boot stop at aswrvrt.sys

[REDACTED]

Hello.
I can not boot my pc with Windows Vista and Avast antivirus.
In normal mode does not start, and failsafe mode remains aswrvrt.sys loading the file and restarted ..

Sorry for my poor English.
Thank You.
Greetings.

[Rednose]

Hi tebilon 

I will ask someone with more knowledge that me if he can help you.

Greetz, Red.

[Para-Noid]

Follow the instructions here https://forum.avast.com/index.php?topic=53253.msg451454#msg451454

Post results in this thread. Do not copy/paste.

I have contacted a malware removal specialist. Pleas be patient.

edit: additional

[Rednose]

If it is possible for him to do that ...

I doubted that, so I have send Esssexboy a pm with a link to this topic.

Greetz, Red.

[REDACTED]

Hola tebilon. Bienvenido al foro.

Usa el enlace que dio Para-Noid

https://forum.avast.com/index.php?topic=53253.msg451454#msg451454

pero desplazate hasta donde dice If you cannot  Boot the computer y sigue las instrucciones. Necesitaras otra computadora para crear el CD. Por favor sigue en ingles. Yo estare atento si no entiendes algo. Lo mas seguro recibiras ayuda de essexboy.

********** English**********

Use para-Noid link but scroll down to where it says "If you cannot  Boot the computer". Follow instructions. You will need a funcinal PC to create the CD. Please continue in English. I will be around to help if you do not understand. Essexboy will help you.

[essexboy]

Is it 32 or 64bit Vista.

Do you have access to another computer and a USB stick of about 4GB

[REDACTED]

Hello
It´s 32 bit.
I have access to another computer and a USB stick with 4GB.
Thanks

[essexboy]

Download the following three programmes to your desktop :
 
 
1.  Rufus 
 
For 32bit systems
2.  Windows Vista RC I will PM the link
3. Farbar Recovery Scan Tool  
 
 
Insert the USB stick Then run Rufus
 
Select the ISO file on the desktop via the ISO icon. 
 
Press Start Burn

Then copy FRST to the same USB   
 
   
 
 
 
Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB 
Note: If you are not sure how to do that follow the instructions Here
 
Windows 7 and Vista screenshots 

When you reboot you will  see this.
 Click repair my computer  
 
 
Select your operating system  
 
 
Select Command prompt 
 
 
At the command prompt type the following  :
 
notepad and press Enter. 
The notepad opens. Under File menu select Open. 
Select "Computer" and find your flash drive letter and close the notepad. 
In the command window type e:\frst64.exe  or  e:\frst.exe dependant on system
 and press Enter 
Note: Replace letter e with the drive letter of your flash drive. 
The tool will start to run. 
When the tool opens click Yes to disclaimer. 

Press Scan button. 
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

[REDACTED]

Sorry for not replying yet, but it is still impossible to start the pc. I think it will be a problem with the HD. I had never given problems, but it does not work well.
I'll keep trying and will comment the results.
Thank You.
regards

[REDACTED]

Sorry for not replying yet, but it is still impossible to start the pc. I think it will be a problem with the HD. I had never given problems, but it does not work well.
I'll keep trying and will comment the results.
Thank You.
regards

Will you follow Essexboy instructions and post FRST log ?

[REDACTED]

I finally managed to run the FRST.exe, but was starting to recovey the pc, not the USB.
Here I leave the log.
Thank You.
A greeting.



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015
Ran by SYSTEM on MINWINPC on 06-02-2015 21:08:17
Running from D:\
Platform: WIN_VISTA Service Pack 1 (X86) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is missing.

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4023.92 MB
Available physical RAM: 3393.87 MB
Total Pagefile: 3650.26 MB
Available Pagefile: 3402.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.23 MB

==================== Drives ================================

Drive d: (06 feb 2015) (CDROM) (Total:0.12 GB) (Free:0.12 GB) UDF
Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:0.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 60B4479D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[essexboy]

OK using the recovery console select command prompt as before.

Then type in the following command and press enter :

chkdsk c: /r

On completion try a normal boot

[REDACTED]

OK using the recovery console select command prompt as before.

Then type in the following command and press enter :

chkdsk c: /r

On completion try a normal boot

It may take running chkdsk more than once...reboot each time.

Friendly thought.....if above does not work then "offline" SFC.

May have to run Startup Repair from Console after above too.