sectors and the file system seems fine, I don’t trust this HDD and will therefore focus now on a full re-install with a new HDD.
So thanks for all your help, but I’ll mark this as solved since it’s too muddy as to whether root cause is the HDD versus something else corrupting awvmm.sys (though I still wonder if the Avast ‘Repair’ may have introduced some older driver files).