Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Noobienoob on November 19, 2013, 09:03:34 PM

Title: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 19, 2013, 09:03:34 PM
I'm hoping someone here can help me. I'm a complete noob, so please forgive me if I don't use the right techie language here.  :-[
I have a Sony Vaio desktop with windows 7 64 ( I think ) bit home premium on it.
I was experiencing some annoying popup thingies on the bottom of my screen whenever I was on the web, and Avast (free) wasn't detecting anything, and nothing got rid of it.
So like a complete moron ( ugh ) I ran something I found, called Hitman Pro. It found some adware/cookies and deleted them but it also detected 3 things it listed as "suspicious".  I chose to quarantine them and it needed a reboot to complete. Before rebooting, I copied that log to my desktop, just in case.
When I restarted my PC it said unable to start windows, etc. 
I tried last known configuration ( no good ), system restore ( can't do it, but then it's never functioned ), and of course, I don't have a recovery disk.
I can't get into safe mode either.
Windows repair just keeps endlessly looping, and asking to reboot.
I can get to the command prompt...
From there I was able to see the directory of my desktop and get to that log hitmanpro made.
The two files that it seems the 'hitman' apparently "took out"  (bad pun) are: aswRvrt.sys and aswVmm.sys  - which, upon googling, led me here.

Please please please help me......
I'm a digital artist, and while I regularly back up my work, I can't even begin to tell you what I'd lose if I had to wipe this baby....
I'd be grateful beyond words. And again, my apologies if I sound like a complete moron.  :-[

PS : I don't know if it helps but the dvd drive is working. I was able to see the contents of a dvd I put in, at the F prompt. So I can burn a disk on a borrowed laptop if need be.
( I'm currently at D:\Windows\System32\drivers>  thinking maybe I just need to replace those two files? Please don't laugh if that's ridiculous...I'm desperate...  :-[ :-[
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 19, 2013, 09:43:52 PM
So you have access to the command prompt ?

Download   Farbar Recovery Scan Tool x64 (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)  to a USB


Insert the USB in the sick computer

At the command prompt type the following  :
 
notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad. 
In the command window type e:\frst64.exe and press Enter 
Note: Replace letter e with the drive letter of your flash drive. 
The tool will start to run. 
When the tool opens click Yes to disclaimer. 
(https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif)
Press Scan button. 
It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 19, 2013, 10:03:55 PM
Essexboy! Yay!!!! I got the rockstar!!!! LOL ;D

Okay...hang on. As I said, I'm a complete noob.
I'm saving the frbr.exe to the usb? Right?
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 19, 2013, 10:07:31 PM
Yup save FRST to the USB ..  Insert the USB in the sick computer and then follow the command prompt instructions
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 19, 2013, 10:26:22 PM
Having trouble finding the USB...
There's (E:)  823 MB free of 9.93 GB
(F:) - my cd/dvd drive
(G:) empty
and
Boot (X:) 30.8 MB free of 33.3 MB

I picked E: as most likely ( ? ) and it's at E:\>
but when I put in E:\frst.exe it says "its not recognized as an internal command, etc... "
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 19, 2013, 10:31:04 PM
It needs to be FRST64.exe try that
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 19, 2013, 10:40:02 PM
I typed at E:\>
   FRST64.exe
and also
   E:\FRST64.exe

both say not recognized as an int. or ext. command, operable program etc.
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 19, 2013, 11:03:55 PM
It was on (G).... :-[
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 19, 2013, 11:18:51 PM
This will damage Avast so we will need to do a clean install on completion

Download the attached fixlist.txt to the same USB as FRST
Run FRST as before and press Fix
On completion reboot to normal windows


Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 19, 2013, 11:40:23 PM
Windows Error Recovery
Windows failed to start. A recent...

Launch Startup repair
Start windows normally

Pressed that and got a black screen that just said Hitman Pro for a few seconds...

Now I'm at my normal desktop ( OMG! YAY!!!! ) with a message saying system restore did not complete successfully etc. which I closed.
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 20, 2013, 02:57:23 PM
Good, I saw some adware there when I looked at FRST and If you wish I can clear that as well
Also could you repair Avast to ensure that it is now fully functional
Plus I would recommend you uninstall Hitmanpro :)

 Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
THEN

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)
(https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif)

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 20, 2013, 06:50:05 PM
 I certainly do want your help with it! Thank you!
Okay... I'll remove/reinstall Avast and then try to remove Hitman ( although I've recently seen quite a few posts online from people who seem to have difficulty with that...)
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 20, 2013, 07:19:18 PM
Not a programme I would recommend as it does seem to brick a few systems
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 20, 2013, 07:25:21 PM
Junkware Removal Log :






~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Marlene\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\Marlene\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Marlene\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Marlene\appdata\local\thinstall"



~~~ FireFox

Emptied folder: C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\7gcbibsj.default-1345488266755\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/20/2013 at 13:21:56.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 20, 2013, 07:33:17 PM
Under "Extra Registry " your screencap has the "none" box ticked. Should I tick that, too? ( It opened with "use safe list". )
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 20, 2013, 07:37:08 PM
No just leave the tick boxes as when it opens just adding the LOP, Purity and all users ones :)
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 20, 2013, 08:09:36 PM
Duh... you did say not to change any settings...  ::)
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 20, 2013, 08:30:33 PM
Looks like your only problem was adware, if you get that again then come here and we will remove it safely :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
DRV - [2011/04/01 02:22:04 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
IE - HKU\S-1-5-21-151721948-3701362946-3784329648-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
[2012/10/15 18:09:37 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\4kp0ws3w.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/15 18:09:37 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7gcbibsj.default-1345488266755\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
[2013/11/20 13:00:28 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/11/19 17:35:54 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2012/10/15 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Ad-Aware Antivirus
[2012/10/12 18:16:31 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job

:Files
C:\Program Files (x86)\Lavasoft

:Commands
[resethosts]
[emptytemp]
[Reboot]
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 20, 2013, 10:55:42 PM
Okay here's the result of the quick scan...
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 20, 2013, 11:27:31 PM
Is the computer behaving itself now ?
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 21, 2013, 12:46:26 AM
Purring like a kitten!!!  ( insert smiley doing a happy dance )

I would've been happy with just having windows and scrambling to save whatever I could... but fully functional AND no annoying pop-ups???

All I can say is, dude, you're awesome. I knew if anybody could help me it'd be you, after I saw you help so many others. But I never, ever thought it would be to this extent. Not by a long shot.

Thank you! Thank you! Thank you!!!!!!  :)
( Shhh let me gush, lol. )

Seriously, you're the greatest. I'm beyond ecstatic. You have no idea(!) the weeks you've saved me....
( I'd offer you my first born, but trust me, you don't want her. She can be a real pain, haha. )
But hey, if you ever need anything... a logo or avatar or banner or something, I'm your girl.  ;D

And if I can ask you one more thing... I see Ad-aware and Ad-aware Browsing Protection in my program files. I noticed a lot of the things that were removed said "adaware" etc.  Should I remove them?  And do I need to keep Google chrome and the software updater thingy ( because tbh it's kind of annoying lol. )
But if you say keep, I keep.  ;)

Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 21, 2013, 03:34:51 PM
Thankee for the kind words :)

Reference Ad-Aware, remove that as it will conflict with Avast ..  I just removed the conflicting parts.  Personally I dislike Chrome (and Firefox come to that )  but, the option is yours as to whether or not you keep it..

For the software updater you can remove that from Avast by doing the following :

Go to Control Panel > Programs and Features
Select Avast
On the dialogue that appears select Change and click Continue
(https://dl.dropboxusercontent.com/u/73555776/avast1.JPG)

Then remove the tick from Software Updater
(https://dl.dropboxusercontent.com/u/73555776/avast2.JPG)

Select Continue and then reboot when told :)

If you are now happy let me know and I will remove my rubbish that you downloaded
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 21, 2013, 08:38:14 PM
 :)  :)  :)  :)  :)  :)  :)  :)  :)

Happier than I ever expected to be!

Thanks again, Essexboy. You're the greatest.
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 21, 2013, 09:00:46 PM
In that case methinks I will send you on your merry way :)

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)

Malwarebytes (http://www.malwarebytes.org/mbam-download.php).

Update and run weekly to keep your system clean

Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe  :wave:
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 21, 2013, 10:37:34 PM
Okay... I ran OTL and it removed itself but not JRT...( It's still on my desktop )

Re: Java -  I never update or do anything Java-related when I'm notified, just because I had a bad experience with that years ago ( doing an update, that is. ) I didn't know there were actually good reasons for doing that, though. But the truth is, I don't know if I use anything that requires it. The most important softwares I use are Photoshop CS5 and itunes... So I googled and I see there may be some issues? Although what I'm reading is very, very confusing and waaaaaaay over my tiny wee pea-brained head. :-((

So I guess I'll disable it and see what happens. ;-) Thanks for the heads-up regarding this!

I already regularly use Malwarebytes to scan things etc., but I'll install the others. Thanks for that, too
....and the homework/reading material. :-D
Hopefully they will be more intelligible to me than the stuff I'm seeing re: Apple/Adobe/Java , lol.

And once more...Thanks again!  :-) :-) :-)
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 21, 2013, 10:40:00 PM
Just delete JRT from the desktop :)

Any further questions then just shout

Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: Noobienoob on November 22, 2013, 02:26:45 AM
I feel like I'm being such a pain, and you've already helped me so much... :-/

But I take your advice very seriously and want to do exactly what you recommend... so...

Re: CryptoPrevent - There's 2 versions on that page. The 1st is portable ( Cryptoprevent.zip ) and the 2nd is with an installer ( CryptoPrevent Installer.exe ). I did the first one and pressed "apply". Did I pick the correct one?
Is this a one-time thing or do I need to periodically check for updates etc.? 

Re: FileHippo - Downloaded and installed it and nothing happens when I click the desktop shortcut. An hour glass flashes for maybe a nanosecond. Is that what it's supposed to do?

Thanks again! ( embarrassed smiley )
Title: Re: Windows 7 won't boot - Please help! re: aswRvrt.sys and aswVmm.sys
Post by: essexboy on November 22, 2013, 02:45:58 PM
For the crypto prevent then either is ok as one is zipped and you need to unzip it run.  Whereas the other is in an easy installer package.  Check for updates every few months and that should be OK 

I will check out Filehippo ... Back later :)