can't boot safe mode, hangs on aswrvrt.sys

system · July 2, 2014, 6:26am

Hello fine avaster’s,

I recently installed some new ram and my system became unstable. I managed to recover and update my bios and it seemed fine, but now has crashed again. Now I can’t get into windows even in safe mode. When I try, it hangs on aswrvrt.sys in the load screen.

I’ve tried all the options from f8, as well as repairing from my install disk and the memory checker. I also tried to copy in some old reg’s in the command prop from when it was booting, but that didn’t work. I don’t have a restore point to go back to…drat. Will take the time to do that in the future.

I am running Windows 7 64 bit.

Seen this problem around, and tried some of the solutions posted but nothing has worked! Been banging my head on this for two nights straight…

Thanks for the help!

CraigB · July 2, 2014, 6:31am

Seems your problem is in the new ram you installed, double check you have installed to correct ram - return to the place of purchase and get them to check the ram for problems - re-install your old ram.

system · July 2, 2014, 11:37am

I cringe every time I see someone post that cannot boot because of Avast driver…YES, I know the driver listed is supposed to be the last good driver load…but IMHO it also depends on what that driver is doing. Glad to see the frequency of these requests are going WAY down. Anyway, I digress.

So, look at this thread and go down to “If you cannot Boot the computer” (attached pic too). YES, I know it is a VIRUS removal thread but I have PMed one of the experts for you on helping on these boot/BSOD issues. He will run some utils, etc. to help but will want to see FRST log. Download and run the Farbar (FRST) and post the log(s). http://forum.avast.com/index.php?topic=53253.0
Here is also good summary from Essexboy on How-To from this post: https://forum.avast.com/index.php?topic=151446.msg1100390#msg1100390

essexboy · July 2, 2014, 1:14pm

You can use the windows installation disc to save downloading the recovery console

system · July 2, 2014, 2:54pm

Thanks, I will try this tonight after work and post logs. Essex, good to have a dragon on the quest! Also got ram direct from crucial after a system scan, should be ok.

essexboy · July 2, 2014, 2:56pm

How many physical drives do you have on the system ?

system · July 3, 2014, 6:59am

Essex, only 1 physical drive. I do use genie9 timeline to backup my data to an Apple Time Capsule as well. Using my ladies Macbook Pro to D/L and post.

Scan results are in parts due to character limit:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014

Ran by SYSTEM on MININT-GFBMI31 on 02-07-2014 23:37:49

Running from F:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM-x32.…\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)

HKLM-x32.…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32.…\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32.…\Run: [WinampAgent] => “C:\Program Files (x86)\Winamp\winampa.exe”

HKLM-x32.…\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)

HKLM-x32.…\Run: [ACU] => C:\Program Files (x86)\Atheros\ACU.exe [303104 2005-05-31] (Atheros Communications, Inc.)

HKLM-x32.…\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)

HKLM-x32.…\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-23] (APN)

HKLM-x32.…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)

HKLM-x32.…\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32.…\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32.…\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKU\Theodore.…\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Theodore.…\Run: [igndlm.exe] => C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)

HKU\Theodore.…\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)

HKU\Theodore.…\Run: [Google Update] => C:\Users\Theodore\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-15] (Google Inc.)

HKU\Theodore.…\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\Theodore.…\Run: [chromium] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

HKU\Theodore.…\Run: [4093FF9A87B1042D148485030E6C283F79F325E6._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)

AppInit_DLLs-x32: C:\ProgramData\encapi32.dll => “C:\ProgramData\encapi32.dll” File Not Found

Startup: C:\Users\Theodore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk → (No File)

ShellIconOverlayIdentifiers: 00avast → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: 0GenieTimeLine-BackedUp → {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()

ShellIconOverlayIdentifiers: 0GenieTimeLine-Excluded → {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()

ShellIconOverlayIdentifiers: 0GenieTimeLine-Folder → {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()

ShellIconOverlayIdentifiers: 0GenieTimeLine-NotBackedUp → {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()

ShellIconOverlayIdentifiers: 0GenieTimeLine-Pending → {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl ()

ShellIconOverlayIdentifiers: DropboxExt1 → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-BackedUp → {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => No File

ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-Excluded → {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => No File

ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-Folder → {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => No File

ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-NotBackedUp → {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => No File

ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-Pending → {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: EnhancedStorageShell → {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File

ShellIconOverlayIdentifiers-x32: SharingPrivate → {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => No File

==================== Services (Whitelisted) =================

S2 ACS; C:\Windows\SysWOW64\acs.exe [36864 2005-05-31] ()

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2013-07-08] (Protection Technology)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-07] (AVAST Software)

S2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [678464 2013-12-08] (Genie9)

S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 SamSs32; c:\windows\system32\zipfldr32.exe

==================== Drivers (Whitelisted) ====================

S1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2013-07-08] (Protection Technology)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-07] ()

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-07] (AVAST Software)

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-07] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-07] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-07] ()

S2 cpuz133; C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-05-11] (Windows (R) Win 7 DDK provider)

S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-11-21] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

system · July 3, 2014, 7:01am

==================== One Month Created Files and Folders ========

2014-07-02 23:37 - 2014-07-02 23:37 - 00000000 ____D () C:\FRST

2014-07-01 22:34 - 2014-07-01 22:34 - 00000000 ____D () C:\myregback

2014-06-29 16:18 - 2014-06-29 16:18 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\Full Control

2014-06-29 15:23 - 2014-06-29 15:23 - 00000995 _____ () C:\Users\Public\Desktop\Tribler.lnk

2014-06-29 15:22 - 2014-06-29 15:23 - 00000000 ____D () C:\Program Files (x86)\Tribler

2014-06-27 22:53 - 2014-06-27 22:53 - 00000505 _____ () C:\Users\Theodore\Desktop\Programs and Features - Shortcut.lnk

2014-06-26 21:30 - 2014-06-26 21:30 - 00001065 _____ () C:\Users\Theodore\Desktop\Cubetractor.lnk

2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\Cubetractor

2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\Cubetractor

2014-06-26 20:51 - 2014-06-26 20:52 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2014-06-26 20:51 - 2014-06-26 20:51 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE

2014-06-26 11:09 - 2014-06-26 11:09 - 00000222 _____ () C:\Users\Theodore\Desktop\Assassin’s Creed IV Black Flag.url

2014-06-26 10:57 - 2014-06-26 10:57 - 00000222 _____ () C:\Users\Theodore\Desktop\Brothers - A Tale of Two Sons.url

2014-06-26 10:46 - 2014-06-26 10:46 - 00000636 _____ () C:\Users\Theodore\Desktop\WFF.lnk

2014-06-26 10:44 - 2014-06-26 10:44 - 00000967 _____ () C:\Users\Theodore\Desktop\TechPowerUp GPU-Z.lnk

2014-06-26 10:44 - 2014-06-26 10:44 - 00000000 ____D () C:\Program Files (x86)\GPU-Z

2014-06-26 10:43 - 2014-06-26 10:43 - 01344480 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Theodore\Desktop\GPU-Z.0.7.2.exe

2014-06-26 10:42 - 2014-06-26 10:42 - 00000000 ____D () C:\Users\Theodore\AppData\Local\AskPartnerNetwork

2014-06-26 10:37 - 2014-06-27 23:08 - 00000000 ____D () C:\bios

2014-06-25 13:29 - 2014-06-25 13:29 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS

2014-06-25 13:29 - 2014-06-25 13:29 - 00000000 ____D () C:\Users\Theodore\AppData\Local\eSupport.com

2014-06-25 12:41 - 2014-06-25 12:41 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk

2014-06-25 12:37 - 2014-06-25 12:38 - 01496480 _____ ( ) C:\Users\Theodore\Downloads\cpuz_1.69setupen.exe

2014-06-25 12:16 - 2014-06-25 12:17 - 01857112 _____ () C:\Users\Theodore\Desktop\memtest86-iso.zip

2014-06-25 11:22 - 2014-06-25 11:22 - 00000222 _____ () C:\Users\Theodore\Desktop\Unity of Command.url

2014-06-25 11:20 - 2014-06-25 11:20 - 00000222 _____ () C:\Users\Theodore\Desktop\Space Hulk.url

2014-06-17 22:59 - 2014-06-17 22:59 - 00000222 _____ () C:\Users\Theodore\Desktop\Tiny and Big Grandpa’s Leftovers.url

2014-06-15 21:55 - 2014-06-15 21:55 - 00000000 ____D () C:\Program Files (x86)\LucasArts

2014-06-12 09:23 - 2014-05-30 02:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-06-12 09:23 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-06-12 09:23 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-06-12 09:23 - 2014-05-30 01:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-06-12 09:23 - 2014-05-30 01:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-06-12 09:23 - 2014-05-30 01:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-06-12 09:23 - 2014-05-30 01:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-06-12 09:23 - 2014-05-30 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-06-12 09:23 - 2014-05-30 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-06-12 09:23 - 2014-05-30 01:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-06-12 09:23 - 2014-05-30 01:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-06-12 09:23 - 2014-05-30 01:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-06-12 09:23 - 2014-05-30 01:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-06-12 09:23 - 2014-05-30 01:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-12 09:23 - 2014-05-30 01:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-06-12 09:23 - 2014-05-30 01:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-06-12 09:23 - 2014-05-30 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-06-12 09:23 - 2014-05-30 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-12 09:23 - 2014-05-30 00:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-06-12 09:23 - 2014-05-30 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-06-12 09:23 - 2014-05-30 00:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-06-12 09:23 - 2014-05-30 00:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-12 09:23 - 2014-05-30 00:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-06-12 09:23 - 2014-05-30 00:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-12 09:23 - 2014-05-30 00:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-12 09:23 - 2014-05-30 00:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-12 09:23 - 2014-05-30 00:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-06-12 09:23 - 2014-05-30 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-12 09:23 - 2014-05-30 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-12 09:23 - 2014-05-30 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-12 09:23 - 2014-05-30 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-06-12 09:23 - 2014-05-30 00:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-12 09:23 - 2014-05-30 00:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-12 09:23 - 2014-05-30 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2014-06-12 09:23 - 2014-05-30 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-06-12 09:23 - 2014-05-30 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-12 09:23 - 2014-05-30 00:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-12 09:23 - 2014-05-30 00:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-12 09:23 - 2014-05-30 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-12 09:23 - 2014-05-30 00:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-12 09:23 - 2014-05-29 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-12 09:23 - 2014-05-29 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-06-12 09:23 - 2014-05-29 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-12 09:23 - 2014-05-29 23:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-12 09:23 - 2014-05-29 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-12 09:23 - 2014-05-29 23:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-06-12 09:23 - 2014-05-29 23:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-12 09:23 - 2014-05-29 23:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-06-12 09:23 - 2014-05-29 23:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-12 09:23 - 2014-05-29 23:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-12 09:23 - 2014-05-29 23:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-06-12 09:23 - 2014-05-29 23:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-12 09:14 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll

2014-06-12 09:14 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-12 09:14 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2014-06-12 09:14 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2014-06-12 09:14 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2014-06-12 09:14 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2014-06-12 09:14 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll

2014-06-12 09:14 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2014-06-12 09:14 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-12 09:14 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-12 09:14 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-12 09:14 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-12 09:14 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2014-06-09 11:12 - 2014-06-09 11:20 - 00000000 ____D () C:\Users\Theodore\AppData\Local\Deployment

2014-06-09 11:12 - 2014-06-09 11:12 - 00000000 __SHD () C:\Users\Theodore\AppData\Local\EmieUserList

2014-06-09 11:12 - 2014-06-09 11:12 - 00000000 __SHD () C:\Users\Theodore\AppData\Local\EmieSiteList

2014-06-09 11:08 - 2014-06-09 11:10 - 00000000 ___DC () C:\Users\Theodore\AppData\Local\MigWiz

system · July 3, 2014, 7:03am

Thanks again for looking at all this.

==================== One Month Modified Files and Folders =======

2014-07-02 23:37 - 2014-07-02 23:37 - 00000000 ____D () C:\FRST

2014-07-01 22:34 - 2014-07-01 22:34 - 00000000 ____D () C:\myregback

2014-06-30 20:21 - 2011-02-15 14:17 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089582162-2691262306-4172335461-1000UA.job

2014-06-30 20:21 - 2011-02-15 14:17 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2089582162-2691262306-4172335461-1000Core.job

2014-06-30 19:48 - 2012-08-02 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-30 19:47 - 2011-03-04 15:34 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-30 13:56 - 2012-10-26 13:51 - 00000408 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job

2014-06-30 12:40 - 2010-08-26 03:12 - 01983686 _____ () C:\Windows\WindowsUpdate.log

2014-06-30 10:46 - 2011-03-04 15:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-30 09:17 - 2012-08-01 23:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-29 23:57 - 2012-12-01 21:06 - 00522298 _____ () C:\Users\Theodore\Tribler.exe.log

2014-06-29 23:57 - 2012-12-01 21:06 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming.Tribler

2014-06-29 22:24 - 2010-10-11 11:31 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-06-29 18:23 - 2012-08-06 09:45 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\Dropbox

2014-06-29 16:18 - 2014-06-29 16:18 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\Full Control

2014-06-29 15:23 - 2014-06-29 15:23 - 00000995 _____ () C:\Users\Public\Desktop\Tribler.lnk

2014-06-29 15:23 - 2014-06-29 15:22 - 00000000 ____D () C:\Program Files (x86)\Tribler

2014-06-28 15:42 - 2009-07-13 20:45 - 00015344 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-28 15:42 - 2009-07-13 20:45 - 00015344 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-28 15:36 - 2014-05-17 14:47 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\DropboxMaster

2014-06-28 15:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-28 15:33 - 2009-07-13 20:51 - 00225768 _____ () C:\Windows\setupact.log

2014-06-27 23:10 - 2013-02-07 22:43 - 00000000 ____D () C:\WFF

2014-06-27 23:08 - 2014-06-26 10:37 - 00000000 ____D () C:\bios

2014-06-27 22:53 - 2014-06-27 22:53 - 00000505 _____ () C:\Users\Theodore\Desktop\Programs and Features - Shortcut.lnk

2014-06-26 21:30 - 2014-06-26 21:30 - 00001065 _____ () C:\Users\Theodore\Desktop\Cubetractor.lnk

2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\Cubetractor

2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\Cubetractor

2014-06-26 21:05 - 2010-11-02 19:06 - 00308280 _____ () C:\Windows\PFRO.log

2014-06-26 20:52 - 2014-06-26 20:51 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2014-06-26 20:51 - 2014-06-26 20:51 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE

2014-06-26 20:51 - 2010-08-25 02:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-26 11:09 - 2014-06-26 11:09 - 00000222 _____ () C:\Users\Theodore\Desktop\Assassin’s Creed IV Black Flag.url

2014-06-26 10:57 - 2014-06-26 10:57 - 00000222 _____ () C:\Users\Theodore\Desktop\Brothers - A Tale of Two Sons.url

2014-06-26 10:46 - 2014-06-26 10:46 - 00000636 _____ () C:\Users\Theodore\Desktop\WFF.lnk

2014-06-26 10:46 - 2012-07-07 22:04 - 00884224 ___SH () C:\Users\Theodore\Desktop\Thumbs.db

2014-06-26 10:44 - 2014-06-26 10:44 - 00000967 _____ () C:\Users\Theodore\Desktop\TechPowerUp GPU-Z.lnk

2014-06-26 10:44 - 2014-06-26 10:44 - 00000000 ____D () C:\Program Files (x86)\GPU-Z

2014-06-26 10:43 - 2014-06-26 10:43 - 01344480 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Theodore\Desktop\GPU-Z.0.7.2.exe

2014-06-26 10:42 - 2014-06-26 10:42 - 00000000 ____D () C:\Users\Theodore\AppData\Local\AskPartnerNetwork

2014-06-26 10:41 - 2011-03-04 15:34 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-26 10:41 - 2011-03-04 15:34 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-25 13:29 - 2014-06-25 13:29 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS

2014-06-25 13:29 - 2014-06-25 13:29 - 00000000 ____D () C:\Users\Theodore\AppData\Local\eSupport.com

2014-06-25 12:41 - 2014-06-25 12:41 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk

2014-06-25 12:41 - 2010-08-25 06:25 - 00000000 ____D () C:\Program Files\CPUID

2014-06-25 12:38 - 2014-06-25 12:37 - 01496480 _____ ( ) C:\Users\Theodore\Downloads\cpuz_1.69setupen.exe

2014-06-25 12:17 - 2014-06-25 12:16 - 01857112 _____ () C:\Users\Theodore\Desktop\memtest86-iso.zip

2014-06-25 11:44 - 2014-01-26 23:17 - 00000000 ____D () C:\Users\Theodore\Desktop\Downloaded Games

2014-06-25 11:22 - 2014-06-25 11:22 - 00000222 _____ () C:\Users\Theodore\Desktop\Unity of Command.url

2014-06-25 11:20 - 2014-06-25 11:20 - 00000222 _____ () C:\Users\Theodore\Desktop\Space Hulk.url

2014-06-17 22:59 - 2014-06-17 22:59 - 00000222 _____ () C:\Users\Theodore\Desktop\Tiny and Big Grandpa’s Leftovers.url

2014-06-17 20:16 - 2011-02-15 14:17 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2089582162-2691262306-4172335461-1000UA

2014-06-17 20:16 - 2011-02-15 14:17 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2089582162-2691262306-4172335461-1000Core

2014-06-16 10:02 - 2010-08-31 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-06-16 10:02 - 2009-07-13 23:44 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-06-16 10:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration

2014-06-16 09:03 - 2010-08-25 00:52 - 00000000 ____D () C:\users\Theodore

2014-06-15 21:55 - 2014-06-15 21:55 - 00000000 ____D () C:\Program Files (x86)\LucasArts

2014-06-15 21:26 - 2013-03-03 22:42 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\vlc

2014-06-15 20:09 - 2013-03-11 20:43 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\dvdcss

2014-06-15 19:31 - 2013-05-13 11:12 - 00000000 ____D () C:\Users\Theodore\Desktop\OIYCC

2014-06-15 17:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

2014-06-12 09:34 - 2013-08-21 21:02 - 00000000 ____D () C:\Windows\System32\MRT

2014-06-12 09:22 - 2011-02-02 16:50 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2014-06-12 09:20 - 2012-09-10 09:18 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-10 09:39 - 2012-09-27 14:53 - 00000000 ____D () C:\Users\Theodore\Desktop\Warhammer 40K

2014-06-10 09:03 - 2009-07-13 20:45 - 00421944 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-06-09 20:48 - 2013-07-08 19:21 - 00000000 ____D () C:\Users\Theodore\Desktop\Dane Garfield Wilson - Blooming Heart 2013

2014-06-09 15:10 - 2010-08-25 01:12 - 00000000 ____D () C:\Users\Theodore\AppData\Roaming\Mozilla

2014-06-09 11:53 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-06-09 11:20 - 2014-06-09 11:12 - 00000000 ____D () C:\Users\Theodore\AppData\Local\Deployment

2014-06-09 11:12 - 2014-06-09 11:12 - 00000000 __SHD () C:\Users\Theodore\AppData\Local\EmieUserList

2014-06-09 11:12 - 2014-06-09 11:12 - 00000000 __SHD () C:\Users\Theodore\AppData\Local\EmieSiteList

2014-06-09 11:12 - 2013-04-25 22:08 - 00000000 ____D () C:\Users\Theodore\AppData\Local\Apps\2.0

2014-06-09 11:10 - 2014-06-09 11:08 - 00000000 ___DC () C:\Users\Theodore\AppData\Local\MigWiz

2014-06-09 09:29 - 2012-09-27 14:47 - 00000000 ____D () C:\Users\Theodore\Desktop\onodrim

2014-06-09 09:27 - 2013-10-28 20:35 - 00000000 ____D () C:\Program Files (x86)\Razer

2014-06-09 09:27 - 2013-10-28 20:32 - 00000000 ____D () C:\Users\Theodore\AppData\Local\Razer

2014-06-09 09:27 - 2013-10-28 20:32 - 00000000 ____D () C:\ProgramData\Razer

2014-06-09 09:26 - 2010-08-25 01:02 - 00110464 _____ () C:\Users\Theodore\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:

====================

C:\ProgramData\hash.dat

C:\Users\Public\dcmsvcsetup.exe

C:\Users\Public\invokesi.exe

Some content of TEMP:

====================

C:\Users\Theodore\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe

C:\Users\Theodore\AppData\Local\Temp\1398328268_PCSpeedMaximizer_1.exe

C:\Users\Theodore\AppData\Local\Temp\1399625705_sp_downloader.exe

C:\Users\Theodore\AppData\Local\Temp\1402990739_the_wedownload_manager1.exe

C:\Users\Theodore\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqyewzy.dll

C:\Users\Theodore\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Theodore\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Theodore\AppData\Local\Temp\ose00000.exe

C:\Users\Theodore\AppData\Local\Temp_is1544.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8119.48 MB

Available physical RAM: 7288.36 MB

Total Pagefile: 8117.68 MB

Available Pagefile: 7284.83 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:56.77 GB) NTFS

Drive e: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.44 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2595E55A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)

No partition Table on disk 1.

Disk 1 is a removable device.

LastRegBack: 2014-06-28 01:39

=================

system · July 3, 2014, 7:07am

Also at this point I have the new ram installed and not the old ram, when it crashed I had both sets of ram installed to get me 12 GB. Any recommendation for what ram to slot in as I do diagnostics? Probably back to the original 4 GB?

essexboy · July 3, 2014, 12:40pm

You can attach the logs, it makes it easier

Initially I would suggest that you install the new RAM one stick at a time, this should let you know if you have a bad one

There is no sign of an infection in the log

system · July 3, 2014, 5:02pm

How about fixlst removal of Avast to just make sure nothing funny in his system Avast driver does not like ?
Just thinking of removing another variable…just a thought.

CraigB · July 3, 2014, 5:12pm

Other than the possibility of a bad ram stick I would suggest to disable Spybots Teatimer as this will conflict with avast, better still remove Spybot altogether.

system · July 3, 2014, 5:17pm

Good idea but he cannot boot right now, correct ?..thus, no way to remove ?
This is why I was asking Essexboy to possibly blow away Avast with fixlst, then hopefully solid boot, then clean uninstall, removal of all conflict items…then clean re-install of Avast. I know the memory is still being looked at but a bad memory stick in my experience doesn’t lock on a driver. In fact, not sure of he can get into BIOS on PC POST but some BIOS have memory test.

CraigB · July 3, 2014, 5:20pm

True, I had forgotten that safe mode was unavailable.

essexboy · July 3, 2014, 5:27pm

Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that

system · July 4, 2014, 12:56am

Just got home, will try some ram switch out shenanigans. I did a memcheck from the bios and from the windows recovery, both said it was fine, but it’s an easy thing to try…

Never had a conflict with spybot before, I have an old version that only runs when I ask it to. I will let you know if I can get to safe mode with any combinations. Removal of Avast or spybot could happen if I did, but at this point I am at command prompt only.

I will do the fixlist.txt jam, and attach log.

Ya’ll are amazing, thanks for the help on this.

system · July 4, 2014, 1:10am

Fixlog.txt is attached.

system · July 4, 2014, 1:18am

So Essexboy deleted (not same as uninstall since PC cannot boot) your Avast so hopefully any Avast items are removed as boot conflict.
Can you boot your PC now ?

If so, then I’d do a full clean uninstall of Avast: A How-To link: https://forum.avast.com/index.php?topic=143284.0
I’d also do a clean uninstall of Spybot…do a read here: http://www.safer-networking.org/faq/how-to-uninstall/
Then I’d do a clean install of Avast.
IMHO…I’d then install:
MalwareBytes: https://www.malwarebytes.org/antimalware/premium/
CryptoPrevent: http://www.foolishit.com/vb6-projects/cryptoprevent/
…both have free versions which are fine…BUT, the paid version (Pro) of MBAM works fine as real-time protection with Avast.
This is my combo…along with good surfing, email opening, and file downloading practices.
Essexboy is true expert in this field…but above is my combo of easy, cheap, works great, easy to manage.

Oh Yeah…one last thing…
I don’t have a restore point to go back to…drat. Will take the time to do that in the future.
When you get your system all clean and running make sure you enable Windows System Restore and check in scheduler it does daily creation points.
I also posted in the How-To thread above about offline imaging of your PC…I referenced a free package…Macrium Reflect.
This is your catastrophic fallback…not only items like this but also WHEN, not if, your HDD dies down the road.

system · July 4, 2014, 6:59am

Well, did the fix, and can’t start normally.

Will try ram swaping, 4th of july craziness has consumed my office.

Window’s Systo Restore…that’s some hot stove learning, got it

can't boot safe mode, hangs on aswrvrt.sys

Announcements