Windows 7 Pro x64
loads to aswRvrt.sys then goes to recovery boot screen, just keeps cycling
Windows never loads
See: “If you cannot Boot the computer”
Instructions: http://forum.avast.com/index.php?topic=53253
According to the link “If you have a 64bit system then create a thread and instructions for the recovery console download will be given”
This is a 64 bit system.
I don’t have the O/S disk
I mounted the disk in another system and ran Malwarebytes and Norton Virus scan on the disk
Malware Log below, ignore the O/S information, that is from the system I was running the scans from, virus scan was clean.
Scan Date: 3/16/2016
Scan Time: 5:56 PM
Logfile: malware scan.txt
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2016.03.16.06
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 706017
Time Elapsed: 1 hr, 39 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 8
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [30462e5a15843afc8d42089624dea65a],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [30462e5a15843afc8d42089624dea65a],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [30462e5a15843afc8d42089624dea65a],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [30462e5a15843afc8d42089624dea65a],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [30462e5a15843afc8d42089624dea65a],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [30462e5a15843afc8d42089624dea65a],
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-1282322339-1077914492-730929767-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [bfb76b1d95048ea89128ba14e31fbf41],
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB, , [9bdbc6c2702940f66f0a37e87e86f30d],
Registry Values: 7
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype2, 12/15/13 13:54:9, , [9bdbc6c2702940f66f0a37e87e86f30d]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype3, 12/15/13 13:54:9, , [14621573b5e40f27ee8bdb44b450d22e]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype8, 12/15/13 13:54:9, , [d79f47416a2f64d2ea8f53cc58ac2dd3]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype11, 12/15/13 13:54:9, , [5e18c8c0f6a3aa8cbabfeb34de266d93]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype6, 12/15/13 13:54:11, , [87ef1078fc9d7eb82059c758838142be]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype1, 12/15/13 13:54:34, , [71052b5df8a184b293e625fabf45fa06]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1282322339-1077914492-730929767-1001\SOFTWARE\OB|monitype10, 12/15/13 13:54:45, , [80f630589affd75fff7a9788f90b7a86]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 12
PUP.Optional.FreeFileConverter, F:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe, , [2d495038277284b29876b421b05401ff],
PUP.Optional.BestToolBars, F:\Program Files (x86)\Coupon Waterfall\FrameworkBHO.dll, , [52247810a0f9eb4bcc3e0173e31ed42c],
PUP.Optional.BestToolBars, F:\Program Files (x86)\Coupon Waterfall\FrameworkBHO64.dll, , [acca295f4c4d36009a7098dc4bb631cf],
PUP.Optional.BestToolBars, F:\Program Files (x86)\Coupon Waterfall\FrameworkEngine.exe, , [b0c640489bfeac8aac5e284c3cc57c84],
PUP.Optional.MyPCBackup, F:\Program Files (x86)\OLBPre\uninst.exe, , [f581dcacb2e781b5d9e5cc31996b926e],
PUP.Optional.APNToolBar, F:\Users\Owner\Documents\OffercastInstaller_AVR_U-0090-01-P_.exe, , [3e3884041287360099c8eb554eb336ca],
PUP.Optional.Conduit, F:\Users\Owner\Downloads\Lexmark_Universal_v2_UD1_Win_64_PCL_XL_emul.exe, , [0b6b98f01c7dca6c6de3da67ec15d828],
PUP.Optional.WinZipMalwareProtector, F:\Users\Owner\Downloads\wzmp_8.exe, , [6214a1e7a4f5191daf6eb6577f8331cf],
PUP.Optional.WebBar, F:\Program Files\WebBar\2.0.5207.21617\wb.exe, , [ff779cec96031521877c0ee450b146ba],
PUP.Optional.Conduit, F:\TEMP\embededstub_new2.exe, , [7ff7beca22777eb8952f47c6db27c937],
PUP.Optional.AdvancedSystemProtector, F:\Windows\System32\sasnative64.exe, , [4d291e6a9207eb4b2309dff7778926da],
PUP.Optional.Quiknowledge, F:\Windows\System32\drivers\qknfd.sys, , [e492691fc2d7e254612f0f3630d1a957],
Physical Sectors: 0
(No malicious items detected)
(end)
Do not copy/paste the logs, but attach them to your post.
Sorry, here’s the files
Please do as Asyn asked.
Open the link.
Scroll down to “If you cannot Boot the computer”
Follow those instructions.
Ran FRST, attached is the log.
all the files it said were missing are there. I verified by mounting drive to another system.
OK, now you’ve to wait a bit…
From the Reatogo desktop open a command prompt and type the following
chkdsk c: /r
Once it has completed then try a normal reboot
Thank you, that did it