TechSpot

Avast causes system boot loop aswrvrt.sys wont load

By steveb4088
Oct 14, 2016
  1. Hi everyone newbie here. I like the site kudooos.... (I hope this is the right section for this post)

    Anyway I am an engineering student in need of desperate help both my computers are down and im running on an old back up drive on the desktop. Its mid semester and I need my computer and files back reeeeaaallly bad.

    Im running win 7 home premium 64 and im failing to load aswrvrt.sys driver and from what I can tell I need to run farbar which I have never done before im just hoping someone could spare a min and walk me thru this.
    I have comp running now to do whatever I need to do and space to install both drives.

    Im fairly good with computers but not a programmer by any means. From what I can tell these fixes are custom to the user so im just gonna wait and hope someone can guide me thru.

    BTW all restore points have been tried as well as safe mode and chkdsk mem diag I have tried all the basics.
    I would really like to get avast off my other drive and get my windows 7 working again.

    Any help greatly appreciated thank you
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    It's not clear from your post.
    Is the computer bootable at all in any mode?
     
  3. steveb4088

    steveb4088 TS Rookie Topic Starter

    No sir not bootable in any mode restore does not work either. windows stops at driver aswrvrt.sys
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
    NOTE 2. Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. steveb4088

    steveb4088 TS Rookie Topic Starter

    Ok downloading now. just so I understand correctly, I can do this with one drive running windows while the other drive is not booted but connected to the same comp as additional drive?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes.
     
  7. steveb4088

    steveb4088 TS Rookie Topic Starter

    Sorry that was a long process I had to reburn repair disc to get it to repair mode. I attached the file and thank you :)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
    Ran by SYSTEM on MININT-3A803BJ (15-10-2016 00:52:31)
    Running from e:\
    Platform: Windows 7 Home Premium (X64) Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-03] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [2800296 2014-10-03] (NVIDIA Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-01] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [Ultimate Control] => C:\Program Files (x86)\Ultimate Control\ucontrol.exe [349696 2012-08-10] (NEGU Soft)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation)
    HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2009-07-13] (Microsoft Corporation)
    HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
    HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
    HKU\Custom Computer\...\Run: [IBP] => 0
    HKU\Custom Computer\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-29] (Google Inc.)
    HKU\Custom Computer\...\Run: [2006321626] => C:\Windows\system32\rundll32.exe "c:\users\custom computer\appdata\roaming\2808089420\keyboardnotify.dll",DllRegisterServer
    HKU\Custom Computer\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\Custom Computer\...\RunOnce: [Uninstall C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
    HKU\Custom Computer\...\RunOnce: [Uninstall C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Custom Computer\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
    HKU\Custom Computer\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr [4480000 2012-09-01] ()
    HKU\School stuff\...\Run: [Peek Through] => C:\Program Files (x86)\Peek Through\Peek Through.exe [89088 2009-11-27] (Luke Payne Software)
    HKU\School stuff\...\Run: [ConnectionCenter] => C:\Users\School stuff\AppData\Local\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
    HKU\School stuff\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
    HKU\School stuff\...\RunOnce: [Uninstall C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\School stuff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
    HKU\School stuff\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\es.scr [4480000 2012-09-01] ()
    Startup: C:\Users\School stuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-10-07]
    ShortcutTarget: Citrix Receiver.lnk -> (No File)
    Startup: C:\Users\School stuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2016-05-11]
    ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
    S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-06-24] ()
    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] ()
    S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
    S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
    S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)
    S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
    S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
    S2 BFE; X:\windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
    S3 bthserv; X:\windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
    S2 CryptSvc; X:\windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
    S2 DcomLaunch; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
    S3 defragsvc; X:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
    S2 Dhcp; X:\windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
    S2 Dnscache; X:\windows\System32\dnsrslvr.dll [182272 2009-07-13] (Microsoft Corporation)
    S3 EapHost; X:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
    S3 EFS; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S2 eventlog; X:\windows\System32\wevtsvc.dll [1646080 2009-07-13] (Microsoft Corporation)
    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-03] (NVIDIA Corporation)
    S2 gpsvc; X:\windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
    S3 hidserv; X:\windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
    S2 IKEEXT; X:\windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
    S3 KeyIso; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S2 LanmanWorkstation; X:\windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
    S2 lmhosts; X:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
    S2 MpsSvc; X:\windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
    S3 Netlogon; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 Netman; X:\windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
    S2 NlaSvc; X:\windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
    S2 nsi; X:\windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-03] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-03] (NVIDIA Corporation)
    S2 PlugPlay; X:\windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
    S3 PolicyAgent; X:\windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
    S2 Power; X:\windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
    S3 ProtectedStorage; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [455968 2007-09-05] ()
    S3 RasAuto; X:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
    S3 RasMan; X:\windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S2 Realtek11nSU; C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
    S2 RpcEptMapper; X:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
    S2 RpcSs; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
    S2 SamSs; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 SstpSvc; X:\windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
    S3 swprv; X:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
    S3 TBS; X:\windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
    S3 TrustedInstaller; X:\windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
    S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
    S3 VaultSvc; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 vds; X:\windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
    S3 VSS; X:\windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
    S3 W32Time; X:\windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
    S3 wbengine; X:\windows\System32\wbengine.exe [1503744 2009-07-13] (Microsoft Corporation)
    S3 WbioSrvc; X:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S2 Winmgmt; X:\windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
    S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-02-04] (RealVNC Ltd)
    S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] ()
    S3 wmiApSrv; X:\windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
    S2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [268768 2010-03-22] ()
    S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-06-24] (Advanced Micro Devices)
    S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
    S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] ()
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] ()
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] ()
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-02] (Broadcom Corporation.)
    S3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [32024 2013-04-30] ()
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S2 ei2c; C:\Windows\system32\drivers\ei2c.sys [20784 2016-04-24] (Nicomsoft Ltd.)
    S2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-04-24] (Nicomsoft Ltd.)
    S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-03] (NVIDIA Corporation)
    S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
    S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-01] ()
    S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.)
    S2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    S3 GPU-Z; \??\C:\Users\CUSTOM~1\AppData\Local\Temp\GPU-Z.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-15 00:52 - 2016-10-15 00:52 - 00000000 ____D C:\FRST
    2016-10-11 00:39 - 2016-10-11 00:39 - 00000435 _____ C:\lsmc.isk20161011083913991.isk
    2016-10-11 00:06 - 2016-10-11 00:07 - 00000000 ____D C:\Windows\System32\config\mybackup
    2016-10-10 01:10 - 2016-10-10 01:10 - 00008192 _____ C:\lsnc.isk20161010091040553.isk
    2016-10-10 01:10 - 2016-10-10 01:10 - 00000435 _____ C:\lsmc.isk20161010091040256.isk
    2016-10-10 01:10 - 2016-05-11 13:27 - 26460160 _____ C:\Windows\System32\config\SYSTEM.SAV
    2016-10-10 01:10 - 2016-05-11 13:27 - 00778240 _____ C:\Windows\System32\config\DEFAULT.SAV
    2016-10-10 01:10 - 2016-05-11 13:27 - 00065536 _____ C:\Windows\System32\config\SAM.SAV
    2016-10-10 01:10 - 2016-05-11 13:26 - 94007296 _____ C:\Windows\System32\config\SOFTWARE.SAV
    2016-10-10 01:10 - 2016-05-11 13:26 - 00032768 _____ C:\Windows\System32\config\SECURITY.SAV

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)


    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Association (Whitelisted) =============


    ==================== Restore Points =========================

    Restore point date: 2016-03-28 13:45
    Restore point date: 2016-03-29 09:10
    Restore point date: 2016-04-11 12:49
    Restore point date: 2016-04-18 20:00
    Restore point date: 2016-04-29 16:02
    Restore point date: 2016-05-11 13:34
    Restore point date: 2016-05-13 09:41
    Restore point date: 2016-05-17 07:11
    Restore point date: 2016-05-17 17:16
    Restore point date: 2016-05-18 01:18
    Restore point date: 2016-05-18 02:01
    Restore point date: 2016-05-18 02:01

    ==================== Memory info ===========================

    Percentage of memory in use: 6%
    Total physical RAM: 15867.48 MB
    Available physical RAM: 14758.71 MB
    Total Virtual: 15865.63 MB
    Available Virtual: 14737.66 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:147.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (Windows Home Premium 7 X64 SP1) (CDROM) (Total:3.11 GB) (Free:0 GB) UDF
    Drive e: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EA2E795)
    Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 084B857F)
    Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)


    LastRegBack: 2016-05-11 13:26

    ==================== End of FRST.txt ============================
     

    Attached Files:

    Last edited by a moderator: Oct 15, 2016
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
    Thank you :)

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8/10: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  9. steveb4088

    steveb4088 TS Rookie Topic Starter

    Im not quite sure how to paste but I did a drag and drop which I am guessing is the same as copy/paste. last time I used upload a file button. if this method was incorrect I apologize in advance

    windows didnt boot on its own it went back to startup repair

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
    Ran by SYSTEM (16-10-2016 15:24:55) Run:1
    Running from f:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
    C:\Program Files\Alwil Software
    GroupPolicy: Restriction <======= ATTENTION
    S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
    S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] ()
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] ()
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] ()
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
    C:\Windows\system32\drivers\aswHwid.sys
    C:\Windows\system32\drivers\aswMonFlt.sys
    C:\Windows\system32\drivers\aswRdr2.sys
    C:\Windows\System32\Drivers\aswRvrt.sys
    C:\Windows\system32\drivers\aswSnx.sys
    C:\Windows\system32\drivers\aswSP.sys
    C:\Windows\system32\drivers\aswStm.sys
    C:\Windows\System32\Drivers\aswVmm.sys
    S2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value not found.
    "C:\Program Files\Alwil Software" => not found.
    "C:\Windows\System32\GroupPolicy\Machine" => not found.
    avast! Antivirus => service not found.
    AvastVBoxSvc => service not found.
    aswHwid => service not found.
    aswMonFlt => service not found.
    aswRdr => service not found.
    aswRvrt => service not found.
    aswSnx => service not found.
    aswSP => service not found.
    aswStm => service not found.
    aswVmm => service not found.
    "C:\Windows\system32\drivers\aswHwid.sys" => not found.
    "C:\Windows\system32\drivers\aswMonFlt.sys" => not found.
    "C:\Windows\system32\drivers\aswRdr2.sys" => not found.
    "C:\Windows\System32\Drivers\aswRvrt.sys" => not found.
    "C:\Windows\system32\drivers\aswSnx.sys" => not found.
    "C:\Windows\system32\drivers\aswSP.sys" => not found.
    "C:\Windows\system32\drivers\aswStm.sys" => not found.
    "C:\Windows\System32\Drivers\aswVmm.sys" => not found.
    VBoxAswDrv => service not found.

    ==== End of Fixlog 15:24:55 ====
     

    Attached Files:

    Last edited by a moderator: Oct 16, 2016
  10. steveb4088

    steveb4088 TS Rookie Topic Starter

    Im sitting here staring at my last post and I get the feeling I didnt post that correctly. could you please advise how to do this correctly I reviewed the rules and it doesnt seem to give instructions how to paste corecctly. it only asks that one do so
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Give me fresh FRST log.

    As for your question you select all text, right click on it then Copy and Paste into your reply.
     
  12. steveb4088

    steveb4088 TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
    Ran by SYSTEM on MININT-LKDAC3O (16-10-2016 22:08:44)
    Running from f:\
    Platform: Windows 7 Home Premium (X64) Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 BFE; X:\windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
    S3 bthserv; X:\windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
    S2 CryptSvc; X:\windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
    S2 DcomLaunch; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
    S3 defragsvc; X:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
    S2 Dhcp; X:\windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
    S2 Dnscache; X:\windows\System32\dnsrslvr.dll [182272 2009-07-13] (Microsoft Corporation)
    S3 EapHost; X:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
    S3 EFS; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S2 eventlog; X:\windows\System32\wevtsvc.dll [1646080 2009-07-13] (Microsoft Corporation)
    S2 gpsvc; X:\windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
    S3 hidserv; X:\windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
    S3 IKEEXT; X:\windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
    S3 KeyIso; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S2 LanmanWorkstation; X:\windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
    S2 lmhosts; X:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
    S2 MpsSvc; X:\windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
    S3 Netlogon; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 Netman; X:\windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
    S2 NlaSvc; X:\windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
    S2 nsi; X:\windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
    S2 PlugPlay; X:\windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
    S3 PolicyAgent; X:\windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
    S2 Power; X:\windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
    S3 ProtectedStorage; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 RasAuto; X:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
    S3 RasMan; X:\windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
    S2 Realtek11nSU; C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
    S2 RpcEptMapper; X:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
    S2 RpcSs; X:\windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
    S2 SamSs; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 SstpSvc; X:\windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
    S3 swprv; X:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
    S3 TBS; X:\windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
    S3 TrustedInstaller; X:\windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
    S3 VaultSvc; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
    S3 vds; X:\windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
    S3 VSS; X:\windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
    S3 W32Time; X:\windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
    S3 wbengine; X:\windows\System32\wbengine.exe [1503744 2009-07-13] (Microsoft Corporation)
    S3 WbioSrvc; X:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S2 Winmgmt; X:\windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
    S3 wmiApSrv; X:\windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 15:24 - 2016-10-16 22:08 - 00000000 ____D C:\FRST
    2016-10-16 13:50 - 2016-10-16 13:50 - 111721863 _____ C:\Users\Custom\Downloads\12ed_solutions.pdf
    2016-10-16 11:08 - 2016-10-16 11:08 - 00001528 _____ C:\Users\Custom\Downloads\fixlist.txt
    2016-10-14 18:57 - 2016-10-14 18:57 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2016-10-14 18:44 - 2016-10-14 20:57 - 00000000 ____D C:\Users\Custom\Desktop\frstfiles
    2016-10-14 09:48 - 2016-10-13 20:58 - 00000000 ____D C:\Windows\Panther
    2016-10-14 09:43 - 2016-10-13 21:44 - 00000000 ____D C:\Users\Custom\Desktop\3
    2016-10-13 22:01 - 2016-10-14 10:14 - 00000000 ____D C:\Users\Custom\AppData\Local\Mozilla
    2016-10-13 22:01 - 2016-10-13 22:07 - 00000000 ____D C:\Users\Custom\AppData\Roaming\Mozilla
    2016-10-13 22:01 - 2016-10-13 22:01 - 00001167 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-10-13 22:01 - 2016-10-13 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-13 22:01 - 2016-10-13 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-10-13 21:55 - 2016-10-13 21:55 - 00002327 _____ C:\Users\Public\Desktop\EnGenius 11n USB Wireless LAN Utility.lnk
    2016-10-13 21:54 - 2016-10-13 21:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-10-13 21:54 - 2016-10-13 21:54 - 00000000 ____D C:\Program Files (x86)\EnGenius
    2016-10-13 21:54 - 2010-11-25 10:59 - 00694888 _____ (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\rtl8192su.sys
    2016-10-13 21:54 - 2009-04-02 06:27 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\RTLExtUI.dll
    2016-10-13 21:54 - 2009-03-31 10:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
    2016-10-13 21:54 - 2009-02-04 22:49 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
    2016-10-13 21:54 - 2009-01-05 16:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest
    2016-10-13 21:54 - 2008-07-01 08:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
    2016-10-13 21:47 - 2016-10-14 06:05 - 00000062 _____ C:\Users\Custom\Desktop\Keys.txt
    2016-10-13 21:31 - 2016-10-13 21:31 - 00057560 _____ C:\Users\Custom\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000020 ___SH C:\Users\Custom\ntuser.ini
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\My Documents
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\Documents\My Videos
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\Documents\My Pictures
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 _SHDL C:\Users\Custom\Documents\My Music
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 ____D C:\Users\Custom\AppData\Local\VirtualStore
    2016-10-13 20:58 - 2016-10-13 20:58 - 00000000 ____D C:\users\Custom
    2016-10-13 20:58 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Custom\AppData\Roaming\Media Center Programs
    2016-10-13 16:33 - 2016-10-13 16:33 - 00000000 ____D C:\Users\Custom\Desktop\New folder (2)
    2016-10-09 22:54 - 2016-10-09 22:54 - 00000000 ____D C:\Users\Custom\Desktop\recovery tools
    2016-10-09 17:10 - 2016-10-14 09:48 - 00008192 __RSH C:\BOOTSECT.BAK
    2016-10-09 17:10 - 2010-11-20 19:23 - 00383786 __RSH C:\bootmgr

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 18:05 - 2009-07-13 20:45 - 00016640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-16 18:05 - 2009-07-13 20:45 - 00016640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-16 11:33 - 2009-07-13 21:13 - 00713888 _____ C:\Windows\System32\PerfStringBackup.INI
    2016-10-16 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2016-10-16 11:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-14 09:48 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\System32\config\BCD-Template
    2016-10-14 08:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2016-10-14 08:55 - 2009-07-13 20:45 - 00274320 _____ C:\Windows\System32\FNTCACHE.DAT
    2016-10-14 08:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Association (Whitelisted) =============


    ==================== Restore Points =========================

    Restore point date: 2016-10-13 21:54
    Restore point date: 2016-10-14 15:08

    ==================== Memory info ===========================

    Percentage of memory in use: 6%
    Total physical RAM: 15867.48 MB
    Available physical RAM: 14808.73 MB
    Total Virtual: 15865.63 MB
    Available Virtual: 14788.01 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.51 GB) (Free:892.32 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: () (Fixed) (Total:931.41 GB) (Free:147.78 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Windows Home Premium 7 X64 SP1) (CDROM) (Total:3.11 GB) (Free:0 GB) UDF
    Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 82817FDB)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EA2E795)
    Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 084B857F)
    Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)


    LastRegBack: 2016-10-14 21:22

    ==================== End of FRST.txt ============================
     
  13. steveb4088

    steveb4088 TS Rookie Topic Starter

    I noticed this one has less restore points on it so I guess that first run did something. I think about half of those were avast restore points. I tried to run it and it went back to sys repair. tried also in safe mode and nothing
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    At this point all Avast entries are gone so this is not a problem anymore.

    We can try one more fix and if this doesn't work unfortunately you'll have to reinstall Windows.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8/10: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  15. steveb4088

    steveb4088 TS Rookie Topic Starter

    Ok trying it now
     
  16. steveb4088

    steveb4088 TS Rookie Topic Starter

    Im getting an autoui unable to run script when I try to run frst64 using f:\frst64
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Delete your FRST file you got there, download fresh one and try again.
     
  18. steveb4088

    steveb4088 TS Rookie Topic Starter

    I deleted the old FRST file and downloaded again but that still doesnt get it to open
     
  19. steveb4088

    steveb4088 TS Rookie Topic Starter

    All I should have on the thumbdrive is the application the FRST file and the fixlist right
     
  20. steveb4088

    steveb4088 TS Rookie Topic Starter

    Ok after redownloading frst got it to work


    Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Ran by SYSTEM (17-10-2016 21:52:40) Run:2
    Running from f:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    LastRegBack: 2016-10-14 21:22
    *****************

    DEFAULT => copied successfully to System32\config\HiveBackup
    DEFAULT => restored successfully from registry back up
    SAM => copied successfully to System32\config\HiveBackup
    SAM => restored successfully from registry back up
    SECURITY => copied successfully to System32\config\HiveBackup
    SECURITY => restored successfully from registry back up
    SOFTWARE => copied successfully to System32\config\HiveBackup
    SOFTWARE => restored successfully from registry back up
    SYSTEM => copied successfully to System32\config\HiveBackup
    SYSTEM => restored successfully from registry back up

    ==== End of Fixlog 21:52:43 ====
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Did you try to boot again?
     
  22. steveb4088

    steveb4088 TS Rookie Topic Starter

    Yea when it restarts it goes back to system repair
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Unfortunately reinstalling Windows will be the only option.
    I'm sorry :(
     
  24. steveb4088

    steveb4088 TS Rookie Topic Starter

    Is there a recommended method to make this as painless as possible. Should I install onto the drive and let windows place my files into windows.old file or should I just transfer everything over using this other hard drive im on?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It really doesn't matter.
    You can only transfer your data.
    All programs have to be reinstalled.
    Unless you have some image of your hard drive.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...