XP not booting, even in safe mode, and hangs on aswrvrt.sys

I followed the instructions found here and have included FRST.txt. Please help.

Do you have the XP recovery console installed ?

If so start the recovery console and at the command prompt type the following and then try a reboot :@

chkdsk c: /r

Unfortunately, I didn’t install the revery console and my XP install disc isn’t offering me the option. I haven’t used Reatogo before, so is there a way to run recovery console through there?

We cqan try

From Reatogo open a command prompt and type in the following then press enter :

chkdsk c: /r

Ran it, and it fixed several issues. THANKS! I ran FRST after and I have attached the output file.

You may have a partial installation of the Blackbeard Trojan

Initially I will try a restore point before I attempt to fix the file

Download the attached fixlist.txt to the same location as FRST
Run FRST and press FIX
Once completed then try a normal boot

SWEET! It started! Thankyouthankyouthankyouthankyou!

Should I run a full system scan, or will a quick scan be sufficient?

Run a quick scan with Avast

Then I will take a look see with OTL

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Done and done. Thank you again. Whatever they’re paying you, it’s not enough.

Looks good, the restore replaced the forged file with a good copy :slight_smile:

All well now ?

Everything is good! Thanks a million!

Run OTL and press the cleanup button to remove it and its associated files :slight_smile: