Author Topic: Windows Wont start - Aswrvrt.sys (Read 1927 times)

REDACTED · « **on:** December 03, 2015, 07:45:51 PM »

Hi here is my log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by SYSTEM on MINWINPC (03-12-2015 12:55:57)
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-24] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-24] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\Administr@dor\...\Run: [Google Update] => C:\Users\Administr@dor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)
HKU\Administr@dor\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Familia\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\Familia\...\Run: [Google Update] => C:\Users\Familia\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-21] (Google Inc.)
HKU\Rajel\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
Startup: C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-07-27]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
S2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1604880 2012-02-13] (Blue Coat Systems, Inc.)
S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG)
S2 INETLOCKSVC; C:\Program Files\Internet Lock\ILSvc.exe [143360 2012-06-05] (TopLang Software)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2012-07-31] ()
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
S2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-04] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-04] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-04] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-04] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-04] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-04] ()
S1 bckd; C:\Windows\System32\drivers\bckd.sys [87312 2012-02-13] (Blue Coat Systems, Inc.)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2010-11-20] ()
S2 INETLOCK; C:\Windows\System32\drivers\Inetlock.sys [17659 2013-07-09] ()
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] ()
S3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [42496 2010-11-20] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 12:36 - 2015-12-03 12:55 - 00000000 ____D C:\FRST
2015-12-03 12:12 - 2015-12-03 12:12 - 00000000 __SHD C:\found.002
2015-12-03 11:18 - 2015-12-03 11:18 - 00000000 ____D C:\Temp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 12:36 - 2012-08-01 16:29 - 00000000 ____D C:\users\Rajel
2015-12-03 11:44 - 2009-07-14 00:11 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2015-12-03 11:43 - 2009-07-14 00:26 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\msimtf.dll
2015-12-03 11:42 - 2009-07-14 00:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\shfolder.dll
2015-12-03 11:42 - 2009-07-14 00:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2015-12-03 11:42 - 2009-07-14 00:11 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll
2015-12-03 11:42 - 2009-07-14 00:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-12-03 11:42 - 2009-07-14 00:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-12-03 11:41 - 2009-07-14 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\wshqos.dll
2015-12-03 11:41 - 2009-07-14 00:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\ntmarta.dll
2015-12-03 11:41 - 2009-07-14 00:33 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\security.dll
2015-12-03 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2015-12-03 11:40 - 2009-07-14 00:12 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\profapi.dll
2015-12-03 11:40 - 2009-07-14 00:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2015-12-03 11:39 - 2009-07-14 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-12-03 11:39 - 2009-07-14 00:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\msidle.dll
2015-12-03 11:34 - 2009-07-14 01:19 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\wmi.dll
2015-12-03 11:34 - 2009-07-14 00:37 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\samlib.dll
2015-12-03 11:34 - 2009-07-14 00:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc.dll
2015-12-03 11:34 - 2009-07-14 00:11 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\csrss.exe
2015-12-03 11:33 - 2009-07-14 00:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\netmsg.dll
2015-12-03 11:33 - 2009-07-14 00:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\psapi.dll
2015-12-03 11:09 - 2015-06-03 01:32 - 00000000 ____D C:\users\TEMP
2015-12-03 11:09 - 2014-03-21 03:02 - 00000000 ____D C:\Users\Rajel\Desktop\RAJEL
2015-12-03 11:09 - 2013-04-15 00:28 - 00000000 ____D C:\Users\Rajel\AppData\Roaming\Thinstall
2015-12-03 11:09 - 2012-08-22 00:55 - 00000000 ____D C:\Users\Rajel\AppData\LocalLow\Sun
2015-12-03 11:09 - 2012-08-20 20:41 - 00000000 ____D C:\Users\Rajel\AppData\Roaming\Adobe
2015-12-03 11:09 - 2012-08-17 02:42 - 00000000 ____D C:\Users\Rajel\AppData\Local\Microsoft Games
2015-12-03 11:09 - 2012-08-01 16:29 - 00000000 ____D C:\Users\Rajel\AppData\Local\VirtualStore
2015-12-03 11:09 - 2012-07-31 16:44 - 00000000 ____D C:\users\Familia
2015-12-03 11:09 - 2012-07-30 15:11 - 00000000 ____D C:\users\Administr@dor
2015-12-03 11:09 - 2012-02-01 11:34 - 00000000 ___RD C:\Users\Rajel\Desktop\DX ball
2015-12-03 11:09 - 2011-04-12 02:39 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-03 11:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2015-12-03 11:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows

Some files in TEMP:
====================
C:\Users\Administr@dor\AppData\Local\Temp\ose00000.exe
C:\Users\Familia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3dbqsm.dll
C:\Users\Familia\AppData\Local\Temp\GURD567.exe
C:\Users\Rajel\AppData\Local\Temp\bsnxhh3c.dll


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2014-10-28 04:50
Restore point date: 2014-11-25 06:06
Restore point date: 2014-12-10 22:09
Restore point date: 2015-01-25 07:08
Restore point date: 2015-03-15 08:43
Restore point date: 2015-04-14 23:45
Restore point date: 2015-05-27 04:11

==================== BCD ================================

Administrador de arranque de Windows
----------------------------------
Identificador           {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  es-ES
default                 {default}
displayorder            {default}
timeout                 30

Cargador de arranque de Windows
-----------------------------
Identificador           {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Ultimate
locale                  es-ES
osdevice                partition=C:
systemroot              \Windows

Cargador de arranque de Windows
-----------------------------
Identificador           {ab1a2d80-99af-11e5-a6ea-e59585ccd9c7}
device                  ramdisk=[C:]\Recovery\b7e82b45-da1c-11e1-95a4-99b6bc05c6c1\Winre.wim,{ab1a2d81-99af-11e5-a6ea-e59585ccd9c7}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recuperado) 
locale                  
osdevice                ramdisk=[C:]\Recovery\b7e82b45-da1c-11e1-95a4-99b6bc05c6c1\Winre.wim,{ab1a2d81-99af-11e5-a6ea-e59585ccd9c7}
systemroot              \windows
winpe                   Yes

Herramienta de comprobaci¢n de memoria de Windows
-------------------------------------------------
Identificador           {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  es-ES

Opciones de dispositivo
-----------------------
Identificador           {ab1a2d81-99af-11e5-a6ea-e59585ccd9c7}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\b7e82b45-da1c-11e1-95a4-99b6bc05c6c1\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 2037.49 MB
Available physical RAM: 1475.05 MB
Total Virtual: 2037.49 MB
Available Virtual: 1484.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:67.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (W7T_V2) (CDROM) (Total:4.21 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.72 GB) (Free:3.56 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.02 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: EF92EF92)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 183E2938)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)


LastRegBack: 2015-05-27 04:08

==================== End of FRST.txt ============================

Hope you can help.

Thank You

essexboy · « **Reply #1 on:** December 03, 2015, 08:17:41 PM »

Download the attached fixlist to the same location as FRST
Star FRST as before and press fix

On completion try a normal boot

Author Topic: Windows Wont start - Aswrvrt.sys (Read 1927 times)

REDACTED

Windows Wont start - Aswrvrt.sys

essexboy

Re: Windows Wont start - Aswrvrt.sys