Author Topic: BSOD due to aswmonflt.sys (Read 11130 times)

qwertt0000 · « **on:** November 17, 2013, 03:18:26 AM »

I got BSOD on my father's laptop due to aswmonflt.sys. It only boots into safe mode, and it's on Win 7. I'll go back to my home town today (Sunday; father lives abroad), and if I can't get it fixed today no one we know will be able to do it until Christmas. I'm therefore hoping someone on here will be able to help...

My schedule:

10 AM (today, Sunday), UK time: Electronics store opens; will buy USB stick, put Farbar Recovery Scan Tool on it, produce FRST.txt log file using system recovery, and post its contents here. Hopefully someone will be able to make the necessary script and tell me how to use it. From what I can understand that script is fixlist.txt and it will produce a log file called fixlog.txt, which should make the computer run normally.

Approx. 3 PM, UK time: Need to go the airport.

Hopefully this will be fixed before this time...

Will post again when I've got FRST.txt.

Thanks in advance for your help!

qwertt0000 · « **Reply #1 on:** November 17, 2013, 12:13:04 PM »

==================== One Month Modified Files and Folders =======

2013-11-17 02:42 - 2009-08-04 02:58 - 00637168 _____ C:\Windows\System32\perfh01D.dat
2013-11-17 02:42 - 2009-08-04 02:58 - 00127662 _____ C:\Windows\System32\perfc01D.dat
2013-11-17 02:42 - 2009-07-13 21:13 - 01497434 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-17 02:36 - 2013-11-17 02:36 - 00279376 _____ C:\Windows\Minidump\111713-21481-01.dmp
2013-11-17 02:36 - 2013-11-16 09:52 - 00000000 ____D C:\Windows\Minidump
2013-11-17 02:36 - 2013-11-16 09:50 - 322526776 _____ C:\Windows\MEMORY.DMP
2013-11-16 14:10 - 2011-07-29 11:19 - 00000000 ____D C:\Users\Butik\AppData\Roaming\Skype
2013-11-16 13:53 - 2009-07-13 20:51 - 00070417 _____ C:\Windows\setupact.log
2013-11-16 13:10 - 2013-11-16 13:10 - 00276372 _____ C:\Users\Butik\Downloads\ASKRemover.zip
2013-11-16 11:47 - 2013-11-16 11:47 - 00000000 ____D C:\FRST
2013-11-16 10:39 - 2013-11-16 10:39 - 00279376 _____ C:\Windows\Minidump\111613-22089-01.dmp
2013-11-16 10:06 - 2013-11-16 10:05 - 00279376 _____ C:\Windows\Minidump\111613-36753-01.dmp
2013-11-16 10:05 - 2011-04-03 11:35 - 00448730 _____ C:\Windows\PFRO.log
2013-11-16 10:04 - 2013-11-16 10:04 - 00000000 _____ C:\Windows\Minidump\111613-38532-01.dmp
2013-11-16 09:57 - 2013-11-16 09:57 - 00000000 _____ C:\Windows\Minidump\111613-38189-01.dmp
2013-11-16 09:56 - 2013-11-16 09:56 - 00000000 _____ C:\Windows\Minidump\111613-38703-01.dmp
2013-11-16 09:55 - 2013-11-16 09:55 - 00000000 _____ C:\Windows\Minidump\111613-39203-01.dmp
2013-11-16 09:52 - 2013-11-16 09:52 - 00279376 _____ C:\Windows\Minidump\111613-39499-01.dmp
2013-11-16 09:49 - 2013-11-16 09:49 - 01032416 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00409832 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-11-16 09:49 - 2013-11-16 09:49 - 00205320 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00092544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00084328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00065776 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00065264 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-16 09:49 - 2013-11-16 09:49 - 00038984 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-11-16 09:49 - 2013-11-16 09:49 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-16 09:47 - 2013-11-16 09:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-16 09:47 - 2013-11-16 09:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-16 09:35 - 2013-11-16 12:31 - 00024862 _____ C:\Users\Butik\Documents\CV%20template.doc_0.odt
2013-11-16 09:35 - 2011-01-12 14:30 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 09:27 - 2011-07-05 07:29 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604382481-1575472589-2175831199-1000UA.job
2013-11-16 09:05 - 2013-11-12 09:00 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2604382481-1575472589-2175831199-1000UA.job
2013-11-16 09:05 - 2013-11-12 09:00 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2604382481-1575472589-2175831199-1000Core.job
2013-11-16 07:17 - 2013-11-16 07:13 - 00000000 ____D C:\Program Files (x86)\qualitink
2013-11-16 07:13 - 2013-11-16 07:13 - 00004356 _____ C:\Windows\System32\Tasks\HDvid Codec V6.0-updater
2013-11-16 07:13 - 2013-11-16 07:13 - 00001946 _____ C:\Windows\Tasks\HDvid Codec V6.0-chromeinstaller.job
2013-11-16 07:13 - 2013-11-16 07:13 - 00001326 _____ C:\Windows\Tasks\HDvid Codec V6.0-updater.job
2013-11-16 07:12 - 2013-11-16 07:12 - 00000794 _____ C:\Users\Butik\Desktop\HDPlayer.lnk
2013-11-16 07:10 - 2013-11-16 07:10 - 00004374 _____ C:\Windows\System32\Tasks\FreeHDSport TV V6.0-updater
2013-11-16 07:10 - 2013-11-16 07:10 - 00001970 _____ C:\Windows\Tasks\FreeHDSport TV V6.0-chromeinstaller.job
2013-11-16 07:10 - 2013-11-16 07:10 - 00001344 _____ C:\Windows\Tasks\FreeHDSport TV V6.0-updater.job
2013-11-16 07:10 - 2013-11-16 07:10 - 00000000 ____D C:\Users\Butik\AppData\Local\VNT
2013-11-16 07:10 - 2013-11-16 07:10 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-16 07:10 - 2013-11-16 07:10 - 00000000 ____D C:\ProgramData\APN
2013-11-16 07:10 - 2013-11-16 07:10 - 00000000 ____D C:\Program Files (x86)\VNT
2013-11-16 07:08 - 2013-11-16 07:08 - 00000846 _____ C:\Users\Butik\Desktop\NeoliveApp.lnk
2013-11-16 05:35 - 2011-01-12 14:30 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 03:45 - 2011-04-03 11:49 - 01155449 _____ C:\Windows\WindowsUpdate.log
2013-11-16 03:23 - 2013-11-16 03:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-16 03:23 - 2013-11-16 03:22 - 00004864 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-16 03:23 - 2013-07-28 09:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-16 03:19 - 2013-11-16 03:19 - 00915368 _____ (Oracle Corporation) C:\Users\Butik\Downloads\chromeinstall-7u45.exe
2013-11-16 03:15 - 2011-07-05 07:29 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604382481-1575472589-2175831199-1000Core.job
2013-11-14 13:30 - 2011-07-05 07:29 - 00002328 _____ C:\Users\Butik\Desktop\Google Chrome.lnk
2013-11-14 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 08:06 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 08:06 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 08:01 - 2012-05-06 10:41 - 00000000 ____D C:\Users\Butik\AppData\Roaming\Dropbox
2013-11-14 07:58 - 2012-05-06 10:47 - 00000000 ___RD C:\Users\Butik\Dropbox
2013-11-14 07:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 03:05 - 2011-04-03 11:56 - 00002146 _____ C:\Windows\System32\AutoRunFilter.ini
2013-11-13 03:07 - 2013-08-21 23:11 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 03:07 - 2013-07-04 02:43 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-12 09:16 - 2013-04-15 22:30 - 00000000 ____D C:\Users\Butik\AppData\Roaming\TeamViewer
2013-11-12 09:01 - 2013-11-12 09:00 - 00000000 ____D C:\Users\Butik\AppData\Local\Facebook
2013-11-12 09:00 - 2013-11-12 09:00 - 00501248 _____ (Facebook Inc.) C:\Users\Butik\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2013-11-12 09:00 - 2013-11-12 09:00 - 00003904 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2604382481-1575472589-2175831199-1000UA
2013-11-12 09:00 - 2013-11-12 09:00 - 00003536 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2604382481-1575472589-2175831199-1000Core
2013-10-22 00:58 - 2011-07-29 11:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-22 00:58 - 2011-07-29 11:19 - 00000000 ____D C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Butik\AppData\Local\Temp\APNStub.exe
C:\Users\Butik\AppData\Local\Temp\IMsetup.exe
C:\Users\Butik\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Butik\AppData\Local\Temp\MSNF920.exe
C:\Users\Butik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Butik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Butik\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Butik\AppData\Local\Temp\xmlUpdater.exe

qwertt0000 · « **Reply #2 on:** November 17, 2013, 12:14:24 PM »

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

13
Restore point made on: 2013-10-18 01:02:38
Restore point made on: 2013-10-20 09:36:08
Restore point made on: 2013-10-22 13:34:44
Restore point made on: 2013-10-27 10:51:55
Restore point made on: 2013-10-29 08:33:38
Restore point made on: 2013-11-03 01:51:14
Restore point made on: 2013-11-03 11:12:03
Restore point made on: 2013-11-08 08:27:42
Restore point made on: 2013-11-09 09:52:52
Restore point made on: 2013-11-10 10:00:38
Restore point made on: 2013-11-13 03:07:29
Restore point made on: 2013-11-16 03:22:01
Restore point made on: 2013-11-16 09:47:51

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3884.54 MB
Available physical RAM: 3303.87 MB
Total Pagefile: 3882.69 MB
Available Pagefile: 3304.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:197.55 GB) (Free:105.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:243.21 GB) (Free:10.69 GB) NTFS
Drive f: (STORE N GO) (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 466 GB) (Disk ID: B33D55E5)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=198 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=243 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: D7D20E3E)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

LastRegBack: 2013-11-10 04:37

==================== End Of Log ============================

qwertt0000 · « **Reply #3 on:** November 17, 2013, 12:18:17 PM »

There's my log. As far as I know I need a file called fixlist.txt (made by one of you) and I make another log called Fixlog.txt by running FRST again.

Your help would be much appreciated, especially as my time frame is quite limited.

essexboy · « **Reply #4 on:** November 17, 2013, 01:19:22 PM »

Could you attach the FRST log please as a few bits are missing

qwertt0000 · « **Reply #5 on:** November 17, 2013, 01:34:15 PM »

Here it is.

Thanks for your help!

essexboy · « **Reply #6 on:** November 17, 2013, 01:45:14 PM »

OK it is not malware related so we are probably looking at a corrupt driver or a conflict

Initially I will remove the start entries for both Avast and comodo and see if that helps (they will both need to be repaired on completion )

Download the attached fixlist.txt to the same USB as FRST
Run FRST as before and press fix
On completion reboot to normal mode

Let me know the result please

qwertt0000 · « **Reply #7 on:** November 17, 2013, 02:13:38 PM »

It now boots normally. Thanks a lot! However, the PC does not have WiFi (but my phone does on the same network)...

essexboy · « **Reply #8 on:** November 17, 2013, 02:15:57 PM »

OK you will need to repair Avast and if you have no net connection you will need to download and run the set up package for it, I should imagine it will be the same for Comodo

qwertt0000 · « **Reply #9 on:** November 17, 2013, 02:23:11 PM »

But how can I fix the internet connection? Do I need to repair Avast and Comodo first?

Thanks!

essexboy · « **Reply #10 on:** November 17, 2013, 02:24:29 PM »

Ah I misread that .. What error do you get when you try to connect to the net ?

qwertt0000 · « **Reply #11 on:** November 17, 2013, 02:32:49 PM »

Limited connectivity.

essexboy · « **Reply #12 on:** November 17, 2013, 02:34:15 PM »

Have you tried the option Troubleshoot problems from the right click menu on the network icon

qwertt0000 · « **Reply #13 on:** November 17, 2013, 02:40:01 PM »

Troubleshoot says there's a problem with the wired network, but this network is not wired. I still have limited connectivity.

essexboy · « **Reply #14 on:** November 17, 2013, 03:23:30 PM »

Could you go to control panel > Device manager
Then look for any network devices with a yellow exclamation mark

If there are then uninstall them (by right click)
Then reboot

Author Topic: BSOD due to aswmonflt.sys (Read 11130 times)

qwertt0000

BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

essexboy

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

essexboy

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

essexboy

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

essexboy

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

essexboy

Re: BSOD due to aswmonflt.sys

qwertt0000

Re: BSOD due to aswmonflt.sys

essexboy

Re: BSOD due to aswmonflt.sys