Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System won't load (aswRvrt.sys) [Solved]

Started by dinGospo89 , May 19 2017 03:54 PM

  • This topic is locked This topic is locked

#16
dinGospo89
Posted 21 May 2017 - 09:23 AM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

iv checked the disk and it didnt find anything wrong..

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by SYSTEM (21-05-2017 16:27:47) Run:3
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-06] (AVAST Software s.r.o.) 
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-06] (AVAST Software s.r.o.) 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-06] () 
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-06] (AVAST Software) 
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-06] () 
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-06] () 
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-06] (AVAST Software) 
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-06] () 
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-06] () 
 
*****************
 
HKLM\System\ControlSet001\Services\aswbIDSAgent => key removed successfully
aswbIDSAgent => service removed successfully
HKLM\System\ControlSet001\Services\aswbidsdriver => key removed successfully
aswbidsdriver => service removed successfully
HKLM\System\ControlSet001\Services\aswHwid => key removed successfully
aswHwid => service removed successfully
HKLM\System\ControlSet001\Services\aswKbd => key removed successfully
aswKbd => service removed successfully
HKLM\System\ControlSet001\Services\aswMonFlt => key removed successfully
aswMonFlt => service removed successfully
HKLM\System\ControlSet001\Services\aswRdr => key removed successfully
aswRdr => service removed successfully
HKLM\System\ControlSet001\Services\aswSnx => key removed successfully
aswSnx => service removed successfully
HKLM\System\ControlSet001\Services\aswSP => key removed successfully
aswSP => service removed successfully
HKLM\System\ControlSet001\Services\aswStm => key removed successfully
aswStm => service removed successfully
 
==== End of Fixlog 16:27:48 ====

  • 0

Advertisements

#17
JSntgRvr
Posted 21 May 2017 - 12:54 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

The definition of Error Code 0x0000007B means the Windows lost access to the system partition or boot volume during the startup process. We will need to find out what is missing.
 
Type the following in the edit box on FRST, after "Search:".

bootmgr;winload.exe;BCD

It then should look like:

Search: bootmgr;winload.exe;BCD

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.
 
Please also re-scan with FRST and post its report.


  • 0

#18
dinGospo89
Posted 21 May 2017 - 01:35 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Here is search.txt  

 

 

Farbar Recovery Scan Tool (x64) Version: 14-05-2017

Ran by SYSTEM (21-05-2017 21:27:29)

Running from G:\

Boot Mode: Recovery

================== Search Files: "bootmgr;winload.exe;BCD

" =============

 

C:\Windows\winsxs\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_6.1.7601.17514_none_c5311c6f11729c15\bootmgr

[2010-11-20 19:23][2010-11-20 19:23] 0383786 _____ () 259525CFB422E6AC8E87BC9777B1DF73

C:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winload.exe

[2010-11-20 19:24][2010-11-20 19:24] 0605552 _____ (Microsoft Corporation) E2F68DC7FBD6E0BF031CA3809A739346

 

C:\Windows\winsxs\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_6.1.7600.16385_none_f60cc30a4a2fb068\BCD

[2009-06-10 12:31][2009-06-10 12:31] 0262144 _____ () 603C405372FAE16A89EC9F3B92A1AAE5

C:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe

[2010-11-20 19:24][2010-11-20 19:24] 0605552 _____ (Microsoft Corporation) E2F68DC7FBD6E0BF031CA3809A739346

 

C:\Windows\winsxs\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_6.1.7600.16385_none_313c88fc9e3423aa\BCD

[2009-06-10 12:31][2009-06-10 12:31] 0262144 _____ () 1FE7F25994F3EDDBFA8AAA9D8C56D667

C:\Windows\System32\winload.exe

[2010-11-20 19:24][2010-11-20 19:24] 0605552 _____ (Microsoft Corporation) E2F68DC7FBD6E0BF031CA3809A739346

 

C:\Windows\System32\Boot\winload.exe

[2010-11-20 19:24][2010-11-20 19:24] 0605552 _____ (Microsoft Corporation) E2F68DC7FBD6E0BF031CA3809A739346

C:\Windows\Boot\PCAT\bootmgr

[2010-11-20 19:23][2010-11-20 19:23] 0383786 _____ () 259525CFB422E6AC8E87BC9777B1DF73

 

C:\Windows\Boot\DVD\PCAT\BCD

[2009-06-10 12:31][2009-06-10 12:31] 0262144 _____ () 603C405372FAE16A89EC9F3B92A1AAE5

C:\Windows\Boot\DVD\EFI\BCD

[2009-06-10 12:31][2009-06-10 12:31] 0262144 _____ () 1FE7F25994F3EDDBFA8AAA9D8C56D667

 

X:\Windows\winsxs\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_6.1.7600.16385_none_c30008a71484187b\bootmgr

[2009-07-13 15:11][2009-07-13 17:38] 0383562 _____ () D6AE2D5521DD93AEBC90D411D099FA36

X:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef\winload.exe

[2009-07-13 15:20][2009-07-13 17:43] 0604192 _____ (Microsoft Corporation) 87B2086D7382A42935D55EC69E5E71AB

 

X:\Windows\winsxs\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_6.1.7600.16385_none_f60cc30a4a2fb068\BCD

[2009-07-13 19:13][2009-07-13 19:13] 0262144 _____ () 603C405372FAE16A89EC9F3B92A1AAE5

X:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16385_none_c52d88d1a67ba4c0\winload.exe

[2009-07-13 15:20][2009-07-13 17:43] 0604192 _____ (Microsoft Corporation) 87B2086D7382A42935D55EC69E5E71AB

 

X:\Windows\winsxs\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_6.1.7600.16385_none_313c88fc9e3423aa\BCD

[2009-07-13 19:13][2009-07-13 19:13] 0262144 _____ () 1FE7F25994F3EDDBFA8AAA9D8C56D667

X:\Windows\System32\winload.exe

[2009-07-13 15:20][2009-07-13 17:43] 0604192 _____ (Microsoft Corporation) 87B2086D7382A42935D55EC69E5E71AB

 

X:\Windows\System32\Boot\winload.exe

[2009-07-13 15:20][2009-07-13 17:43] 0604192 _____ (Microsoft Corporation) 87B2086D7382A42935D55EC69E5E71AB

X:\Windows\Boot\PCAT\bootmgr

[2009-07-13 15:11][2009-07-13 17:38] 0383562 _____ () D6AE2D5521DD93AEBC90D411D099FA36

 

X:\Windows\Boot\DVD\PCAT\BCD

[2009-07-13 19:13][2009-07-13 19:13] 0262144 _____ () 603C405372FAE16A89EC9F3B92A1AAE5

X:\Windows\Boot\DVD\EFI\BCD

[2009-07-13 19:13][2009-07-13 19:13] 0262144 _____ () 1FE7F25994F3EDDBFA8AAA9D8C56D667

 

====== End of Search ======


  • 0

#19
dinGospo89
Posted 21 May 2017 - 01:37 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

And here is frst.txt

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017

Ran by SYSTEM on MININT-Q978VP2 (21-05-2017 21:31:16)

Running from G:\

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()

HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [167936 2008-07-06] (PowerISO Computing, Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)

HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3571712 2009-09-22] (Egis Technology Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [MalwareProtectionLive] => C:\Users\Korisnik\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe [1187360 2016-11-11] ()

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)

Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64

Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-09-22]

ShortcutTarget: TornTvDownloader.lnk ->  (No File)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-06] (AVAST Software s.r.o.)

S2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1815800 2009-09-20] (AuthenTec, Inc.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-06] (AVAST Software)

S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-22] (Egis Technology Inc.)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()

S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)

S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time)

S2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

S2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-04-25] (Windscribe Limited)

S2 Update AdvanceElite; "C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe" [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [32256 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-06] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-06] ()

S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-06] (AVAST Software)

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-06] ()

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-06] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-06] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-06] ()

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-06] ()

S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [55296 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)

S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-08-22] (REALiX™)

S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()

S3 Neo_VPN; C:\Windows\System32\DRIVERS\neo_vpn.sys [22784 2016-09-02] (Trust.Zone VPN Project)

S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-20] (The OpenVPN Project)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 22:39 - 2017-05-21 21:31 - 00000000 ____D C:\FRST

2017-05-08 08:38 - 2017-05-08 08:38 - 00019028 _____ C:\Users\Korisnik\Downloads\xxx-return-of-xander-cage-2017-720p.torrent

2017-05-01 10:49 - 2017-05-01 11:12 - 121553339 _____ C:\Users\Korisnik\Downloads\e92fe1a2448e52f99eb723a636a615451487815811-640-360-899-h264.mp4

2017-05-01 09:25 - 2017-05-01 09:25 - 00001075 _____ C:\Users\Public\Desktop\Windscribe.lnk

2017-05-01 09:25 - 2017-05-01 09:25 - 00000000 ____D C:\Users\Korisnik\AppData\Local\Windscribe

2017-05-01 09:23 - 2017-05-01 09:25 - 00000000 ____D C:\Program Files (x86)\Windscribe

2017-05-01 09:23 - 2017-05-01 09:23 - 15105200 _____ (Windscribe ) C:\Users\Korisnik\Downloads\windscribe_windows_1_62_build38.exe

2017-05-01 09:23 - 2017-04-20 18:16 - 00045560 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tapwindscribe0901.sys

2017-04-26 10:24 - 2017-04-06 07:08 - 00399944 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe

2017-04-24 16:46 - 2017-04-26 10:26 - 00000000 ____D C:\Users\Korisnik\AppData\LocalLow\uTorrent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-05-20 12:28 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy

2017-05-20 12:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2017-05-19 20:43 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\System32\config\BCD-Template

2017-05-11 12:27 - 2009-07-13 20:45 - 00006080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-05-11 12:27 - 2009-07-13 20:45 - 00006080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-05-11 12:26 - 2014-08-21 02:03 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\uTorrent

2017-05-11 11:22 - 2016-12-24 13:12 - 00000000 ____D C:\Users\Korisnik\Downloads\PopcornTime

2017-05-08 08:38 - 2016-02-10 07:17 - 00000000 ___SD C:\Users\Korisnik\AppData\LocalLow\Temp

2017-05-01 09:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf

2017-05-01 09:14 - 2016-05-24 02:23 - 00000000 ____D C:\Users\Korisnik\AppData\Local\MalwareProtectionLive

2017-04-26 13:26 - 2014-10-23 13:49 - 00000000 ____D C:\Users\Korisnik\Desktop\2 cd

2017-04-26 10:28 - 2016-07-22 01:54 - 00000000 ____D C:\ProgramData\YTD Video Downloader

2017-04-24 10:05 - 2015-07-01 06:31 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2017-04-24 08:54 - 2016-12-15 08:05 - 00000000 _____ C:\Windows\SysWOW64\last.dump

2017-04-24 08:47 - 2014-09-23 12:59 - 00001012 __RSH C:\ProgramData\ntuser.pol

 

==================== Known DLLs (Whitelisted) =========================

 

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== Association (Whitelisted) =============

 

==================== Restore Points =========================

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=Y:

path                    \bootmgr

description             Windows Boot Manager

locale                  en-us

inherit                 {globalsettings}

default                 {default}

resumeobject            {eb6be27e-288f-11e4-9cad-d2520c9f213e}

displayorder            {default}

toolsdisplayorder       {memdiag}

timeout                 30

 

Windows Boot Loader

-------------------

identifier              {eb6be27c-288f-11e4-9cad-d2520c9f213e}

device                  ramdisk=[C:]\Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\Winre.wim,{eb6be27d-288f-11e4-9cad-d2520c9f213e}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\Winre.wim,{eb6be27d-288f-11e4-9cad-d2520c9f213e}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Windows Boot Loader

-------------------

identifier              {default}

device                  partition=C:

path                    \windows\system32\winload.exe

description             Windows 7

locale                  en-us

inherit                 {bootloadersettings}

osdevice                partition=C:

systemroot              \windows

resumeobject            {eb6be27e-288f-11e4-9cad-d2520c9f213e}

nx                      OptIn

detecthal               Yes

 

Resume from Hibernate

---------------------

identifier              {eb6be27e-288f-11e4-9cad-d2520c9f213e}

device                  partition=C:

path                    \windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-us

inherit                 {resumeloadersettings}

filepath                \hiberfil.sys

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=Y:

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-us

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

Device options

--------------

identifier              {eb6be27d-288f-11e4-9cad-d2520c9f213e}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\eb6be27c-288f-11e4-9cad-d2520c9f213e\boot.sdi

 

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 4060.87 MB

Available physical RAM: 3340.52 MB

Total Virtual: 4059.02 MB

Available Virtual: 3395.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.13 GB) (Free:2.84 GB) NTFS

Drive e: () (Fixed) (Total:29.3 GB) (Free:21.59 GB) NTFS

Drive g: (Repair disc Windows 7 64-bit) (Removable) (Total:7.41 GB) (Free:7.22 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D97CD97C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=45.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29.3 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 7.4 GB) (Disk ID: 00D4BDAB)

Partition 1: (Active) - (Size=7.4 GB) - (Type=07 NTFS)

LastRegBack: 2017-05-08 11:09

==================== End of FRST.txt ============================


  • 0

#20
JSntgRvr
Posted 21 May 2017 - 01:56 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file. Save it in the same location FRST is saved.
Open FRST as you did before and click on the Fix button.
A log will be produced, fixlog.txt. Post it in your next reply
  • 0

#21
dinGospo89
Posted 21 May 2017 - 02:04 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

here is fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017

Ran by SYSTEM (21-05-2017 22:02:53) Run:4

Running from G:\

Boot Mode: Recovery

==============================================

 

fixlist content:

*****************

CMD: BCDEDIT /Store C:\Windows\System32\config\BCD-Template

CMD: Dir /a Y:\

CMD: IF Exists Y:\Boot Dir /a Y:\boot\

*****************

 

========= BCDEDIT /Store C:\Windows\System32\config\BCD-Template =========

 

Windows Setup

-------------

identifier              {7254a080-1510-4e85-ac0f-e7fb3d444736}

locale                  en-US

inherit                 {bootloadersettings}

systemroot              \windows

nx                      OptOut

detecthal               Yes

winpe                   Yes

Windows Setup

-------------

identifier              {default}

locale                  en-US

inherit                 {bootloadersettings}

systemroot              \windows

nx                      OptOut

detecthal               Yes

winpe                   Yes

Resume from Hibernate

---------------------

identifier              {0c334284-9a41-4de1-99b3-a7e87e8ff07e}

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filepath                \hiberfil.sys

Resume from Hibernate

---------------------

identifier              {98b02a23-0674-4ce7-bdad-e0a15a8ff97b}

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filepath                \hiberfil.sys

Windows Memory Tester

---------------------

identifier              {memdiag}

path                    \boot\memtest.exe

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

========= End of CMD: =========

 

========= Dir /a Y:\ =========

 

Volume in drive Y is System Reserved

Volume Serial Number is D6DC-DE3F

Directory of Y:\

07/21/2016  10:17 AM    <DIR>          $RECYCLE.BIN

05/20/2017  12:24 AM    <DIR>          Boot

11/20/2010  07:23 PM           383,786 bootmgr

08/20/2014  09:32 AM             8,192 BOOTSECT.BAK

08/20/2014  08:34 AM    <DIR>          System Volume Information

               2 File(s)        391,978 bytes

               3 Dir(s)      73,748,480 bytes free

========= End of CMD: =========

 

========= IF Exists Y:\Boot Dir /a Y:\boot\ =========

 

========= End of CMD: =========

 

==== End of Fixlog 22:02:54 ====


  • 0

#22
JSntgRvr
Posted 21 May 2017 - 02:15 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file. Save it in the same location FRST is saved.
Open FRST as you did before and click on the Fix button.
A log will be produced, fixlog.txt. Post it in your next reply

Attempt to boot.
  • 0

#23
dinGospo89
Posted 21 May 2017 - 02:29 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Ok so i'v clicked on fix, shutdown it, i have removed usb, then started it and using f2 change it to boot from HD, boted it and got same error message..  i have read somewhere that it antivirus could be causing this problem, and i had avast on my computer, if it means something to you..

here is fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017

Ran by SYSTEM (21-05-2017 22:21:52) Run:5

Running from G:\

Boot Mode: Recovery

==============================================

 

fixlist content:

*****************

CMD: Dir /a Y:\boot\

CMD: BCDEDIT /DELETE {eb6be27c-288f-11e4-9cad-d2520c9f213e}

*****************

 

========= Dir /a Y:\boot\ =========

Volume in drive Y is System Reserved

Volume Serial Number is D6DC-DE3F

 

Directory of Y:\boot

 

05/20/2017  12:24 AM    <DIR>          .

05/20/2017  12:24 AM    <DIR>          ..

05/21/2017  10:21 PM            28,672 BCD

05/20/2017  12:24 AM            28,672 BCD.Backup.0001

05/21/2017  10:21 PM            25,600 BCD.LOG

08/20/2014  09:32 AM                 0 BCD.LOG1

08/20/2014  09:32 AM                 0 BCD.LOG2

08/20/2014  09:32 AM            65,536 BOOTSTAT.DAT

05/19/2017  08:43 PM    <DIR>          cs-CZ

05/19/2017  08:43 PM    <DIR>          da-DK

05/19/2017  08:43 PM    <DIR>          de-DE

05/19/2017  08:43 PM    <DIR>          el-GR

05/19/2017  08:43 PM    <DIR>          en-US

05/19/2017  08:43 PM    <DIR>          es-ES

05/19/2017  08:43 PM    <DIR>          fi-FI

05/19/2017  08:43 PM    <DIR>          Fonts

05/19/2017  08:43 PM    <DIR>          fr-FR

05/19/2017  08:43 PM    <DIR>          hu-HU

05/19/2017  08:43 PM    <DIR>          it-IT

05/19/2017  08:43 PM    <DIR>          ja-JP

05/19/2017  08:43 PM    <DIR>          ko-KR

11/20/2010  07:24 PM           485,760 memtest.exe

05/19/2017  08:43 PM    <DIR>          nb-NO

05/19/2017  08:43 PM    <DIR>          nl-NL

05/19/2017  08:43 PM    <DIR>          pl-PL

05/19/2017  08:43 PM    <DIR>          pt-BR

05/19/2017  08:43 PM    <DIR>          pt-PT

05/19/2017  08:43 PM    <DIR>          ru-RU

05/19/2017  08:43 PM    <DIR>          sv-SE

05/19/2017  08:43 PM    <DIR>          tr-TR

05/19/2017  08:43 PM    <DIR>          zh-CN

05/19/2017  08:43 PM    <DIR>          zh-HK

05/19/2017  08:43 PM    <DIR>          zh-TW

               7 File(s)        634,240 bytes

              26 Dir(s)      73,748,480 bytes free

 

========= End of CMD: =========

 

========= BCDEDIT /DELETE {eb6be27c-288f-11e4-9cad-d2520c9f213e} =========

The operation completed successfully.

========= End of CMD: =========

 

==== End of Fixlog 22:21:53 ====


  • 0

#24
JSntgRvr
Posted 21 May 2017 - 02:42 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I have removed every AVAST entry I see in the report, as that was the first issue.

Download the enclosed file. Save it in the same location FRST is saved.
Open FRST as you did before and click on the Fix button.
A log will be produced, fixlog.txt. Post it in your next reply

Attempt to boot.
  • 0

#25
dinGospo89
Posted 21 May 2017 - 02:57 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

i got same error..

here is fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by SYSTEM (21-05-2017 22:52:56) Run:6
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-06] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-06] (AVAST Software)
S2 Update AdvanceElite; "C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe" [X]
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-06] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-06] ()
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-06] ()
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-06] ()
CMD: bootrec /fixboot
 
 
*****************
 
HKLM\System\ControlSet001\Services\aswbIDSAgent => key removed successfully
aswbIDSAgent => service removed successfully
HKLM\System\ControlSet001\Services\avast! Antivirus => key removed successfully
avast! Antivirus => service removed successfully
HKLM\System\ControlSet001\Services\Update AdvanceElite => key removed successfully
Update AdvanceElite => service removed successfully
HKLM\System\ControlSet001\Services\aswbidsdriver => key removed successfully
aswbidsdriver => service removed successfully
HKLM\System\ControlSet001\Services\aswHwid => key removed successfully
aswHwid => service removed successfully
HKLM\System\ControlSet001\Services\aswKbd => key removed successfully
aswKbd => service removed successfully
HKLM\System\ControlSet001\Services\aswMonFlt => key removed successfully
aswMonFlt => service removed successfully
HKLM\System\ControlSet001\Services\aswRdr => key removed successfully
aswRdr => service removed successfully
HKLM\System\ControlSet001\Services\aswSnx => key removed successfully
aswSnx => service removed successfully
HKLM\System\ControlSet001\Services\aswSP => key removed successfully
aswSP => service removed successfully
HKLM\System\ControlSet001\Services\aswStm => key removed successfully
aswStm => service removed successfully
 
========= bootrec /fixboot =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 

==== End of Fixlog 22:52:58 ==== 


  • 0

Advertisements

#26
JSntgRvr
Posted 21 May 2017 - 03:17 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Here we go again.

Download the enclosed file. Save it in the same location FRST is saved.
Open FRST as you did before and click on the Fix button.
A log will be produced, fixlog.txt. Post it in your next reply

Attempt to boot.
  • 0

#27
dinGospo89
Posted 21 May 2017 - 03:37 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Same error.. I have to ask is it normal to take this amount of tries to fix this problem or am i first guy that's wasting your time this much?

here is fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by SYSTEM (21-05-2017 23:31:53) Run:7
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
Control:
 
 
*****************
 
 
========= bootrec /FixMbr =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit /set {default} winpe no =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
Control: => Error: No automatic fix found for this entry.
 
==== End of Fixlog 23:31:54 ====

  • 0

#28
JSntgRvr
Posted 21 May 2017 - 03:39 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Sometimes it takes a while.

Boot to the Recovery Console and attempt automatic repairs. It should give you a report.
  • 0

#29
JSntgRvr
Posted 21 May 2017 - 03:50 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I want also to collect a dump of the MBR.

Download the enclosed file. Save it in the same location FRST is saved.
Open FRST as you did before and click on the Fix button.

Another file will be created, MBRDUMP.txt. Attach the file to your reply as it is a hex file.
  • 0

#30
dinGospo89
Posted 21 May 2017 - 04:12 PM

dinGospo89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

i will write recovery problem details in next reply.

Attached Files


  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP