« previous next »
Pages: [1]   Go Down

Author Topic: Windows 7 hangs on startup and safe mode  (Read 3579 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Windows 7 hangs on startup and safe mode
« on: July 16, 2015, 04:24:02 PM »
If I try to boot into Windows normally, it gets to the "Starting Windows" screen and hangs. If I attempt Safe Mode, it hangs when attempting to load the aswRvrt.sys. Downloaded farbar recovery scan tool x64 like was detailed in another thread. Here are the results:

Quote
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by SYSTEM on MININT-KDNTFMQ on 16-07-2015 09:11:34
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)
HKU\dougc\...\Run: [Starfield Updater] => C:\Users\dougc\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-09-29] (Starfield Technologies)
HKU\dougc\...\Run: [wben] => C:\Users\dougc\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\dougc\...\Run: [Workspace Status] => C:\Users\dougc\AppData\Local\Workspace\WorkspaceStatus.exe [694760 2014-09-29] (Starfield Technologies)
Startup: C:\Users\doug.BAREFOOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2015-02-10]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2014-05-21]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-29] (Avast Software)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-09] (Microsoft Corporation)
S2 tcsd_win32.exe; "C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()
S0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [406784 2014-04-09] (Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-25] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-28] (Realtek Semiconductor Corp.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-29] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 09:11 - 2015-07-16 09:11 - 00000000 ____D C:\FRST
2015-07-15 06:07 - 2015-07-15 06:08 - 00000000 ____D C:\Users\doug.BAREFOOT\AppData\OICE_15_974FA576_32C1D314_38AA
2015-07-15 06:07 - 2015-07-15 06:07 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (4).xlsx
2015-07-15 05:22 - 2015-07-15 05:22 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (3).xlsx
2015-07-14 05:38 - 2015-07-14 05:38 - 00001157 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-14.csv
2015-07-13 05:57 - 2015-07-13 05:57 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-13 05:57 - 2015-07-13 05:57 - 00000000 ____D C:\Windows\System32\vbox
2015-07-13 05:54 - 2015-07-13 05:54 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2015-07-10 07:53 - 2015-07-15 06:07 - 00010514 _____ C:\Users\doug.BAREFOOT\Desktop\2015mailinglistaddons.xlsx
2015-07-10 07:27 - 2015-07-10 07:27 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (2).xlsx
2015-07-10 07:27 - 2015-07-10 07:27 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8 (1).xlsx
2015-07-10 07:27 - 2015-07-10 07:27 - 00000000 ____D C:\Users\doug.BAREFOOT\AppData\OICE_15_974FA576_32C1D314_F2D
2015-07-10 06:08 - 2015-07-10 06:08 - 11855872 _____ C:\Users\doug.BAREFOOT\Downloads\mitch goes boom (1).avi
2015-07-10 05:09 - 2015-07-10 05:09 - 00011106 _____ C:\Users\doug.BAREFOOT\Downloads\Booth Descriptions 2015.xlsx
2015-07-09 07:51 - 2015-07-09 07:51 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST---ASAP--- PREFER BY 8-8.xlsx
2015-07-09 06:40 - 2015-07-09 06:40 - 00007321 _____ C:\Users\doug.BAREFOOT\Downloads\part2.05060103.05000506@barefootathletics.com
2015-07-09 06:40 - 2015-07-09 06:40 - 00007321 _____ C:\Users\doug.BAREFOOT\Downloads\part2.05060103.05000506@barefootathletics (1).com
2015-07-09 04:54 - 2015-07-09 04:54 - 00005838 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-09.csv
2015-07-08 04:46 - 2015-07-08 04:46 - 01099226 _____ C:\Users\doug.BAREFOOT\Downloads\DiamondHead_Logo.ai
2015-07-08 04:46 - 2015-07-08 04:46 - 00570654 _____ C:\Users\doug.BAREFOOT\Downloads\DiamondHead_Logo.eps
2015-07-08 04:45 - 2015-07-08 04:45 - 00108342 _____ C:\Users\doug.BAREFOOT\Downloads\hardat.bmp
2015-07-07 10:02 - 2015-07-07 10:02 - 00004435 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-07.csv
2015-07-01 10:38 - 2015-07-01 10:38 - 00012514 _____ C:\Users\doug.BAREFOOT\Downloads\Shirt Order.xlsx
2015-06-29 10:35 - 2015-06-29 10:35 - 03974689 _____ C:\Users\doug.BAREFOOT\Downloads\Antiqued Gold and Silver Rope Edge Berry Concho 1-1_2-_ All Western Cowboy - Circle KB Idaho USA.webarchive
2015-06-29 07:28 - 2015-06-29 07:28 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
2015-06-29 07:28 - 2015-06-29 07:28 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-22 11:58 - 2015-06-22 11:58 - 00002062 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-06-22.csv
2015-06-18 11:06 - 2015-06-18 11:06 - 00390785 _____ C:\Users\doug.BAREFOOT\Downloads\download (1).php
2015-06-18 10:55 - 2015-06-18 10:55 - 00409908 _____ C:\Users\doug.BAREFOOT\Downloads\winmail.dat
2015-06-18 10:53 - 2015-06-18 10:53 - 00390785 _____ C:\Users\doug.BAREFOOT\Downloads\download.php
2015-06-18 04:59 - 2015-06-18 04:59 - 00000878 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-06-18.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 08:45 - 2015-04-05 00:00 - 00000000 ___SD C:\Windows\System32\GWX
2015-07-16 08:45 - 2015-02-10 12:14 - 00000000 ____D C:\users\doug.BAREFOOT
2015-07-16 08:45 - 2015-02-10 11:54 - 00000000 ____D C:\users\Administrator
2015-07-16 08:45 - 2014-12-11 01:23 - 00000000 ____D C:\Windows\System32\appraiser
2015-07-16 08:45 - 2014-11-19 05:54 - 00000000 ____D C:\users\crdsecagent$admin
2015-07-16 08:45 - 2014-05-20 11:29 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-07-16 08:45 - 2014-05-20 09:52 - 00000000 ____D C:\users\dougc
2015-07-16 08:45 - 2014-05-19 05:03 - 00000000 ____D C:\users\doug
2015-07-16 08:45 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2015-07-16 08:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 08:44 - 2015-02-13 09:30 - 00000000 __RHD C:\MSOCache
2015-07-16 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-07-16 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-16 00:00 - 2014-05-20 10:56 - 00000000 ____D C:\Windows\System32\MRT
2015-07-15 23:17 - 2014-05-20 09:50 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl
2015-07-15 13:58 - 2014-05-21 06:30 - 00000000 ____D C:\Users\dougc\Desktop\Doug Shop works
2015-07-14 00:46 - 2014-01-09 14:44 - 01966423 _____ C:\Windows\WindowsUpdate.log
2015-07-14 00:27 - 2014-01-09 12:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 23:49 - 2014-05-19 07:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 18:19 - 2009-07-13 20:45 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 18:19 - 2009-07-13 20:45 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 06:49 - 2014-05-19 07:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 06:00 - 2009-07-13 21:13 - 00783606 _____ C:\Windows\System32\PerfStringBackup.INI
2015-07-13 05:55 - 2015-02-10 12:14 - 00002261 _____ C:\Users\doug.BAREFOOT\Desktop\Google Chrome.lnk
2015-07-13 05:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 05:54 - 2009-07-13 20:51 - 00037955 _____ C:\Windows\setupact.log
2015-07-13 05:53 - 2010-11-20 19:47 - 00533178 _____ C:\Windows\PFRO.log
2015-06-29 19:24 - 2014-05-19 07:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswsp.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00272248 _____ C:\Windows\System32\Drivers\aswVmm.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00065736 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00029168 _____ C:\Windows\System32\Drivers\aswHwid.sys
2015-06-29 07:27 - 2014-05-19 07:24 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
2015-06-26 00:47 - 2014-05-22 05:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-23 10:30 - 2010-11-20 19:27 - 00300704 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-06-15 22:32:23
Restore point made on: 2015-06-18 23:32:51
Restore point made on: 2015-06-22 23:32:50
Restore point made on: 2015-06-29 07:24:49
Restore point made on: 2015-06-29 23:32:47
Restore point made on: 2015-07-06 23:32:54
Restore point made on: 2015-07-13 05:58:37
Restore point made on: 2015-07-14 00:46:40
Restore point made on: 2015-07-16 00:00:21

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8134.2 MB
Available physical RAM: 7316.26 MB
Total Virtual: 8132.4 MB
Available Virtual: 7321.19 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.11 GB) (Free:385.02 GB) NTFS
Drive d: (Win8_x64) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive e: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:5.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (JW's Drive) (Removable) (Total:29.81 GB) (Free:3.2 GB) NTFS
Drive g: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 03658F27)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)


LastRegBack: 2015-07-12 21:25

==================== End of log ============================

If anyone can give me assistance that would be helpful.
« Last Edit: July 16, 2015, 04:32:23 PM by anakin1138 »
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows 7 hangs on startup and safe mode
« Reply #1 on: July 16, 2015, 04:43:27 PM »
What happened prior to the failed boot ?

Download the attached fixlist.txt to the same location as FRST
Start FRST and press fix
On completion try a normal boot
Logged

REDACTED

  • Guest
Re: Windows 7 hangs on startup and safe mode
« Reply #2 on: July 16, 2015, 05:05:24 PM »
I'm not sure. It was fine last night and when I woke up this morning it was stuck on the windows screen.
Logged

REDACTED

  • Guest
Re: Windows 7 hangs on startup and safe mode
« Reply #3 on: July 16, 2015, 05:22:30 PM »
Tried the fix. Its still hanging on the windows logo screen. Its not freezing or restarting just sitting there while the windows logo loops through the animation.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Windows 7 hangs on startup and safe mode
« Reply #4 on: July 16, 2015, 06:49:48 PM »
OK this fixlist will disable avast, let me know if it stops at mup.sys this time

Download the attached fixlist.txt to the same location as FRST
Start FRST and press fix
Then reboot to normal mode

Logged
Pages: [1]   Go Up
« previous next »