Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System won't load (aswRvrt.sys) [Solved]

Started by dinGospo89 , May 19 2017 03:54 PM

This topic is locked

#1
dinGospo89

Posted 19 May 2017 - 03:54 PM

Member

Member
47 posts

Hello everyone, a week ago my laptop suddenly got me to a blue screen and endlessly recovery loop..

so i started looking for a solution, but week later here i am still with a same problem..

First thing to mention is that i don't have my installation CD bc's i bought used laptop..

I had no other choice except try some other ways that ppl said it might help..

So first i tried typing in Command Prompt

bootrec /fixMBR
bootrec /Fixboot
bootrec /rebuildBCD

that didn't help, then i saw someone said type something like "Boot D:" and cross your fingers.. (i forgot the exact command)

after i did that, i couldn't get to blue screen anymore, this time it was black screen that said:

"windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer..

2. Choose your language settings and then click "Next"

3.Click "Repair your computer"

and below that

File: \windows\system32\drivers\aswRvrt.sys

Status: 0xc0000098

Info: Windows failed to load because a critical system driver is missing, or corrupt.

After i googled "aswRvrt.sys" i ended up at this forum and one old post from 2013,

it's closed but i didn't get to the solution bc's the guy with a same problem found his installation CD and story ended there..

Then i followed the steps that someone with a nickname "BrianDrab" gave to this guy,

he couldn't do these steps and i could but now i don't know what should i do next..

i bought a new laptop 2 days ago but still i would like to try to fix the old one, so pls Help me..

These are the steps i followed, and i'm attaching here FRST.txt File after i did everything..

Step#1 - Create a Bootable USB Drive

1. Please download the following three things to the Desktop of your Working computer.
    a) Rufus
    b) Windows 7 64-Bit RC ISO (I know you mentioned that you had one however I would like to use this one if you don't mind)
    c) Farbar Recovery Scan Tool

2. Insert your USB drive into your working computer. Note: Please ensure that there isn't anything on the USB drive that you need as we will be formatting it.
3. Right-click on rufus-1.4.10.exe and select Run as administrator (I'm assuming your working machine is at least Windows Vista). Answer Yes to Allow if prompted.
4. If you are asked to check for application updates. Just answer No.
5. Please click on the icon as shown below and select the ISO file that you downloaded to your desktop in step#1b.

6. Click the Start button.
7. When it's Done click the Close button.

Step#2 - Copy FRST64 on to the same USB Drive

1. Click the Start Orb in the lower left corner of the screen and click on Computer.
2. Click on the drive letter that represents your USB Drive and then copy the FRST64.exe from your Desktop to this location.


Step#3 - Boot Your Sick Machine with USB Drive

1. Insert the USB Drive into your Sick computer.
2. Ensure the power is off on this computer.
3. Ensure that your system is configured to boot 1st from the USB Drive before your main hard drive. There are variations on how to do this depending on what machine you have
    however a couple links that show the general steps can be found here and here.
4. Once the BIOS is set to boot from the USB Drive, when you boot your machine with the USB Drive plugged in you should get a message asking you to hit any key to boot from the USB.
    Go ahead and do this.
5. The first screen that will appear should be asking for your keyboard layout. Go ahead and click Next.

6. The next screen will attempt to locate your Windows 7 Installation. If it was successful it will be highlighted and you will be able to click Next. Go ahead and do this.

7. You will have several System Recovery Options to choose from. Please click on "Command Prompt".

Step#4 - Generate Needed Logs

1. Please type the word notepad in the black command prompt window and hit Enter on the keyboard.

2. Under the File menu of notepad, please select Open.

3. Double-click on Computer and then identify which driver letter represents your USB drive. It should be the one labeled Repair disc Windows 7 64-bit.

4. Click Cancel on the Open Dialog from notepad and close notepad.

5. In the Command Prompt window, please type F:\FRST64.exe and press enter on the keyboard. Note: Replace F with the Drive Letter you identified in bullet#3.

6. The tool will start to run.

7. If a disclaimer comes up, Please answer Yes.

8. Under the Optional Scan section, please check List BCD.

9. Click the Scan button. It will create a log file named FRST.txt on the USB Drive. It will also open in Notepad when finished. You can simply close Notepad.

10. Please plug the USB Drive into your Good computer and post the contents of this log file.

Items for your next post

1. Contents of the FRST log file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017

Ran by SYSTEM on MININT-IELDCA5 (19-05-2017 22:40:15)

Running from G:\

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()

HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [167936 2008-07-06] (PowerISO Computing, Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-06] (AVAST Software)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)

HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3571712 2009-09-22] (Egis Technology Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [MalwareProtectionLive] => C:\Users\Korisnik\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe [1187360 2016-11-11] ()

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)

HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION

Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64

Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-09-22]

ShortcutTarget: TornTvDownloader.lnk -> (No File)

GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-06] (AVAST Software s.r.o.)

S2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1815800 2009-09-20] (AuthenTec, Inc.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-06] (AVAST Software)

S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-22] (Egis Technology Inc.)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()

S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)

S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time)

S2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

S2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-04-25] (Windscribe Limited)

S2 Update AdvanceElite; "C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [32256 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-06] (AVAST Software s.r.o.)

S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-06] (AVAST Software s.r.o.)

S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-06] (AVAST Software s.r.o.)

S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-06] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-06] ()

S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-06] (AVAST Software)

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-06] ()

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-06] ()

S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-06] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-06] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-06] ()

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-06] ()

S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-06] ()

S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [55296 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)

S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-08-22] (REALiX™)

S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()

S3 Neo_VPN; C:\Windows\System32\DRIVERS\neo_vpn.sys [22784 2016-09-02] (Trust.Zone VPN Project)

S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-20] (The OpenVPN Project)

S1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys [48832 2014-11-06] (StdLib)

S1 {255a824a-3cde-4dee-9785-284605606456}Gw64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys [48832 2014-10-28] (StdLib)

S1 {51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys [48832 2014-11-09] (StdLib)

S1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys [48832 2014-10-27] (StdLib)

S1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys [48832 2014-11-03] (StdLib)

S1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys [48832 2014-10-31] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 22:39 - 2017-05-19 22:40 - 00000000 ____D C:\FRST

2017-05-08 08:38 - 2017-05-08 08:38 - 00019028 _____ C:\Users\Korisnik\Downloads\xxx-return-of-xander-cage-2017-720p.torrent

2017-05-01 10:49 - 2017-05-01 11:12 - 121553339 _____ C:\Users\Korisnik\Downloads\e92fe1a2448e52f99eb723a636a615451487815811-640-360-899-h264.mp4

2017-05-01 09:25 - 2017-05-01 09:25 - 00001075 _____ C:\Users\Public\Desktop\Windscribe.lnk

2017-05-01 09:25 - 2017-05-01 09:25 - 00000000 ____D C:\Users\Korisnik\AppData\Local\Windscribe

2017-05-01 09:23 - 2017-05-01 09:25 - 00000000 ____D C:\Program Files (x86)\Windscribe

2017-05-01 09:23 - 2017-05-01 09:23 - 15105200 _____ (Windscribe ) C:\Users\Korisnik\Downloads\windscribe_windows_1_62_build38.exe

2017-05-01 09:23 - 2017-04-20 18:16 - 00045560 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tapwindscribe0901.sys

2017-04-26 11:59 - 2017-04-26 11:59 - 16558486 _____ C:\~ytA623.tmp.mp4

2017-04-26 11:59 - 2017-04-26 11:59 - 00000102 _____ C:\~ytA624.tmp

2017-04-26 10:24 - 2017-04-06 07:08 - 00399944 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe

2017-04-24 16:46 - 2017-04-26 10:26 - 00000000 ____D C:\Users\Korisnik\AppData\LocalLow\uTorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 20:43 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\System32\config\BCD-Template

2017-05-11 12:27 - 2009-07-13 20:45 - 00006080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-05-11 12:27 - 2009-07-13 20:45 - 00006080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-05-11 12:26 - 2014-08-21 02:03 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\uTorrent

2017-05-11 12:06 - 2015-07-22 06:06 - 00005862 _____ C:\Windows\Tasks\04c29a82-4eb6-4608-b31a-b44c00987862-6.job

2017-05-11 12:06 - 2015-07-22 06:06 - 00005518 _____ C:\Windows\Tasks\04c29a82-4eb6-4608-b31a-b44c00987862-7.job

2017-05-11 12:06 - 2015-07-22 06:06 - 00003474 _____ C:\Windows\Tasks\04c29a82-4eb6-4608-b31a-b44c00987862-1-7.job

2017-05-11 12:06 - 2015-07-22 06:06 - 00003138 _____ C:\Windows\Tasks\04c29a82-4eb6-4608-b31a-b44c00987862-1-6.job

2017-05-11 12:06 - 2015-07-22 06:06 - 00002446 _____ C:\Windows\Tasks\04c29a82-4eb6-4608-b31a-b44c00987862-5.job

2017-05-11 12:05 - 2015-07-22 06:05 - 00004158 _____ C:\Windows\Tasks\04c29a82-4eb6-4608-b31a-b44c00987862-3.job

2017-05-11 12:05 - 2014-10-28 06:05 - 00000304 _____ C:\Windows\Tasks\WSE_Astromenda.job

2017-05-11 12:01 - 2015-07-25 04:00 - 00003138 _____ C:\Windows\Tasks\96376a83-fe11-4e62-9804-cf54613bbc9f-1-6.job

2017-05-11 12:00 - 2015-07-25 04:00 - 00005862 _____ C:\Windows\Tasks\96376a83-fe11-4e62-9804-cf54613bbc9f-6.job

2017-05-11 11:46 - 2015-04-05 10:46 - 00001302 _____ C:\Windows\Tasks\dress4u_notification_service.job

2017-05-11 11:40 - 2014-09-22 10:40 - 00003476 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-6.job

2017-05-11 11:37 - 2014-09-22 10:37 - 00003460 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-6.job

2017-05-11 11:34 - 2015-04-07 12:34 - 00001320 _____ C:\Windows\Tasks\48_dresses_notification_service.job

2017-05-11 11:22 - 2016-12-24 13:12 - 00000000 ____D C:\Users\Korisnik\Downloads\PopcornTime

2017-05-11 10:46 - 2015-04-05 10:46 - 00000664 _____ C:\Windows\Tasks\dress4u_updating_service.job

2017-05-11 10:41 - 2014-09-22 10:41 - 00003820 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-4.job

2017-05-11 10:41 - 2014-09-22 10:41 - 00002792 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-1.job

2017-05-11 10:41 - 2014-09-22 10:41 - 00002452 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-5_user.job

2017-05-11 10:41 - 2014-09-22 10:41 - 00002452 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-5.job

2017-05-11 10:41 - 2014-09-22 10:41 - 00002116 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-2.job

2017-05-11 10:41 - 2014-09-22 10:41 - 00001464 _____ C:\Windows\Tasks\69c8f58c-fdaf-4e2a-9a59-289d13fa556e.job

2017-05-11 10:40 - 2014-09-22 10:40 - 00004502 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-11.job

2017-05-11 10:40 - 2014-09-22 10:40 - 00003820 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-3.job

2017-05-11 10:40 - 2014-09-22 10:40 - 00003476 _____ C:\Windows\Tasks\fb7e468f-f8c4-444e-aeb0-e7e766ef57d2-7.job

2017-05-11 10:40 - 2014-09-22 10:40 - 00000654 _____ C:\Windows\Tasks\299fd0a6-0813-47b4-b994-d0d3d24cb9eb.job

2017-05-11 10:38 - 2014-09-22 10:38 - 00002436 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-5_user.job

2017-05-11 10:38 - 2014-09-22 10:38 - 00002436 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-5.job

2017-05-11 10:38 - 2014-09-22 10:38 - 00001366 _____ C:\Windows\Tasks\53ff5de2-a715-4e4c-9eba-f405027ddf3d.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00004486 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-11.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00003804 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-4.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00003124 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-7.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00003124 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-3.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00002760 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-1.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00002100 _____ C:\Windows\Tasks\6d63f4df-3cff-40c7-9307-58e556d789d4-2.job

2017-05-11 10:37 - 2014-09-22 10:37 - 00000556 _____ C:\Windows\Tasks\6c0922d2-652c-437a-9c8c-a087c3f466e9.job

2017-05-11 10:05 - 2014-09-22 10:37 - 00000998 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2017-05-11 10:01 - 2015-07-25 04:01 - 00002446 _____ C:\Windows\Tasks\96376a83-fe11-4e62-9804-cf54613bbc9f-5.job

2017-05-11 10:00 - 2015-07-25 04:00 - 00005518 _____ C:\Windows\Tasks\96376a83-fe11-4e62-9804-cf54613bbc9f-7.job

2017-05-11 10:00 - 2015-07-25 04:00 - 00004158 _____ C:\Windows\Tasks\96376a83-fe11-4e62-9804-cf54613bbc9f-3.job

2017-05-11 10:00 - 2015-07-25 04:00 - 00003474 _____ C:\Windows\Tasks\96376a83-fe11-4e62-9804-cf54613bbc9f-1-7.job

2017-05-11 08:34 - 2015-04-07 12:34 - 00000682 _____ C:\Windows\Tasks\48_dresses_updating_service.job

2017-05-08 08:38 - 2016-02-10 07:17 - 00000000 ___SD C:\Users\Korisnik\AppData\LocalLow\Temp

2017-05-01 10:06 - 2017-03-01 10:15 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update

2017-05-01 09:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf

2017-05-01 09:14 - 2016-05-24 02:23 - 00000000 ____D C:\Users\Korisnik\AppData\Local\MalwareProtectionLive

2017-05-01 09:14 - 2014-08-20 02:40 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-05-01 09:14 - 2014-08-20 02:39 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-04-26 13:26 - 2014-10-23 13:49 - 00000000 ____D C:\Users\Korisnik\Desktop\2 cd

2017-04-26 10:28 - 2016-07-22 01:54 - 00000000 ____D C:\ProgramData\YTD Video Downloader

2017-04-26 10:26 - 2014-09-22 10:37 - 00000994 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2017-04-26 10:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-04-24 10:05 - 2017-04-06 08:03 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1481817647

2017-04-24 10:05 - 2015-07-01 06:31 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2017-04-24 08:54 - 2016-12-15 08:05 - 00000000 _____ C:\Windows\SysWOW64\last.dump

2017-04-24 08:47 - 2014-09-23 12:59 - 00001012 __RSH C:\ProgramData\ntuser.pol

Some files in TEMP:

====================

2014-09-22 10:38 - 2014-09-22 10:39 - 5601864 _____ () C:\Users\Korisnik\AppData\Local\Temp\BackupSetup.exe

2014-08-28 09:41 - 2014-08-28 09:41 - 5590768 _____ () C:\Users\Korisnik\AppData\Local\Temp\CloudBackup1658.exe

2014-09-16 09:11 - 2014-09-16 09:11 - 5601864 _____ () C:\Users\Korisnik\AppData\Local\Temp\CloudBackup9096.exe

2014-08-29 10:29 - 2004-09-20 02:27 - 0040960 _____ () C:\Users\Korisnik\AppData\Local\Temp\comver.dll

2012-11-20 00:58 - 2012-11-20 00:58 - 0203704 _____ (Conduit) C:\Users\Korisnik\AppData\Local\Temp\dlLogic.exe

2013-12-26 07:41 - 2013-12-26 07:41 - 0067872 _____ () C:\Users\Korisnik\AppData\Local\Temp\dltr.exe

2014-09-30 10:39 - 2014-09-30 13:00 - 0212992 _____ (Sony DADC Austria AG) C:\Users\Korisnik\AppData\Local\Temp\drm_dyndata_7330014.dll

2014-08-26 05:55 - 2014-08-26 05:55 - 0208896 _____ (Sony DADC Austria AG) C:\Users\Korisnik\AppData\Local\Temp\drm_dyndata_7340014.dll

2015-10-29 13:53 - 2015-11-01 03:14 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Korisnik\AppData\Local\Temp\drm_dyndata_7380012.dll

2015-01-25 06:56 - 2015-01-25 06:56 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Korisnik\AppData\Local\Temp\drm_dyndata_7400009.dll

2015-05-15 06:57 - 2015-05-15 06:57 - 0027448 _____ (AVG Technologies) C:\Users\Korisnik\AppData\Local\Temp\DseShExt-x64.dll

2015-05-15 06:57 - 2015-05-15 06:57 - 0030008 _____ (AVG Technologies) C:\Users\Korisnik\AppData\Local\Temp\DseShExt-x86.dll

2014-01-30 19:29 - 2014-01-30 19:29 - 0341120 _____ (Gretech Corporation) C:\Users\Korisnik\AppData\Local\Temp\ExPromo.exe

2013-10-24 06:38 - 2013-10-24 06:38 - 0287520 _____ (Conduit Ltd.) C:\Users\Korisnik\AppData\Local\Temp\GCVerifier.dll

2015-02-09 11:46 - 2016-01-07 13:33 - 1198080 _____ (Gretech Corporation) C:\Users\Korisnik\AppData\Local\Temp\GrLauncherTempSetup.exe

2015-02-13 09:51 - 2015-02-13 09:51 - 0739336 _____ (Installer ) C:\Users\Korisnik\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pro-evolution-soccer-2012.exe

2014-09-29 09:06 - 2014-09-29 09:06 - 0937896 _____ (Oracle Corporation) C:\Users\Korisnik\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

2016-02-01 09:11 - 2016-02-01 09:11 - 1180360 _____ () C:\Users\Korisnik\AppData\Local\Temp\MediaPlayer__11427_il12465.exe

2016-02-01 09:11 - 2016-02-01 09:11 - 0020480 _____ (WorkSrousS) C:\Users\Korisnik\AppData\Local\Temp\msconfig.exe

2013-04-10 06:25 - 2013-04-10 06:25 - 1044048 ____N (CANON INC.) C:\Users\Korisnik\AppData\Local\Temp\MSETUP4.EXE

2014-01-30 19:29 - 2014-01-30 19:29 - 0259584 _____ () C:\Users\Korisnik\AppData\Local\Temp\NSISPromotionEx.dll

2015-03-22 16:26 - 2015-03-21 12:34 - 0198144 _____ (Pay By Ads LTD) C:\Users\Korisnik\AppData\Local\Temp\res.dll

2015-05-15 06:57 - 2015-05-15 06:57 - 0033080 _____ (AVG Technologies) C:\Users\Korisnik\AppData\Local\Temp\SDShelEx-win32.dll

2015-05-15 06:57 - 2015-05-15 06:57 - 0032056 _____ (AVG Technologies) C:\Users\Korisnik\AppData\Local\Temp\SDShelEx-x64.dll

2016-10-30 13:39 - 2016-10-30 13:40 - 50563233 _____ (Popcorn Time ) C:\Users\Korisnik\AppData\Local\Temp\setup_3C05.exe

2014-08-21 16:35 - 2014-08-21 16:35 - 0184320 ____N () C:\Users\Korisnik\AppData\Local\Temp\SRLDetectionLibrary3198479693653989029.dll

2014-09-16 09:16 - 2014-09-16 09:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite.dll

2014-09-16 09:46 - 2014-09-16 09:46 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite11845.dll

2014-09-18 03:16 - 2014-09-18 03:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite18228.dll

2014-09-20 03:09 - 2014-09-20 03:09 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite19270.dll

2014-09-18 09:27 - 2014-09-18 09:27 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite19793.dll

2014-09-18 09:17 - 2014-09-18 09:17 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite20277.dll

2014-09-18 00:06 - 2014-09-18 00:06 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite33020.dll

2014-09-19 09:18 - 2014-09-19 09:18 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite45621.dll

2014-09-17 09:44 - 2014-09-17 09:44 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite46665.dll

2014-09-17 23:57 - 2014-09-17 23:57 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite48637.dll

2014-09-17 09:54 - 2014-09-17 09:54 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite60776.dll

2014-09-19 15:04 - 2014-09-19 15:04 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite68922.dll

2014-09-17 00:31 - 2014-09-17 00:31 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite68998.dll

2014-09-19 15:16 - 2014-09-19 15:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite74919.dll

2014-09-17 03:16 - 2014-09-17 03:16 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite80130.dll

2014-09-20 03:07 - 2014-09-20 03:07 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite95315.dll

2014-09-19 09:28 - 2014-09-19 09:28 - 1053184 _____ (Robert Simpson, et al.) C:\Users\Korisnik\AppData\Local\Temp\System.Data.SQLite99851.dll

2014-11-25 03:28 - 2014-11-25 03:28 - 1389648 _____ (BitTorrent Inc.) C:\Users\Korisnik\AppData\Local\Temp\uttDADE.tmp.exe

2014-08-28 09:41 - 2014-08-28 09:41 - 4961800 _____ (Microsoft Corporation) C:\Users\Korisnik\AppData\Local\Temp\vcredist_x64.exe

2013-12-26 07:41 - 2013-12-26 07:41 - 0143448 _____ () C:\Users\Korisnik\AppData\Local\Temp\verifier.exe

2016-02-09 07:08 - 2016-02-08 22:06 - 0580320 _____ () C:\Users\Korisnik\AppData\Local\Temp\{33E4C5DA-28A8-4DF9-BB7E-45C2299344AB}.dll

2016-07-15 00:41 - 2016-07-15 00:41 - 1065376 _____ (Google Inc.) C:\Users\Korisnik\AppData\Local\Temp\{3E9D5982-1282-4D2B-8CB3-0CFC75A03F9D}-GoogleUpdateSetup.exe

2016-02-17 13:44 - 2016-02-15 07:15 - 0579296 _____ () C:\Users\Korisnik\AppData\Local\Temp\{7CC459E1-7229-4365-BCAC-E5DAC942026E}.dll

2016-02-20 06:15 - 2016-02-15 07:15 - 0579296 _____ () C:\Users\Korisnik\AppData\Local\Temp\{93B25695-D72B-4123-AE8C-B3BCC5E6AF43}.dll

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=Y:

description Windows Boot Manager

locale en-us

inherit {globalsettings}

default {default}

resumeobject {eb6be27e-288f-11e4-9cad-d2520c9f213e}

displayorder {default}

toolsdisplayorder {memdiag}

timeout 30

Windows Boot Loader

-------------------

identifier {eb6be27c-288f-11e4-9cad-d2520c9f213e}

device ramdisk=[C:]\Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\Winre.wim,{eb6be27d-288f-11e4-9cad-d2520c9f213e}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[C:]\Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\Winre.wim,{eb6be27d-288f-11e4-9cad-d2520c9f213e}

systemroot \windows

nx OptIn

winpe Yes

Windows Boot Loader

-------------------

identifier {default}

device partition=C:

path \windows\system32\winload.exe

description Windows 7

locale en-us

inherit {bootloadersettings}

osdevice partition=C:

systemroot \windows

resumeobject {eb6be27e-288f-11e4-9cad-d2520c9f213e}

nx OptIn

detecthal Yes

Resume from Hibernate

---------------------

identifier {eb6be27e-288f-11e4-9cad-d2520c9f213e}

device partition=C:

path \windows\system32\winresume.exe

description Windows Resume Application

locale en-us

inherit {resumeloadersettings}

filepath \hiberfil.sys

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=Y:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-us

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {eb6be27d-288f-11e4-9cad-d2520c9f213e}

description Ramdisk Options

ramdisksdidevice partition=C:

ramdisksdipath \Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 13%

Total physical RAM: 4060.87 MB

Available physical RAM: 3499.84 MB

Total Virtual: 4059.02 MB

Available Virtual: 3490.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.13 GB) (Free:3.18 GB) NTFS

Drive e: () (Fixed) (Total:29.3 GB) (Free:21.59 GB) NTFS

Drive g: (Repair disc Windows 7 64-bit) (Removable) (Total:7.41 GB) (Free:7.22 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D97CD97C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=45.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29.3 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 7.4 GB) (Disk ID: 00D4BDAB)

Partition 1: (Active) - (Size=7.4 GB) - (Type=07 NTFS)

LastRegBack: 2017-05-08 11:09

==================== End of FRST.txt ============================

Attached Files

FRST.txt 27.21KB 714 downloads

Edited by RKinner, 19 May 2017 - 04:35 PM.

#2
JSntgRvr

Posted 19 May 2017 - 07:05 PM

Global Moderator

Global Moderator
11,579 posts

Welcome

Download the enclosed file. Save it in the same location FRST is saved.

Open FRST as you did before and click on the Fix button.

A log will be produced, fixlog.txt. Post it in your next reply

Attempt to boot in Normal Mode and let me know the outcome.

#3
dinGospo89

Posted 20 May 2017 - 04:45 AM

Member

Topic Starter
Member
47 posts

Hi i have done this, and tried to boot it in normal mode,

but after few seconds i see a blue screen with something written on it and it only last like a half a second then my laptop restart.

I cant find a way to attach the file in this comment so i will copy it under..

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017

Ran by SYSTEM (20-05-2017 12:28:29) Run:1

Running from G:\

Boot Mode: Recovery

==============================================

fixlist content:

*****************