Hello,
My vista system tries to boot but hangs on aswRvrt.sys. I saw possible solutions in previous threads, but the recovery tool link was taken down. Can you help?
Thanks,
Can you boot into Safe mode ?
Can you get to the Recovery Console via F8 ?..if so, FIRST try “Last Known Good Configuration”.
http://windows.microsoft.com/en-us/windows/using-last-known-good-configuration#1TC=windows-7
I also PMed Essexboy for more advanced help past this.
Do you know if you had System Restore enabled in your PC ?
I can’t boot in safe mode, no system restore point. I saw Essexboy helped someone else about a year ago, but the link to the startup file he posted isn’t active anymore.
Thanks.
Sorry, I tried F8 and got the recovery console, I tried last known good config, it’s been working for a while but seems hung up on a black screen with the mouse pointer.
Is it 32 or 64 bit ?
I took the link down as it was eating up my bandwidth like no ones business
32 bit, last known good config won’t boot.
Download the following three programmes to your desktop :
For 32bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool
Insert the USB stick Then run Rufus
https://dl.dropbox.com/u/73555776/rufus.JPG
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
https://dl.dropbox.com/u/73555776/RufusISO.JPG
Then copy FRST to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
Windows 7 and Vista screenshots
When you reboot you will see this.
Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Thanks, I’ll try it out this evening.
#2 doesn’t have a link to download the file.
Essexboy will PM you the link.
I PM’d the link for the RC
Having trouble with Rufus. When I click the disk icon in your second screen shot it wants me to select an .iso file.
Do I select the vista32rc.iso then select start?
Okay I made the bootable USB, but it says it’s not compatable with my version of Windows. Is it possible I have 64 bit Vista? If so can you PM me a link for the 64 bit recovery tool? Thanks.
Okay, I ran frst64. Here’s the log, thanks.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014
Ran by SYSTEM on MINWINPC on 14-07-2014 09:11:56
Running from H:
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM.…\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM.…\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM.…\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-23] (Synaptics Incorporated)
HKLM.…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor)
HKLM.…\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
HKLM.…\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32.…\Run: [IdeaNotesUser] => C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)
HKLM-x32.…\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32.…\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32.…\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5604168 2009-01-22] (Lenovo(beijing) Limited)
HKLM-x32.…\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8847360 2008-12-22] (Lenovo (Beijing) Limited)
HKLM-x32.…\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32.…\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32.…\Run: [CanonSolutionMenuEx] => “C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE” /logon
HKLM-x32.…\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [Ad-Aware Antivirus] => “C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher” --windows-run
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-03] (AVAST Software)
HKLM-x32.…\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32.…\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32.…\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM.…\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM.…D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Ben.…\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Ben.…\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Ben.…\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default.…\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User.…\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest.…\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Maura.…\Run: [SmileboxTray] => C:\Users\Maura\AppData\Roaming\Smilebox\SmileboxTray.exe [325448 2012-05-15] (Smilebox, Inc.)
HKU\Maura.…\Run: [swg] => “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
HKU\Maura.…\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-13] (Adobe Systems Incorporated)
Startup: C:\Users\Maura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk → C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast → {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: EnhancedStorageShell → {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File
ShellIconOverlayIdentifiers: VeriFace Enc → {771C7324-DA80-49D3-8017-753B0AF60951} => No File
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell → {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File
BootExecute: autocheck autochk * autocheck lsdelete
==================== Services (Whitelisted) =================
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-17] (Lavasoft Limited)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DKService.exe [1813272 2008-11-24] (Diskeeper Corporation)
S2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [32768 2008-02-14] (Lenovo Group Limited)
S2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-26] (McAfee, Inc.)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2008-02-14] (Motive Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 System_Repair_UpdateMonitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [434176 2008-09-27] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-28] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-01-28] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-28] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-28] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-28] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-28] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-28] ()
S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [69136 2009-06-17] ()
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-27] (GFI Software)
S0 LPCFilter; C:\Windows\SysWOW64\DRIVERS\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [183424 2009-01-23] (SMI)
S3 IpInIp; system32\DRIVERS\ipinip.sys
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-14 09:10 - 2014-07-14 09:10 - 00000000 ____D () C:\FRST
2014-07-08 10:11 - 2014-07-08 10:11 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-07 11:33 - 2014-07-07 11:33 - 00000809 _____ () C:\Windows\setupact.log
2014-07-07 11:33 - 2014-07-07 11:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-07 11:09 - 2014-07-07 11:09 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-07-07 11:09 - 2012-09-28 07:32 - 05989776 _____ (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2014-07-07 11:09 - 2012-09-28 07:32 - 00053760 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2014-06-28 10:40 - 2014-06-28 10:40 - 10625117 _____ () C:\Users\Ben\Downloads\Craigslist pics.zip
2014-06-24 10:47 - 2014-06-24 10:48 - 06697108 _____ () C:\Users\Ben\Downloads\Pics.zip
==================== One Month Modified Files and Folders =======
2014-07-14 09:10 - 2014-07-14 09:10 - 00000000 ____D () C:\FRST
2014-07-14 05:06 - 2009-05-08 22:16 - 00000066 ___SH () C:_PartitionInfo
2014-07-14 05:06 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 05:06 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 05:06 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 16:46 - 2014-01-28 14:29 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 16:21 - 2009-05-08 22:12 - 00000282 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-11 16:10 - 2013-04-19 12:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 15:12 - 2009-06-17 00:56 - 01528020 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 11:56 - 2008-01-20 19:26 - 00748954 _____ () C:\Windows\PFRO.log
2014-07-08 10:11 - 2014-07-08 10:11 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 02:46 - 2011-09-23 15:35 - 00010792 _____ () C:\Windows\System32\spsys.log
2014-07-07 11:33 - 2014-07-07 11:33 - 00000809 _____ () C:\Windows\setupact.log
2014-07-07 11:33 - 2014-07-07 11:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-07 11:17 - 2006-11-02 04:46 - 00773288 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-07 11:09 - 2014-07-07 11:09 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-07-07 10:45 - 2014-01-28 14:29 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-07 04:47 - 2013-03-27 17:42 - 00001739 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-07 04:47 - 2009-06-17 01:26 - 23378820 _____ () C:\FaceProv.log
2014-07-07 04:46 - 2010-12-23 13:21 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-03 17:12 - 2006-11-02 07:42 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 10:40 - 2014-06-28 10:40 - 10625117 _____ () C:\Users\Ben\Downloads\Craigslist pics.zip
2014-06-25 11:27 - 2009-12-30 12:23 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2014-06-25 10:40 - 2014-01-28 14:29 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 10:40 - 2014-01-28 14:29 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 10:48 - 2014-06-24 10:47 - 06697108 _____ () C:\Users\Ben\Downloads\Pics.zip
2014-06-23 13:58 - 2014-01-27 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
C:\ProgramData\flashax9f.exe
Some content of TEMP:
C:\Users\Ben\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Ben\AppData\Local\Temp_is9B41.exe
C:\Users\Maura\AppData\Local\Temp\contentDATs.exe
C:\Users\Maura\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Maura\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Maura\AppData\Local\Temp\symlcsv1.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 2007.8 MB
Available physical RAM: 1499.58 MB
Total Pagefile: 1799.73 MB
Available Pagefile: 1482.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:252.95 GB) (Free:152.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lenovo) (Fixed) (Total:30.38 GB) (Free:28.43 GB) NTFS
Drive e: () (Fixed) (Total:14.65 GB) (Free:3.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (2008_03_29_2201) (Removable) (Total:7.55 GB) (Free:7.33 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 04AC1E08)
Partition 1: (Active) - (Size=253 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 00086FA3)
Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS)
LastRegBack: 2014-07-11 15:15
==================== End Of Log ============================
Download the attached fixlist.txt to the same location as FRST
Run FRST from the recovery console and press fix
Now try a normal boot
Learning moment for me…ZeroAccess Malware you think ?
http://en.wikipedia.org/wiki/ZeroAccess_botnet
FRST says it executed the fix, but my system still boots to a blank black screen with a pointer.
Same thing in safe mode. It still hangs at aswrvrt.sys.
Just remnants of ZA … Lets now reset the registry
Download the attached fixlist.txt to the same location as FRST
Run FRST from the recovery console and press fix
Now try a normal boot