won't boot; stops with aswrvrt.sys and then blue screen "unmountable volume"

Viruses and worms
1

UPDATE: FRST64.txt is attached

Hi,
sorry for that long mail below but I do feel that my problems are somehow related to my last activity with the system.

i do have a GA-X58-UD5 with 4 sata disks (4x 2TB) installed. 3 systems are installed in parallel each on a seperate 2TB disks (W7 Home x64, Vista x64 and W7 Ultimate x64). W7 Ultimate is my main system. Disks are setup for RAID in BIOS. Disk will be operated as single disks not as a RAID. System has been running fine for at least 2 years.
I now installed USB 3.0 card a week ago. runs fine.
On sunday I wanted to install 2 new 4TB disks but found out W7 home and W7 Ulti only saw 1.6 TB for each in diskmanagent console (BIOS showed 3.6TB for each disk).

so i updated the INTEL IRST driver first in my W7 x64 system. everything looked good. I transfered a couple of backupfile (ToDoBackup) with up to 50GB to new dsisk and all worked fine. Several restarts went fine.

I then upgraded INTEL IRST driver on W7 Ulti 64x. Did the same copy test. everything looked good. I did a couple of restart succesfully. but then “all of the sudden” another copy slowed down dramatically (1MB took more than an hour!).
I shutdown and it took very long. I restarted it took nearly an hour. everything was very slow. I did a shutdown. This took very long. The restart in secure mode stopped right after aswrvrt.sys.

I tried a boot of the W7 Home 64x. same thing; stopped right after aswrvt.sys and then blue screen “unmountable volume”.

Your help/advice is very much apprceciated. A 2nd PC (laptop) is availiable for any kind of assitng work.

Thx
Chris

2

sorry to bump… please can someone check my FRST64.txt file. That would be great! thanks a lot in advance!!!

best regards
Chris

3

Ok, because you have multiple systems, we’ll work one system by one…

FRST is attached for Windows 7 Home Premium, so make sure to remember it.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


LastRegBack: 2013-11-03 14:15

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

If this doesn’t help, go further and try another option. If it is working, do not go further.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


Restore point made on: 2013-11-04 12:16:14

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

If this doesn’t help, go further and try another option. If it is working, do not go further.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
C:\Windows\System32\Drivers\aswRvrt.sys

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

4

Great! Thanks much!
will work through your action plan and revert.
chris

5

here we go:

  1. )1st fix runs successfully → fixlog1.txt but windows restart gave a BSOD with a stop code 0x000000F4
    2.) 2nd fix runs successfully → fixlog2.txt; system startet successfully but BSOD after 20 Minutes with stop code 0x00009086

May I suggest to use this restote point, as this should be definately before i installed the 4TB drives and RAID drivers:
out of FRST64.txt: Restore point made on: 2013-11-03 13:19:08

thank you so much for your assistance!!
Chris

6

Give it a try :slight_smile:

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


Restore point made on: 2013-11-03 13:19:08

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

7

Hi,

I managed to reboot without (!) a new restore. I then changed the RAID Driver via device manager (received info from win_raid forum in regard to a different driver). system has been running stable for a couple of hours now.

should i use one of the virus detecting tools MBAM and/or OTL to verify any virus infection?

in regard to my W7Ultimate system would you suggest to use the recovery console to do a restore or is it better to do that by FRST64.exe and fixlist.txt?

you definately made my day!! one system seems to be back to normal!

thx
Chris

8

attached the FRST.txt for my W7 Ultimate partition

9

All right

Step 1.

You already know how this works

Copy the following in fixlist.txt

LastRegBack: 2013-10-31 09:45

Step 2.

Copy the following in fixlist.txt

Restore point made on: 2013-11-02 18:33:00

Try first step, then try to boot normally. Then try second step if the first fails. Let me know, what you did…

10

after 1st fix i could start w7ulti normally. i had to run checkdisk to fix multiple problems on my 4tb fix. i installed the other raid driver as for w7home.
now after a couple of hours the system still runs fine.

your support was outstanding! but i would feel better if we could check for viruses as well. could you assist here? i already checked the system disks with ct’ desinfect. nothing detected (execpt of a few nirsoft tools which was expected). appreciate your advice here.

again thx much!!

chris

11

No problem, we will check both systems…

Do this for both systems, and attach the logs…

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Then…

Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer );

Attach here Gmer logreports.

Then…

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

12

i start with W7Ultimate as I still have stability problems with W7Home. as this is just a backup windows i tend to install a partition backup

W7Ulti:
attached are:

  • adwcleaner log
  • GMER log
  • FRST64 hangs the 2nd time with searching for “getting restore points” for more than 30 minutes now. any idea why? in case i get a log-file i will send it in addition.

GMER asked for a deep scan and higlighted some avast files in red. but as requested by you i selected NO.

cheers
chris

13

and now the two FRST files attached

14

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

15

TDS is attached

16

No signs of malware on this one…but let’s try another tool

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.
  1. Temporarily disable your AntiVirus program.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.
17

Sorry man, i’ll be out of town for a few days. Will drop you a mail when back.
Thank you so much!

Chris

18

Post here, I’ll know faster than mail :slight_smile: