problem with 0xC0000098 and aswrvrt.sys

Hi guys/girls - my friend brought to me his PC desktop with Windows 7 Professional/Ultimate (he didn’t know what exactly it is - he is an historician not computer nerd :wink: ) with problem at start up - black screen with text about “there is no file aswrvrt.sys” and STATE: 0xc0000098

safe mode not working

help - attached files FRST.txt and aswMBR.txt run in Hiren’s Boot CD and MiniXP…

Hiren’s was slight overkill, but, you got the logs, and that’s what matters.

Remover notified. Sit tight and wait for help.

Edit: Your friend appears to have a very old rpcss.dll infection (Don’t remove it! or the system will be even more busted!)

Also, it’s Win 7 64 Bit Ultimate :slight_smile:
Platform: Windows 7 Ultimate (X86) OS Language: English (United States)

Edit 2: Your friend has at least 2 AV’s running (Kaspersky and Avast!) with Remnants of McAfee Secruity Scan Plus, I suggest by removing the remnants and 1 other program when they are done helping as that is probab;y one of the issues.

Hello bszeran and welcome to avast!. I will be working on your Malware issues. :wink:

Kindly note that I shall give my best to cure the machine but I can not guarantee success.

Unfortunately, in spite of your good will, these logs are not valid to me although at first sight seem valid.

Could you please follow this instruction for creating & posting the proper FRST logs.

[*]Download FRST to a USB flash drive.

Download link is for 32bit(x86) or x64bit based system:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

[*]Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

[*]Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
[*]Select Repair your computer.
[*]Select Language and click Next
[*]Enter password (if necessary) and click OK, you should now see the screen below …

http://i1090.photobucket.com/albums/i366/garyr56/W7InstallDisk2.png

[*]Select the Command Prompt option.
[*]A command window will open.

[*]Type notepad then hit Enter.
[]Notepad will open.
[list]
[*]Click File > Open then select Computer.
[*]Note down the drive letter for your USB Drive.
[
]Close Notepad.[/list]
[*]Back in the command window …

[*]Type e:/frst.exe
(or type e:/frst64.exe If you download the FRST for 64-bit windows) and hit Enter
(where e: is replaced by the drive letter for your USB drive)

[*]FRST will start to run.
[list]
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]When finished scanning it will make a log FRST.txt on the flash drive.[/list]
[*]Next

[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
[*]Exit FRST.
[*]Close the command window.
[*]Boot back into normal mode and post me the FRST.txt and Search.txt logs please.

F8 runs “DOS version” Advanced Options Menu without possibility of running “Windows version” (U know - black screen with white lines of options like SAFE MODE etc)

Do I have to run bootable USB stick or DVD with “OS” and then run Recovery Environment ?

PS. Sorry for “english” - I’m from Poland :wink:

Hello bszeran, your english is good. :slight_smile:

I shall not tortured you any more, we will try to do something with the current logs. Nevertheless, still I shall need additional check.

Could you please re-try to run FRST at the same way you did before with the Hirens Boot Disk and preform the following …

Type rpcss.dll into the Search: field in FRST then click the Search File button.
FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
Exit FRST.
Close the command window.

Post me the Search.txt logs please. Then I will be able to write you a FixList (script-fix for FRST) in attempt to target and premove the problem and restore the system state in normal.

I tried a few times and at end succefully run Advanced Options Menu and run FRST64

attached files are effect of running FRST64 from prepared bootable Windows7 USB stick (not Hiren Boot…)

in menu System Recovery Options is not present OS - in line below line titled “Choose a recovery tool” I can see only “Operating system:Unknown on (Unknown) Local Disk”

maybe it’s important

Hello bszeran,

You got a BSOD because you’ve installed avast! over active Kaspersky. Running - more than one - antivirus program is not recommended because they can conflict with each other, report the other antivirus software as malicious.
Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer. Can cause your computer to become unstable…run slowly and even, in rare cases just like yourse, BSOD crash…etc

I shall tell FRST to target and remove both of them, avast! and Kaspersky. Then, try to boot normaly and tell me the computer behavior.
This is what we shall try first. If that fails, report here. I still have a few my tricks up in sleeve … :wink:

Please download and save attached fixlist.txt it to your USB flashdrive.
It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please. Did it work?