Author Topic: Can't boot Windows 7 - aswVmm.sys is missing or corrupted - help please!  (Read 16799 times)

0 Members and 2 Guests are viewing this topic.

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Hello All,

I have a problem that others also seem to have experienced recently: Windows 7 won't boot (in any mode) because the aswVmm.sys file is either missing or corrupted.

System recovery doesn't work, Samsung Recovery doesn't work, I can't use a Windows system repair disk as I don't have a cd or dvd drive...  I'm a little stuck!

I have already copied all data I wanted to keep from the hard drive, so I'm prepared to sacrifice everything else (but I would like to keep certain programs - Word, Excel, etc).

Can anyone help please?  Thanks!  I noticed that Essexboy suggested something in a previous post; would that work for me?

For info, I was using a relatively recent free version of Avast (installed in May or June I think).

Jakefred

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Yes as I can delete the driver key for that file.  Is it a 32 or 64 bit system ?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Quote
System recovery doesn't work, Samsung Recovery doesn't work.... I can't use a Windows system repair disk as I don't have a cd or dvd drive.
Ok, so you can't boot and have no cd/dvd drive.
How do you know a system recovery won't work?
Without booting (either from hd/dvd/cd/floppy) you can't even tell.

Samsung recovery?
That means there is a "special partition" on the hd that has a image of the file system as it was when you bought the system.
If that doesn't work, it is a strong indication that there is a hardware problem.

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Thanks for your replies.

Essexboy - thanks!  As it's Windows 7 Starter, I think it must be 32-bit.  Is there any way to check?

Eddy - sorry, probably used the wrong terminology...  I have tried startup repair and system restore, neither of which work.  As for Samsung Recovery, I can conduct a Basic Restore (but still can't boot).  When I try the Complete Recovery, it says I can return to the computer initial status (as at October 2010), but when I click "next" I'm told that the Windows partition can't be found (in French: "lecteur ou partition Windows introuvable").
Might be a hardware problem, but did a Windows Memory Diagnostic, which didn't report any problems.  Do you know whether I can try a system recovery from a USB stick and whether it stands a chance of succeeding?  Thanks.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
I will give 32 and 64 bit links just in case :)

Download the following three programmes to your desktop :
 
 
1.  Rufus 
 
For 64bit systems  
2.  Windows Vista 64bit RC
3.  Farbar Recovery Scan Tool x64 
 
For 32bit systems
2.  Windows Vista RC
3.  Farbar Recovery Scan Tool  
 
 
Insert the USB stick Then run Rufus
 
Select the ISO file on the desktop via the ISO icon. 
 
Press Start Burn

Then copy FRST to the same USB   
 
   
 
 
 
Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB 
Note: If you are not sure how to do that follow the instructions Here
 
 
When you reboot you will  see this.
 Click repair my computer  
 
 
Select your operating system  
 
Select Command prompt 

 
At the command prompt type the following  :
 
notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad. 
In the command window type e:\frst64.exe and press Enter 
Note: Replace letter e with the drive letter of your flash drive. 
The tool will start to run. 
When the tool opens click Yes to disclaimer. 

Press Scan button. 
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Great, thanks!  Just wanted to check that you sent the right link - Windows Vista RC, and not Windows 7?  Thanks again.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
My apologies a blonde moment I read that as Vista Duh

For 64bit systems  
2.  Windows 8 64bit RC
2.  Windows Vista 64bit RC
2.  Windows 7 64bit RC
3.  Farbar Recovery Scan Tool x64 
 
For 32bit systems
2.  Windows Vista RC
2.  Windows 7 RC
3.  Farbar Recovery Scan Tool  

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Hi,

Thanks a lot; nothing blonde about what you've said so far.  Quite the opposite!

Here's the frst report (but no sign of an addition.txt report...  Is that a problem?).  Text below and file attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by SYSTEM on 30-07-2013 23:49:21
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [1891720 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE

HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat

HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKU\Tiph\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)

========================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-17] (Lavasoft Limited)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-19] (GFI Software)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [6602 2013-06-27] ()
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109056 2010-03-31] (ELAN Microelectronics Corp.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-04-10] (GFI Software)
S1 RapportCerberus_55550; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_55550.sys [330960 2013-06-17] ()
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-06-19] (Trusteer Ltd.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [56464 2013-06-17] (Trusteer Ltd.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222192 2013-06-19] (Trusteer Ltd.)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-08-04] (Windows (R) 2003 DDK 3790 provider)
S1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-27] (SAMSUNG ELECTRONICS)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys

S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 21:05 - 2009-11-19 11:15 - 02824704 _____ (Askey Computer Corporation.) C:\Windows\System32\AInst3141.exe
2

==================== One Month Modified Files and Folders =======

2013-07-04 01:54 - 2010-10-17 11:50 - 00000000 ____D C:\users\Tiph
2013-07-01 21:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\com
2013-07-01 21:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\IME
2013-07-01 16:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-07-01 16:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 1013.3 MB
Available physical RAM: 637.49 MB
Total Pagefile: 1013.3 MB
Available Pagefile: 637.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:85 GB) (Free:6.64 GB) NTFS
Drive d: () (Fixed) (Total:125.78 GB) (Free:11.78 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:20 GB) (Free:6.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (ReatogoPE) (Removable) (Total:0.49 GB) (Free:0.32 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.08 GB) (Free:0.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: E472D3C2)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=84 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=85 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=128 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 502 MB) (Disk ID: 003C4754)
Partition 1: (Active) - (Size=501 MB) - (Type=07 NTFS)


LastRegBack: 2013-06-24 00:34

==================== End Of Log ============================

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
You appear to be running AdAware antivirus as well, this will totally disable Avast so it will need to be repaired/reinstalled afterwards
There are also several ad type programmes on the computer

Download the attached fixlist.txt to the same USB as FRST
Run FRST as before and press FIX

Reboot to normal windows. 

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Essexboy, you're a star!  Thanks a million.  I'm writing this reply from my newly-repaired computer...  Long may it last.  Thanks again for your help and your time.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
OK could you run Adwcleaner to remove the adware I noticed


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Re: Can't boot Windows 7 - aswVmm.sys is missing or corrupted - help please!
« Reply #11 on: August 01, 2013, 09:31:00 AM »
Ok, here's the log.  Thanks for your continued assistance!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Can't boot Windows 7 - aswVmm.sys is missing or corrupted - help please!
« Reply #12 on: August 01, 2013, 03:18:38 PM »
How is the computer behaving now ? Is Avast functional ?

Offline jakefred

  • Newbie
  • *
  • Posts: 8
Re: Can't boot Windows 7 - aswVmm.sys is missing or corrupted - help please!
« Reply #13 on: August 02, 2013, 04:32:35 PM »
For now, everything's running pretty smoothly.  I uninstalled both Lavasoft and Avast, but am not sure I want to reinstall them after the problems I've just had!  I don't imagine you can recommend any alternatives, but if you can, I'd be happy to follow your advice.  Thanks again for all your help. 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Can't boot Windows 7 - aswVmm.sys is missing or corrupted - help please!
« Reply #14 on: August 02, 2013, 04:53:32 PM »
As the file was corrupted then mayhap a fresh install of Avast would work