Inactive Avast causes system boot loop aswrvrt.sys wont load

steveb4088 · Oct 14, 2016

Hi everyone newbie here. I like the site kudooos.... (I hope this is the right section for this post)

Anyway I am an engineering student in need of desperate help both my computers are down and im running on an old back up drive on the desktop. Its mid semester and I need my computer and files back reeeeaaallly bad.

Im running win 7 home premium 64 and im failing to load aswrvrt.sys driver and from what I can tell I need to run farbar which I have never done before im just hoping someone could spare a min and walk me thru this.
I have comp running now to do whatever I need to do and space to install both drives.

Im fairly good with computers but not a programmer by any means. From what I can tell these fixes are custom to the user so im just gonna wait and hope someone can guide me thru.

BTW all restore points have been tried as well as safe mode and chkdsk mem diag I have tried all the basics.
I would really like to get avast off my other drive and get my windows 7 working again.

Any help greatly appreciated thank you

Broni · Oct 14, 2016

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

It's not clear from your post.
Is the computer bootable at all in any mode?

steveb4088 · Oct 14, 2016

No sir not bootable in any mode restore does not work either. windows stops at driver aswrvrt.sys

Broni · Oct 14, 2016

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

steveb4088 · Oct 14, 2016

Ok downloading now. just so I understand correctly, I can do this with one drive running windows while the other drive is not booted but connected to the same comp as additional drive?

Broni · Oct 14, 2016

steveb4088 · Oct 15, 2016

Sorry that was a long process I had to reburn repair disc to get it to repair mode. I attached the file and thank you

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by SYSTEM on MININT-3A803BJ (15-10-2016 00:52:31)
Running from e:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [2800296 2014-10-03] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Ultimate Control] => C:\Program Files (x86)\Ultimate Control\ucontrol.exe [349696 2012-08-10] (NEGU Soft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\Custom Computer\...\Run: [IBP] => 0
HKU\Custom Computer\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-29] (Google Inc.)
HKU\Custom Computer\...\Run: [2006321626] => C:\Windows\system32\rundll32.exe "c:\users\custom computer\appdata\roaming\2808089420\keyboardnotify.dll",DllRegisterServer
HKU\Custom Computer\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\Custom Computer\...\RunOnce: [Uninstall C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\Custom Computer\...\RunOnce: [Uninstall C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
HKU\Custom Computer\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr [4480000 2012-09-01] ()
HKU\School stuff\...\Run: [Peek Through] => C:\Program Files (x86)\Peek Through\Peek Through.exe [89088 2009-11-27] (Luke Payne Software)
HKU\School stuff\...\Run: [ConnectionCenter] => C:\Users\School stuff\AppData\Local\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKU\School stuff\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\School stuff\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr [4480000 2012-09-01] ()
Startup: C:\Users\School stuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-10-07]
ShortcutTarget: Citrix Receiver.lnk -> (No File)
Startup: C:\Users\School stuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2016-05-11]
ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
GroupPolicy: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-06-24] ()
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S2 BFE; X:\windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
S3 bthserv; X:\windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S2 CryptSvc; X:\windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
S2 DcomLaunch; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
S3 defragsvc; X:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; X:\windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
S2 Dnscache; X:\windows\System32\dnsrslvr.dll [182272 2009-07-13] (Microsoft Corporation)
S3 EapHost; X:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 EFS; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 eventlog; X:\windows\System32\wevtsvc.dll [1646080 2009-07-13] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-03] (NVIDIA Corporation)
S2 gpsvc; X:\windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
S3 hidserv; X:\windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S2 IKEEXT; X:\windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
S3 KeyIso; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 LanmanWorkstation; X:\windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
S2 lmhosts; X:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S2 MpsSvc; X:\windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
S3 Netlogon; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 Netman; X:\windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S2 NlaSvc; X:\windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
S2 nsi; X:\windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-03] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-03] (NVIDIA Corporation)
S2 PlugPlay; X:\windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
S3 PolicyAgent; X:\windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
S2 Power; X:\windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
S3 ProtectedStorage; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [455968 2007-09-05] ()
S3 RasAuto; X:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; X:\windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Realtek11nSU; C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S2 RpcEptMapper; X:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S2 RpcSs; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
S2 SamSs; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; X:\windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S3 swprv; X:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
S3 TBS; X:\windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; X:\windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 VaultSvc; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 vds; X:\windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
S3 VSS; X:\windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
S3 W32Time; X:\windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 wbengine; X:\windows\System32\wbengine.exe [1503744 2009-07-13] (Microsoft Corporation)
S3 WbioSrvc; X:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Winmgmt; X:\windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-02-04] (RealVNC Ltd)
S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] ()
S3 wmiApSrv; X:\windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
S2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [268768 2010-03-22] ()
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-06-24] (Advanced Micro Devices)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] ()
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] ()
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] ()
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-02] (Broadcom Corporation.)
S3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [32024 2013-04-30] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 ei2c; C:\Windows\system32\drivers\ei2c.sys [20784 2016-04-24] (Nicomsoft Ltd.)
S2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-04-24] (Nicomsoft Ltd.)
S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-03] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-01] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.)
S2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 GPU-Z; \??\C:\Users\CUSTOM~1\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-15 00:52 - 2016-10-15 00:52 - 00000000 ____D C:\FRST
2016-10-11 00:39 - 2016-10-11 00:39 - 00000435 _____ C:\lsmc.isk20161011083913991.isk
2016-10-11 00:06 - 2016-10-11 00:07 - 00000000 ____D C:\Windows\System32\config\mybackup
2016-10-10 01:10 - 2016-10-10 01:10 - 00008192 _____ C:\lsnc.isk20161010091040553.isk
2016-10-10 01:10 - 2016-10-10 01:10 - 00000435 _____ C:\lsmc.isk20161010091040256.isk
2016-10-10 01:10 - 2016-05-11 13:27 - 26460160 _____ C:\Windows\System32\config\SYSTEM.SAV
2016-10-10 01:10 - 2016-05-11 13:27 - 00778240 _____ C:\Windows\System32\config\DEFAULT.SAV
2016-10-10 01:10 - 2016-05-11 13:27 - 00065536 _____ C:\Windows\System32\config\SAM.SAV
2016-10-10 01:10 - 2016-05-11 13:26 - 94007296 _____ C:\Windows\System32\config\SOFTWARE.SAV
2016-10-10 01:10 - 2016-05-11 13:26 - 00032768 _____ C:\Windows\System32\config\SECURITY.SAV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2016-03-28 13:45
Restore point date: 2016-03-29 09:10
Restore point date: 2016-04-11 12:49
Restore point date: 2016-04-18 20:00
Restore point date: 2016-04-29 16:02
Restore point date: 2016-05-11 13:34
Restore point date: 2016-05-13 09:41
Restore point date: 2016-05-17 07:11
Restore point date: 2016-05-17 17:16
Restore point date: 2016-05-18 01:18
Restore point date: 2016-05-18 02:01
Restore point date: 2016-05-18 02:01

==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 15867.48 MB
Available physical RAM: 14758.71 MB
Total Virtual: 15865.63 MB
Available Virtual: 14737.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:147.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Windows Home Premium 7 X64 SP1) (CDROM) (Total:3.11 GB) (Free:0 GB) UDF
Drive e: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EA2E795)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 084B857F)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)

LastRegBack: 2016-05-11 13:26

==================== End of FRST.txt ============================

Broni · Oct 15, 2016

Please observe forum rules.
All logs have to be pasted not attached.
Thank you

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

steveb4088 · Oct 16, 2016

Im not quite sure how to paste but I did a drag and drop which I am guessing is the same as copy/paste. last time I used upload a file button. if this method was incorrect I apologize in advance

windows didnt boot on its own it went back to startup repair

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by SYSTEM (16-10-2016 15:24:55) Run:1
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
C:\Program Files\Alwil Software
GroupPolicy: Restriction <======= ATTENTION
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] ()
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] ()
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] ()
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
C:\Windows\system32\drivers\aswHwid.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\system32\drivers\aswRdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\system32\drivers\aswSnx.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswStm.sys
C:\Windows\System32\Drivers\aswVmm.sys
S2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value not found.
"C:\Program Files\Alwil Software" => not found.
"C:\Windows\System32\GroupPolicy\Machine" => not found.
avast! Antivirus => service not found.
AvastVBoxSvc => service not found.
aswHwid => service not found.
aswMonFlt => service not found.
aswRdr => service not found.
aswRvrt => service not found.
aswSnx => service not found.
aswSP => service not found.
aswStm => service not found.
aswVmm => service not found.
"C:\Windows\system32\drivers\aswHwid.sys" => not found.
"C:\Windows\system32\drivers\aswMonFlt.sys" => not found.
"C:\Windows\system32\drivers\aswRdr2.sys" => not found.
"C:\Windows\System32\Drivers\aswRvrt.sys" => not found.
"C:\Windows\system32\drivers\aswSnx.sys" => not found.
"C:\Windows\system32\drivers\aswSP.sys" => not found.
"C:\Windows\system32\drivers\aswStm.sys" => not found.
"C:\Windows\System32\Drivers\aswVmm.sys" => not found.
VBoxAswDrv => service not found.

==== End of Fixlog 15:24:55 ====

steveb4088 · Oct 16, 2016

Im sitting here staring at my last post and I get the feeling I didnt post that correctly. could you please advise how to do this correctly I reviewed the rules and it doesnt seem to give instructions how to paste corecctly. it only asks that one do so

Broni · Oct 16, 2016

Give me fresh FRST log.

As for your question you select all text, right click on it then Copy and Paste into your reply.

steveb4088 · Oct 16, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by SYSTEM on MININT-LKDAC3O (16-10-2016 22:08:44)
Running from f:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BFE; X:\windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
S3 bthserv; X:\windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S2 CryptSvc; X:\windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
S2 DcomLaunch; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
S3 defragsvc; X:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; X:\windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
S2 Dnscache; X:\windows\System32\dnsrslvr.dll [182272 2009-07-13] (Microsoft Corporation)
S3 EapHost; X:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 EFS; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 eventlog; X:\windows\System32\wevtsvc.dll [1646080 2009-07-13] (Microsoft Corporation)
S2 gpsvc; X:\windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
S3 hidserv; X:\windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S3 IKEEXT; X:\windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
S3 KeyIso; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 LanmanWorkstation; X:\windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
S2 lmhosts; X:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S2 MpsSvc; X:\windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
S3 Netlogon; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 Netman; X:\windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S2 NlaSvc; X:\windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
S2 nsi; X:\windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S2 PlugPlay; X:\windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
S3 PolicyAgent; X:\windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
S2 Power; X:\windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
S3 ProtectedStorage; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 RasAuto; X:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; X:\windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
S2 Realtek11nSU; C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S2 RpcEptMapper; X:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S2 RpcSs; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
S2 SamSs; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; X:\windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S3 swprv; X:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
S3 TBS; X:\windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; X:\windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
S3 VaultSvc; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 vds; X:\windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
S3 VSS; X:\windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
S3 W32Time; X:\windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 wbengine; X:\windows\System32\wbengine.exe [1503744 2009-07-13] (Microsoft Corporation)
S3 WbioSrvc; X:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Winmgmt; X:\windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S3 wmiApSrv; X:\windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-16 15:24 - 2016-10-16 22:08 - 00000000 ____D C:\FRST
2016-10-16 13:50 - 2016-10-16 13:50 - 111721863 _____ C:\Users\Custom\Downloads\12ed_solutions.pdf
2016-10-16 11:08 - 2016-10-16 11:08 - 00001528 _____ C:\Users\Custom\Downloads\fixlist.txt
2016-10-14 18:57 - 2016-10-14 18:57 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-10-14 18:44 - 2016-10-14 20:57 - 00000000 ____D C:\Users\Custom\Desktop\frstfiles
2016-10-14 09:48 - 2016-10-13 20:58 - 00000000 ____D C:\Windows\Panther
2016-10-14 09:43 - 2016-10-13 21:44 - 00000000 ____D C:\Users\Custom\Desktop\3
2016-10-13 22:01 - 2016-10-14 10:14 - 00000000 ____D C:\Users\Custom\AppData\Local\Mozilla
2016-10-13 22:01 - 2016-10-13 22:07 - 00000000 ____D C:\Users\Custom\AppData\Roaming\Mozilla
2016-10-13 22:01 - 2016-10-13 22:01 - 00001167 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-13 22:01 - 2016-10-13 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-13 22:01 - 2016-10-13 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-13 21:55 - 2016-10-13 21:55 - 00002327 _____ C:\Users\Public\Desktop\EnGenius 11n USB Wireless LAN Utility.lnk
2016-10-13 21:54 - 2016-10-13 21:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-13 21:54 - 2016-10-13 21:54 - 00000000 ____D C:\Program Files (x86)\EnGenius
2016-10-13 21:54 - 2010-11-25 10:59 - 00694888 _____ (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\rtl8192su.sys
2016-10-13 21:54 - 2009-04-02 06:27 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\RTLExtUI.dll
2016-10-13 21:54 - 2009-03-31 10:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
2016-10-13 21:54 - 2009-02-04 22:49 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2016-10-13 21:54 - 2009-01-05 16:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest
2016-10-13 21:54 - 2008-07-01 08:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2016-10-13 21:47 - 2016-10-14 06:05 - 00000062 _____ C:\Users\Custom\Desktop\Keys.txt
2016-10-13 21:31 - 2016-10-13 21:31 - 00057560 _____ C:\Users\Custom\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-13 20:58 - 2016-10-13 20:58 - 00000020 ___SH C:\Users\Custom\ntuser.ini
2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\My Documents
2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\Documents\My Videos
2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\Documents\My Pictures
2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\Documents\My Music
2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 ____D C:\Users\Custom\AppData\Local\VirtualStore
2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 ____D C:\users\Custom
2016-10-13 20:58 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Custom\AppData\Roaming\Media Center Programs
2016-10-13 16:33 - 2016-10-13 16:33 - 00000000 ____D C:\Users\Custom\Desktop\New folder (2)
2016-10-09 22:54 - 2016-10-09 22:54 - 00000000 ____D C:\Users\Custom\Desktop\recovery tools
2016-10-09 17:10 - 2016-10-14 09:48 - 00008192 __RSH C:\BOOTSECT.BAK
2016-10-09 17:10 - 2010-11-20 19:23 - 00383786 __RSH C:\bootmgr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-16 18:05 - 2009-07-13 20:45 - 00016640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-16 18:05 - 2009-07-13 20:45 - 00016640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-16 11:33 - 2009-07-13 21:13 - 00713888 _____ C:\Windows\System32\PerfStringBackup.INI
2016-10-16 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-10-16 11:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-14 09:48 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2016-10-14 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-10-14 08:55 - 2009-07-13 20:45 - 00274320 _____ C:\Windows\System32\FNTCACHE.DAT
2016-10-14 08:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2016-10-13 21:54
Restore point date: 2016-10-14 15:08

==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 15867.48 MB
Available physical RAM: 14808.73 MB
Total Virtual: 15865.63 MB
Available Virtual: 14788.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:892.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:931.41 GB) (Free:147.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Windows Home Premium 7 X64 SP1) (CDROM) (Total:3.11 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 82817FDB)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EA2E795)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 084B857F)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)

LastRegBack: 2016-10-14 21:22

==================== End of FRST.txt ============================

steveb4088 · Oct 17, 2016

I noticed this one has less restore points on it so I guess that first run did something. I think about half of those were avast restore points. I tried to run it and it went back to sys repair. tried also in safe mode and nothing

Broni · Oct 17, 2016

At this point all Avast entries are gone so this is not a problem anymore.

We can try one more fix and if this doesn't work unfortunately you'll have to reinstall Windows.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

steveb4088 · Oct 17, 2016

Ok trying it now

steveb4088 · Oct 17, 2016

Im getting an autoui unable to run script when I try to run frst64 using f:\frst64

Broni · Oct 17, 2016

Delete your FRST file you got there, download fresh one and try again.

steveb4088 · Oct 17, 2016

I deleted the old FRST file and downloaded again but that still doesnt get it to open

steveb4088 · Oct 17, 2016

All I should have on the thumbdrive is the application the FRST file and the fixlist right

steveb4088 · Oct 17, 2016

Ok after redownloading frst got it to work

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by SYSTEM (17-10-2016 21:52:40) Run:2
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
LastRegBack: 2016-10-14 21:22
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 21:52:43 ====

Broni · Oct 17, 2016

Did you try to boot again?

steveb4088 · Oct 17, 2016

Yea when it restarts it goes back to system repair

Broni · Oct 17, 2016

Unfortunately reinstalling Windows will be the only option.
I'm sorry

steveb4088 · Oct 17, 2016

Is there a recommended method to make this as painless as possible. Should I install onto the drive and let windows place my files into windows.old file or should I just transfer everything over using this other hard drive im on?

Broni · Oct 18, 2016

It really doesn't matter.
You can only transfer your data.
All programs have to be reinstalled.
Unless you have some image of your hard drive.

Inactive Avast causes system boot loop aswrvrt.sys wont load

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Attachments

Posts: 56,041 +516

Attachments

Posts: 15 +0

Attachments

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Attachments

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Similar threads