Inactive Notebook stuck on aswrvrt.sys

metaathron · Aug 18, 2014

Hello, could you please help my friend? He has similar problem to other people, that his notebook is stuck on windows vista (32) booting screen. When trying safe mode, it stays stuck on aswrvrt.sys.

FRST says:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by SYSTEM on MINWINPC on 18-08-2014 20:24:06
Running from f:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Guest\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Guest\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
HKU\Guest\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
HKU\Guest\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
HKU\Guest\...\Run: [Namedate] => C:\nezmeskej\nezmeskej.exe s s
HKU\Guest\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-02] (Skype Technologies S.A.)
HKU\Guest\...\Policies\system: [LogonHoursAction] 2
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Policies\Explorer: [RegWinBackUp] 0
HKU\NOTEBOOK\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
HKU\NOTEBOOK\...\Policies\system: [LogonHoursAction] 2
HKU\NOTEBOOK\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\NOTEBOOK\...\Policies\Explorer: [RegWinBackUp] 0
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\Users\NOTEBOOK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gaia Wallpaper Desktop.lnk
ShortcutTarget: Gaia Wallpaper Desktop.lnk -> C:\Program Files\Gaia Dream Creation\Gaia Wallpaper Desktop\GaiaWallpaperDesktop.exe (Gaia Dream Creation Inc.)
BootExecute: autocheck autochk *

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-23] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-21] (Glarysoft Ltd)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-04] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
2014-08-11 11:55 - 2014-08-12 11:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-08 09:44 - 2014-08-08 11:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 21:29 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
2014-08-18 09:26 - 2014-06-25 10:45 - 00226414 _____ () C:\Windows\PFRO.log
2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
2014-08-12 11:24 - 2014-08-11 11:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 20:56 - 2014-04-19 23:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
2014-08-11 20:56 - 2014-04-12 10:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
2014-08-11 20:56 - 2009-01-07 03:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
2014-08-11 20:56 - 2008-10-12 02:42 - 00000000 ____D () C:\users\Guest
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-08-11 20:56 - 2006-11-02 02:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
2014-08-11 20:56 - 2006-11-02 02:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
2014-08-11 20:42 - 2006-11-02 02:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
2014-08-11 20:42 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
2014-08-11 12:06 - 2008-10-03 10:33 - 00646048 _____ () C:\ProgramData\nvModes.001
2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 11:55 - 2008-10-05 07:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 11:02 - 2008-10-03 10:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
2014-08-11 11:02 - 2008-10-03 10:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 11:01 - 2008-10-03 10:31 - 00000000 ____D () C:\users\NOTEBOOK
2014-08-11 11:00 - 2014-01-24 08:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 10:57 - 2008-10-03 10:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-08-11 10:57 - 2008-04-24 22:16 - 00000147 _____ () C:\Windows\System32\agent.log
2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 05:46 - 2006-11-02 02:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-08-11 05:46 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-08-10 23:52 - 2009-02-18 10:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-09 23:41 - 2014-07-08 13:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
2014-08-09 15:41 - 2008-10-04 05:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-08 21:33 - 2008-01-20 22:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 11:41 - 2010-03-31 23:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-08 11:35 - 2014-08-08 09:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-08 11:32 - 2008-10-19 11:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 11:26 - 2010-03-31 23:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
2014-08-08 08:59 - 2008-10-29 15:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-06 21:31 - 2014-08-06 21:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-06 06:24 - 2014-01-24 08:35 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-30 21:26 - 2014-06-25 10:50 - 00000789 _____ () C:\Windows\setupact.log
2014-07-26 00:26 - 2010-03-17 09:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls
2014-07-20 04:17 - 2014-01-22 09:29 - 00000000 ____D () C:\Program Files\Glary Utilities 4

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 4093.63 MB
Available physical RAM: 3706.61 MB
Total Pagefile: 3959.36 MB
Available Pagefile: 3795.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.23 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
Drive e: (Disc) (CDROM) (Total:3.6 GB) (Free:0 GB) UDF
Drive f: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)

LastRegBack: 2014-08-10 22:10

==================== End Of Log ============================

Broni · Aug 18, 2014

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Let's see if this will work...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

metaathron · Aug 19, 2014

Didn't help. Situation is the same.

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
Ran by SYSTEM at 2014-08-19 21:30:59 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
LastRegBack: 2014-08-10 22:10
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe

*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

==== End of Fixlog ====

Broni · Aug 19, 2014

That's fine.
Give me fresh FRST log.

Broni · Aug 26, 2014

Reopened.

metaathron · Aug 27, 2014

Thank you so much. Here is the new FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by SYSTEM on MINWINPC on 26-08-2014 21:30:41
Running from G:\
Platform: WIN_VISTA Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is not loaded.
BootExecute: autocheck autochk *

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-24] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-19 05:22 - 2014-08-20 06:39 - 00000000 ____D () C:\FRST
2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
2014-08-11 20:55 - 2014-08-12 20:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-08 18:44 - 2014-08-08 20:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-07 06:29 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 15:24 - 2014-08-06 15:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 06:39 - 2014-08-19 05:22 - 00000000 ____D () C:\FRST
2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
2014-08-12 20:24 - 2014-08-11 20:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-12 05:56 - 2014-04-20 08:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
2014-08-12 05:56 - 2014-04-12 19:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
2014-08-12 05:56 - 2009-01-07 12:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
2014-08-12 05:56 - 2008-10-12 11:42 - 00000000 ____D () C:\users\Guest
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\spool
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-08-12 05:56 - 2006-11-02 11:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
2014-08-12 05:56 - 2006-11-02 11:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
2014-08-12 05:42 - 2006-11-02 11:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
2014-08-12 05:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
2014-08-11 21:06 - 2008-10-03 19:33 - 00646048 _____ () C:\ProgramData\nvModes.001
2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 20:55 - 2014-06-25 19:45 - 00226414 _____ () C:\Windows\PFRO.log
2014-08-11 20:55 - 2008-10-05 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 20:02 - 2008-10-03 19:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
2014-08-11 20:02 - 2008-10-03 19:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 20:01 - 2008-10-03 19:31 - 00000000 ____D () C:\users\NOTEBOOK
2014-08-11 20:00 - 2014-01-24 17:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 19:57 - 2008-10-03 19:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-08-11 19:57 - 2008-04-25 07:16 - 00000147 _____ () C:\Windows\System32\agent.log
2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 14:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-08-11 14:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-08-11 08:52 - 2009-02-18 19:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-10 08:41 - 2014-07-08 22:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
2014-08-10 00:41 - 2008-10-04 14:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-09 06:33 - 2008-01-21 07:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 20:41 - 2010-04-01 08:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-08 20:35 - 2014-08-08 18:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-08 20:32 - 2008-10-19 20:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 20:26 - 2010-04-01 08:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
2014-08-08 17:59 - 2008-10-30 00:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-07 06:31 - 2014-08-07 06:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 15:24 - 2014-08-06 15:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-06 15:24 - 2014-01-24 17:35 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-31 06:26 - 2014-06-25 19:50 - 00000789 _____ () C:\Windows\setupact.log

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4093.5 MB
Available physical RAM: 3635.38 MB
Total Pagefile: 3830.88 MB
Available Pagefile: 3667.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.45 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
Drive e: (FRTMCFRE_CS_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF
Drive f: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)

LastRegBack: 2014-08-11 07:10

==================== End Of Log ============================

metaathron · Aug 27, 2014

Now I don't get it. The log seems to be like from another computer, but it isn't :-/

Broni · Aug 27, 2014

I'm not sure what you mean.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot into any mode.

metaathron · Aug 28, 2014

Once the OS was recognized as english Vista HP and once as czech Vista SP2. I will try Your fix after work (cca 15 UTC)

metaathron · Aug 28, 2014

No change yet

FIXLOG:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
Ran by SYSTEM at 2014-08-28 17:23:04 Run:2
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
C:\Program Files\AVAST Software
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
C:\Windows\System32\Drivers\aswVmm.sys
C:\Windows\system32\drivers\aswTdi.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\system32\drivers\aswRdr.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\system32\drivers\aswHwid.sys
2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-11 20:00 - 2014-01-24 17:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 15:24 - 2014-01-24 17:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-06 15:24 - 2014-01-24 17:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-06 15:24 - 2014-01-24 17:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys

*****************

avast! Antivirus => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
aswHwid => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswTdi => Service deleted successfully.
aswVmm => Service deleted successfully.
C:\Windows\System32\Drivers\aswVmm.sys => Moved successfully.
C:\Windows\system32\drivers\aswTdi.sys => Moved successfully.
C:\Windows\system32\drivers\aswSP.sys => Moved successfully.
C:\Windows\system32\drivers\aswSnx.sys => Moved successfully.
C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.
C:\Windows\system32\drivers\aswRdr.sys => Moved successfully.
C:\Windows\system32\drivers\aswMonFlt.sys => Moved successfully.
C:\Windows\system32\drivers\aswHwid.sys => Moved successfully.
C:\Windows\avastSS.scr => Moved successfully.
C:\Users\Public\Desktop\avast! Free Antivirus.lnk => Moved successfully.
"C:\Windows\avastSS.scr" => File/Directory not found.
"C:\Windows\System32\Drivers\aswSnx.sys" => File/Directory not found.
"C:\Windows\System32\Drivers\aswsp.sys" => File/Directory not found.
C:\Windows\System32\aswBoot.exe => Moved successfully.
"C:\Windows\System32\Drivers\aswMonFlt.sys" => File/Directory not found.
"C:\Windows\System32\Drivers\aswTdi.sys" => File/Directory not found.
"C:\Windows\System32\Drivers\aswRdr.sys" => File/Directory not found.

==== End of Fixlog ====

metaathron · Aug 28, 2014

Nexr FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by SYSTEM on MINWINPC on 28-08-2014 17:29:32
Running from G:\
Platform: WIN_VISTA Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is not loaded.
BootExecute: autocheck autochk *

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-24] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-19 05:22 - 2014-08-28 17:23 - 00000000 ____D () C:\FRST
2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
2014-08-11 20:55 - 2014-08-12 20:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-08 18:44 - 2014-08-08 20:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-07 06:29 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 17:23 - 2014-08-19 05:22 - 00000000 ____D () C:\FRST
2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
2014-08-12 20:24 - 2014-08-11 20:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-12 05:56 - 2014-04-20 08:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
2014-08-12 05:56 - 2014-04-12 19:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
2014-08-12 05:56 - 2009-01-07 12:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
2014-08-12 05:56 - 2008-10-12 11:42 - 00000000 ____D () C:\users\Guest
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\spool
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-08-12 05:56 - 2006-11-02 11:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
2014-08-12 05:56 - 2006-11-02 11:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
2014-08-12 05:42 - 2006-11-02 11:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
2014-08-12 05:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
2014-08-11 21:06 - 2008-10-03 19:33 - 00646048 _____ () C:\ProgramData\nvModes.001
2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 20:55 - 2014-06-25 19:45 - 00226414 _____ () C:\Windows\PFRO.log
2014-08-11 20:55 - 2008-10-05 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 20:02 - 2008-10-03 19:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
2014-08-11 20:02 - 2008-10-03 19:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 20:01 - 2008-10-03 19:31 - 00000000 ____D () C:\users\NOTEBOOK
2014-08-11 19:57 - 2008-10-03 19:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-08-11 19:57 - 2008-04-25 07:16 - 00000147 _____ () C:\Windows\System32\agent.log
2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 14:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-08-11 14:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-08-11 08:52 - 2009-02-18 19:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-10 08:41 - 2014-07-08 22:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
2014-08-10 00:41 - 2008-10-04 14:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-09 06:33 - 2008-01-21 07:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 20:41 - 2010-04-01 08:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-08 20:35 - 2014-08-08 18:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-08 20:32 - 2008-10-19 20:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 20:26 - 2010-04-01 08:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
2014-08-08 17:59 - 2008-10-30 00:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-07 06:31 - 2014-08-07 06:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-07-31 06:26 - 2014-06-25 19:50 - 00000789 _____ () C:\Windows\setupact.log

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4093.5 MB
Available physical RAM: 3632 MB
Total Pagefile: 3830.88 MB
Available Pagefile: 3665.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.48 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)

LastRegBack: 2014-08-11 07:10

==================== End Of Log ============================

Broni · Aug 28, 2014

It used to get stuck on aswrvrt.sys.
What happens now when you try to boot?
Did you try to boot into safe mode as well?

Broni · Sep 1, 2014

Still with me?

metaathron · Sep 1, 2014

Well, now it is stuck on BootDefragDriver.sys while trying safe mode

Broni · Sep 1, 2014

Let's try to remove that one...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

metaathron · Sep 2, 2014

Now it's on crcdisk.sys

FixLog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
Ran by SYSTEM at 2014-09-02 19:18:31 Run:3
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
C:\Windows\System32\drivers\BootDefragDriver.sys
*****************

BootDefragDriver => Service deleted successfully.
C:\Windows\System32\drivers\BootDefragDriver.sys => Moved successfully.

==== End of Fixlog ====

metaathron · Sep 2, 2014

And new FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by SYSTEM on MINWINPC on 02-09-2014 19:27:06
Running from G:\
Platform: WIN_VISTA Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is not loaded.
BootExecute: autocheck autochk *

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-24] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-19 05:22 - 2014-09-02 19:18 - 00000000 ____D () C:\FRST
2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
2014-08-11 20:55 - 2014-08-12 20:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-08 18:44 - 2014-08-08 20:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-07 06:29 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 19:18 - 2014-08-19 05:22 - 00000000 ____D () C:\FRST
2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
2014-08-12 20:24 - 2014-08-11 20:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-12 05:56 - 2014-04-20 08:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
2014-08-12 05:56 - 2014-04-12 19:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
2014-08-12 05:56 - 2009-01-07 12:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
2014-08-12 05:56 - 2008-10-12 11:42 - 00000000 ____D () C:\users\Guest
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\spool
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-08-12 05:56 - 2006-11-02 11:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
2014-08-12 05:56 - 2006-11-02 11:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
2014-08-12 05:42 - 2006-11-02 11:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
2014-08-12 05:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
2014-08-11 21:06 - 2008-10-03 19:33 - 00646048 _____ () C:\ProgramData\nvModes.001
2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 20:55 - 2014-06-25 19:45 - 00226414 _____ () C:\Windows\PFRO.log
2014-08-11 20:55 - 2008-10-05 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 20:02 - 2008-10-03 19:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
2014-08-11 20:02 - 2008-10-03 19:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 20:01 - 2008-10-03 19:31 - 00000000 ____D () C:\users\NOTEBOOK
2014-08-11 19:57 - 2008-10-03 19:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-08-11 19:57 - 2008-04-25 07:16 - 00000147 _____ () C:\Windows\System32\agent.log
2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 14:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-08-11 14:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-08-11 08:52 - 2009-02-18 19:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-10 08:41 - 2014-07-08 22:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
2014-08-10 00:41 - 2008-10-04 14:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-09 06:33 - 2008-01-21 07:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 20:41 - 2010-04-01 08:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-08 20:35 - 2014-08-08 18:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-08 20:32 - 2008-10-19 20:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 20:26 - 2010-04-01 08:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
2014-08-08 17:59 - 2008-10-30 00:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-07 06:31 - 2014-08-07 06:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4093.5 MB
Available physical RAM: 3638.41 MB
Total Pagefile: 3832.83 MB
Available Pagefile: 3670.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.45 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.84 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)

LastRegBack: 2014-08-11 07:10

==================== End Of Log ============================

Broni · Sep 2, 2014

Now it's on crcdisk.sys

This is not good.
You may have hard drive problem.

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

Inactive Notebook stuck on aswrvrt.sys

Posts: 10 +0

Posts: 56,041 +516

Attachments

Posts: 10 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 10 +0

Posts: 10 +0

Posts: 56,041 +516

Attachments

Posts: 10 +0

Posts: 10 +0

Posts: 10 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 10 +0

Posts: 56,041 +516

Attachments

Posts: 10 +0

Posts: 10 +0

Posts: 56,041 +516

Similar threads