Unable to boot - black screen with unmovable cursor

Hello and thank you for you time.

Every time I try to start my computer whether it be normally or in safe mode, it gets to a black screen with an unmovable cursor and hangs. When I start in safe mode, the last driver it successfully loads is aswRvrt.sys before it presents me with the black screen. I have attempted to run the FRST tool from the Reatogo desktop per the instructions in the sticky thread, but when I booted from the Reatogo dvd it presented me with a blue screen and so I could not run FRST. The STOP code for the blue screen was 0x0000007B (0x78DA528,0x00000034,0x00000000,0x00000000).

Thank you for any help and guidance you can provide.

Hi,

... but when I booted from the Reatogo dvd it presented me with a blue screen ...

This indicate that BSOD (blue screen) is hardware related. When you boot via reatogo CD, Hard Disk and system where not active and therefore the system can’t cause BSOD.

BSOD only occurs for two reasons:

  • driver in kernel mode (in theory here can include rootkits too in kernel but I have not seen bad written rootkit that was caused the BSOD)
  • hardware (one of hardware components doesn’t work properly)
0x0000007B (0x78DA528,0x00000034,0x00000000,0x00000000)

This is the error code that Windows was generated in his minidump folder.

Try to enter in BIOS.

Try to fix this problem when you get into BIOS, find the SATA Menu and change in to Legacy mode (or ATA mode) or just disable AHCI. (in AHCI menu).

PS: Tell me, your system is Windows XP, Vista, 7 / 8 ?

Thank you for your suggestion. I disabled AHCI mode and was able to get to Reatogo and run FRST. I have attached the text output to the reply. Also the computer runs Windows 7 64-bit.

Are you able to boot into normal mode?

No, it still hangs on the black screen just as it did before when I start windows.

Ok, let me know will this fix your problem.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[
] Copy/Paste the contents of the code box below into Notepad.


START
CMD: bootrec /FixMbr
CMD: bootrec /fixBoot 
END

OR download fixlist.txt attached in this reply.

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

I ran FRST with the fixlist.txt you attached and have attached the output log.

FRSTScript is not executed properly, I see where the problem is but we will solve this later.

We will re-run FRSTScript but we’ll use another script.
You need to re-create fixlist.txt or you may again download fixlist.txt attached in this reply, re-run FRST as you did before and press Fix button once and wait.

This is script:

START
HKU\kc\...\RunOnce: [Uninstall C:\Users\kc\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe [ 2010-11-20] (Microsoft Corporation)
HKU\kc\...\RunOnce: [Uninstall C:\Users\kc\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] - C:\Windows\system32\cmd.exe [ 2010-11-20] (Microsoft Corporation)
LastRegBack: 2013-09-01 11:24
END

Upon execution of the new FRST script , post fresh created fixlog.txt report and try to boot Windows in normal mode.

Here is the new fixlog. Restarting windows normally produced the same black screen as before.

Ok, we will now use only your flashdrive ( USB ) and fresh FRST. We won’t use reatogo for now.

Delete old FRST, and all the logs and scripts created by and for old FRST.

Please download fresh Farbar Recovery Scan Tool x64 and save it to a flash drive.

[*]Plug the flashdrive into the infected PC.
[*]Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
[*]Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

[*] In the command window type in notepad and press Enter.
[*] When notepad opens, click File and select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run. When the tool opens click Yes to disclaimer.
[*]Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

Here is the new log after running FRST64.

Ok-et, this is our strategy:

  1. first we will try to fix boot process via some commands
    if that fails …

  2. we will kill and delete avast on force to see will this fix boot problem.

Step#1

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[
] Copy/Paste the contents of the code box below into Notepad.


cmd: bootrec /FixMbr
cmd: bootrec /fixBoot 

OR download fixlist.txt attached in this reply.

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Here is the log after running FRST with your fixlist file.

That’s what I was looking for. Step1 looking good. :slight_smile:

Can you tell me some good news or we need to proceed with Step2 killing avast? Are you able to boot normaly?

Unfortunately no good news; on reboot I got the same black screen.

Hm … Ok.

Step#2

We will kill avast in core and all it’s related files ( like forse uninstall ) to see will this do the trick. I will also delete all temp files manually.

This is script code for fresh fixlist.txt, also you may find it in attachment:

START
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
C:\Windows\System32\Tasks\avast! Emergency Update
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
C:\Program Files\AVAST Software
C:\Users\kc\AppData\Local\Temp\*.*
C:\Users\kc\AppData\Local\Temp\~WindowsHomeServerConnector~
C:\Users\kc\AppData\Local\Temp\{92748AFA-78DB-4AE6-BEF6-605B162DF93C}
C:\Users\kc\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1
C:\Users\kc\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0
C:\Users\kc\AppData\Local\Temp\_MEI57722
C:\Users\kc\AppData\Local\Temp\_MEI37842
C:\Users\kc\AppData\Local\Temp\_MEI10322
C:\Users\kc\AppData\Local\Temp\tmpz5q9ys
C:\Users\kc\AppData\Local\Temp\Temp1_USB3_AsMedia_Win7_64_Z11480.zip
C:\Users\kc\AppData\Local\Temp\Temp1_Adobe_Creative_Cloud_Cleaner_Tool.zip
C:\Users\kc\AppData\Local\Temp\QBInstallDiagnosticTool
C:\Users\kc\AppData\Local\Temp\CRX_DF399A9B283A
END

Run it as you did before ( press Fix button ) and post here fresh created fixlog.txt

Here is the new fixlog. Unfortunately the problem persists when I restart the computer normally. Now when I try to boot to safe mode, it hangs on CLASSPNP.sys.

That’s it. All I could do with a FRST I did. FRST has been proved what I wrote at the beginning in this topic. Software (Windows or MalWare) is moust likely not the cause of your problem.

Let’s test your HDD.

Download MHDD utility from here:
MHDD download link

Unpack and burn as ISO …
Add and boot MHDD from disk ( in the same way as Live CD )

[*] When you load the file select option 1
[*] When the menu appears, select the disk that you’ll scan

Type in:

scan

…and hit enter

[*]In the next menu, click F4
[*]It will begin HDD scanning, let him to finish scan.

If there is more than 3 inputs in the district UNC X then your hard disk is damaged.

I burned the ISO and followed your instructions. After the scan finished, there were no entries in the X UNC field.

That was good news. If your HDD is UNC free that means your disk doesn’t have any physical damage ( known as bad sectors ).

You still have reatogo? Are you able to boot from reatogo CD and to normaly operate thru partitions drives? If so, you may backup all important data from one partitions to onother and proceed with full-u reinstallation of your system.

You don’t have any system restore point, we have been try to reset your master boot record and boot process, we have been restored valid backup hives from system state before problem, I’ve kill avast on force …

Unfortunately, nothing helped. I do not see the cause of the problem and what I can’t see I can’t fix. :frowning: