Author Topic: WinXP Pro freezes on boot in normal and Safe Mode - stops at aswRvrt.sys...?  (Read 30711 times)

0 Members and 1 Guest are viewing this topic.

Darkstrike

  • Guest
Will do, but before I run that scan tool, should I try uninstalling Avast first?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Yes do that, but this appears to be an intermittent type problem.  So at some stage you may need to run chkdsk   

Darkstrike

  • Guest
I'd already hit start on OTL before I thought of removing Avast first, so I ran the scan now WITHOUT having removed Avast first. Logs are attached below. I've got to head to work in 30 mins though, so after that I won't be back to try anything else until after 4pm my time (8pm your time)

thekochs

  • Guest
Yes do that, but this appears to be an intermittent type problem.  So at some stage you may need to run chkdsk

The Avast uninstall runs in safe mode as stated.
Try the regular uninstaller and then also Rejzor's util which runs in Normal windows mode.
http://rejzor.wordpress.com/avast-cleanup-tool/
Is the D&C directory corrupt ?.....you did copy Mom's data files off to USB HDD ?
Also, you really need to get an "image" of the machine for two reasons.
1) If this intermittent problem is a hardware issue (eg, eroding HDD) then having an issue to restore to new HDD is needed.
2) You can always mount the image and get files/items you may have missed.
I use Macrium....is it Free and simple....free version does full backup.  You can create boot rescue CD to restore.
Of course once you install I'm sure it will require a re-boot.
http://www.macrium.com/reflectfree.aspx

I agree with Essexboy that a CHKDSK repair is in order.
Keep having him step you thru it......glad to see progress. :)
« Last Edit: January 26, 2014, 05:11:45 PM by thekochs »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
OK you have one errant driver and the registry entry for WMI is totally missing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (advy9go8)

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi]
"Description"="Provides systems management information to and from drivers."
"DisplayName"="Windows Management Instrumentation Driver Extensions"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceMain"="WdmWmiServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Darkstrike

  • Guest
Try the regular uninstaller and then also Rejzor's util which runs in Normal windows mode.
http://rejzor.wordpress.com/avast-cleanup-tool/
Is the D&C directory corrupt ?.....you did copy Mom's data files off to USB HDD ?

@TheKochs: I've tried the Avast uninstaller and literally nothing happens, it brings up the window, I hit Uninstall and it takes me back to desktop with Avast still in the Add/Remove Programs list...might have to just use Rejzor's tool anyway!

Mom's data files are somehow actually here and not corrupt....I may have made a mistake in that regard; her user profile folder IS labelled "name" but all her data is still in it. Maybe it WAS called that before, and I'm not remembering - I don't use her machine very often other than to fix it!

I will back her data up to my USB HDD adapter for now, yes.

I've not heard of Macrium, but I'll have to check into it. I'd need to get a larger backup drive first though, as I don't have one big enough for a full image of her C:/ drive, let along the C:/ drive on my machine!

@Essexboy: I'll try that and let you know....here's hoping it will actually restart normally this time! BUT, before I try it, should I run Rejzor's Avast uninstall tool BEFORE I run OTL considering the usual Add/Remove Programs Uninstaller for Avast isn't working...?
« Last Edit: January 26, 2014, 09:29:26 PM by Darkstrike »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Yes try Rejzors tool

Darkstrike

  • Guest
Ok, ran Rejzor's tool, then ran OTL with your script. On restart, I was greeted with a black screen just after POST with nothing on it. I thought "ok, very odd", but let it sit at this screen for quite awhile to see if anything would happen.

I now have a:
"Windows could not start because the following file is missing or corrupt:
system32\DRIVERS\pci.sys

error.

Darkstrike

  • Guest
New symptom, once again a black screen after POST. If I let it sit and wait about 5 or 6 minutes, it comes up to a

"Windows could not start because the following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM"


error....maybe I DO need to run a CHKDSK...can I run one from Reatogo, or does it have to be from a Recovery Disk?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Can you get to the safe mode menu, select command prompt and run :

chkdsk /r

Darkstrike

  • Guest
Restarted, must've missed pressing F8 in time to select Safe Mode, but Windows booted normally this time and I was greeted with the dialog asking OTL to run and nothing else but the cursor and background wallpaper. I hit yes. After about 30 seconds, I was given a log file from OTL and the desktop/everything else loaded normally...was that part of your script?

Log file contents attached below...?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Yes if OTL has a lot of junk to remove it will complete it at logon and delay the start until it is completed

Total Files Cleaned = 920.00 mb

There is something wrong .. Possibly with the HDD can you run a chkdsk on it

thekochs

  • Guest
Can you get to the safe mode menu, select command prompt and run :

chkdsk /r

Think he needs to run this too........seems like there is something else going on too.
Also, doesn't he need to run CHKDSK {driveletter with Windows install} /R ?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Only if run from the command prompt, as he is in windows he can now schedule one normally http://www.computerstepbystep.com/chkdsk_windows_xp.html

Darkstrike

  • Guest
Scheduled using the Command Prompt, restarting and attempting scan...will report back with results...or otherwise.