Boot Fail @ aswRvrt.sys

How it happened:

  • updated windows + restarted
  • Windows explore was slow to open (3 seconds with win+e shortcut, but 0.1s while clicking explore desktop_shortcut)
  • Noticed my computer created Public share folders (with nothing in them)
  • Access denied to delete them.
  • Thought I had a virus.
  • Reboot to save mode + networking (using msconfig to check safemode box)
  • installed mbam + scan = no detections
  • Tried to uninstall mbam = access denied
  • ran mbam clean utility + restart + installed mbam again + scan = no detections
  • did not check rootkit box :frowning:
  • set chkdsk c: /r /f to run on reboot - boot hang while loading

To fix I have done:

  • boot to windows7 installation cd
  • error - windows not recognized
  • boot to my own recovery cd i made with my windows 3 months ago
  • successfully run chkdsk j:/ /r /f
  • sfc /scannnow /offbootdir=j:\ /offwindir=j:\windows = failed (j was the OS disk randomly on this cd_boot)
  • attempted startup repair by windows_recovery_cd
  • error not possible
  • read: https://forum.avast.com/index.php?topic=152627.0
  • read: https://forum.avast.com/index.php?topic=53253.0
  • Tried to follow instructions. Could not run FRST.exe from cd :frowning:

[b]OS drive not C:[/b]
no matter what I do
OS drive = D:\ or other random letter
All SATA connections unplugged except for OS HDD & DVD/CD drive.

Pictures
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11021542_zps0b32f41d.jpg

http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11142348_zpsb7ee6896.jpg

http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11141658_zpsa7d521d8.jpg

http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11142427_zpsf8a732e7.jpg

http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11140824_zps4dec7811.jpg

http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11132853_zpsece7770c.jpg

My opinion?
something wrote over all my windows drivers or the c:\windows folder

Thank you all in advance. Your tutorials have been very clear and excellent. I just wished my computer wasn’t so difficult.

We still have a few tricks. Hold on a while, I shall get someone for you :slight_smile:

Are you able to use the command prompt from recovery console ?

Type in diskpart
At the DISKPART> prompt type: LIST DISK

Does this show all partitions ?

Yes I am able to use cmd from a recovery_cd. I did type diskpart && list disk. All disks + volumes shown:

OS_volume is generally D:

Initial Screen
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11191411_zpsc5791dd2.jpg

Options
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11191710_zpsed8111db.jpg

- disk
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11191503_zps50254e7d.jpg

- volumes/partitions
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-11191620_zps6e25f73e.jpg

OK diskpart is seeing the system reserved partition (with boot data) as C

Are you able to see the USB drive with FRST on it ?

https://dl.dropbox.com/u/73555776/notepad.JPG

The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

essexboy, you are awesome! Could easily see the flash drive.
FRST is attached: all=all_checkboxes; default=default

FRST_ALL PasteBin - 1 week
https://paste.kde.org/p0aggn4rl

Notepad_File_Open_View
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-12111555_zpsd32317c9.jpg

Running_FRST
http://i216.photobucket.com/albums/cc217/lalabby/aswRvrt_sys/2014-12-12111951_zpse98f4043.jpg

OK this fix will disable both ZoneAlarm and Avast as they use low level drivers

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Save the attached fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Yes sir. Good test.

Ran fixlist.txt - attached & below (1week)
https://paste.kde.org/pgfrrnd53

FRST64.exe seemed to rename the file ‘fixlist.txt’ or delete the original as only Fixlog.txt remains.

EDIT:
Boot still hangs. Currently stops @ CLASSPNP.sys
image showing new boot_hang

Yes the fixlist is automatically deleted

OK this narrows it down now to possibly the atapi file

So lets initially try an SFR scan but this time use the c drive as it should recognise that

Go to command prompt and type the following command :

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

OMG VICTORY! You’re the best essexboy.
I let the boot just keep hanging through frustration & went down stairs to eat… It booted.

No idea how long it took (at least 5min)
safe_mode_boot_image

What should I do now? Still run sfc? Restart & see if it boots again? Boot to recovery_cd & run sfc?

As you are in the first job I would suggest is to run SFC from an elevated command prompt

Go Start > All Programs > Accessories
Right click command prompt and select run as administrator
In the box type :

sfc /scannow

Allow it to complete and then reboot

Once back in normal mode run a fresh FRST scan for me

Following all run from 1st safe_mode_boot:

  1. sfc /scannow - fail @ 62%
    jpg image showing sfc failure

  2. frst64.exe - attached
    frst64.exe all boxes checked

I was scared to restart because of sfc fail. If you say so, I will restart into “normal_mode” and run frst64.exe again. Part of me wants to do some malware scans.

Nothing much showing there, so I feel it was a software problem somewhere within the windows system rather than malware

At some stage you will need to reboot so it would be best to get that scary part over with now

Normal_Boot successful.
frst64.exe - attached

EDIT:

Ah, could be the old ssd. What’s the best way to uncorrupt windows?

Attached CBS log (1 week):
https://paste.kde.org/p2nirq7lr

CBS log old_version (1 week):
https://paste.kde.org/pxsdcykz4

Probably need to run some smart data from my OS_HDD:

  • Shows good @ 20,200+ hours
  • 106 bad blocks seems to be no big deal
  • 94% still good

http://i216.photobucket.com/albums/cc217/lalabby/2014-12-12193618_zps8171a5fe.jpg

Logs look good, the errors in SFC are pretty normal

Remember you have no firewall or AV running at the moment. For avast do a clean install

Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

[]Run the uninstall tool and accept the reboot to safe mode
[
]Once complete reboot your system
[*]Reinstall Avast


Clean uninstall ZA… http://download.zonelabs.com/bin/free/beta/cleanuninstall.txt

Thank you so much for the personal help essexboy. Will uninstall and re-install.

Will have to track down what gave my system so much corruption.

You could be chasing a needle in a haystack there, as there are a multitude of causes