Windows 7 reboots on aswRvrt.sys going into Safe Mode

[dBMan]

We just moved and I plugged in this computer and it booted normally the first time. I went to reboot it, the the Windows logo starts to come up, then magically reboots. If I go into Safe Mode, it gets to aswRvrt.sys for about a second, then it reboots. Unfortunately, none of my Recovery points seem to work. I can get to command prompt, so I ran FRST.exe like was suggested, but the results file is 1.2 megs and I can't paste it or attach it here.  I read a post somewhere else to delete aswRvrt.sys. Instead, I renamed it to aswRvrt-old.sys and tried again. It just rebooted on aswVMM.sys I think instead, and obviously didn't make a difference. I have renamed -old back to aswRvrt.sys and here I am asking for next step suggestions? I see in the logs under white list that it's missing the aswRvrt.sys but I did rename it and put it back AFTER I ran frst.exe.

Suggestions? I'd much prefer not to have to re-install the OS if I don't have to. I can email the frst.txt results to whomever replies?

dB

[essexboy]

Could you upload the FRST to a file sharing site for me to collect

[dBMan]

https://www.dropbox.com/s/pc89nygciyqb4hz/FRST.txt

Thank you!

Devon

[essexboy]

That file is corrupt, so I will disable Avast initially

Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that

[dBMan]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by SYSTEM at 2008-12-31 17:53:45 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-28] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-28] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-28] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-28] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-28] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-28] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] ()
2014-01-07 17:21 - 2014-01-07 17:21 - 00000000 ____D () C:\Users\Dan\AppData\Local\SearchProtect
2014-01-07 17:02 - 2014-01-07 17:02 - 00001071 _____ () C:\Users\Dad\Desktop\OpenDownloaderManager.lnk
2014-01-07 17:02 - 2014-01-07 17:02 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Open Download Manager
2014-01-07 16:56 - 2014-01-07 16:56 - 00000000 _____ () C:\END
2014-01-07 16:55 - 2014-01-07 16:55 - 00295528 _____ (My Company) C:\Users\Dan\Downloads\Setup_ODM.exe
2013-12-28 12:00 - 2013-12-28 12:00 - 00079672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVAST Software
2013-10-22 12:17 - 2013-10-22 12:17 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\AVAST Software
2013-10-22 12:05 - 2013-12-28 12:00 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
C:\Windows\System32\Drivers\aswRvrt.sys
*****************

"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Value deleted successfully.
avast! Antivirus => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswStm => Service deleted successfully.
aswVmm => Service deleted successfully.
C:\Users\Dan\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Dad\Desktop\OpenDownloaderManager.lnk => Moved successfully.
C:\Users\Dad\AppData\Roaming\Open Download Manager => Moved successfully.
C:\END => Moved successfully.
C:\Users\Dan\Downloads\Setup_ODM.exe => Moved successfully.
C:\Windows\System32\Drivers\aswstm.sys => Moved successfully.
C:\Users\Dad\AppData\Roaming\AVAST Software => Moved successfully.
C:\Users\Dan\AppData\Roaming\AVAST Software => Moved successfully.
C:\Users\Public\Desktop\avast! Free Antivirus.lnk => Moved successfully.
C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.

==== End of Fixlog ====

[dBMan]

Rebooted, now it gets to CLASSPNP.SYS driver and then reboots instead for safe mode. Same problem on booting into normal mode.

Devon

[essexboy]

OK so it is not Avast

Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that

[dBMan]

So I see your suggestion restored from backup registry hives. I had tried Last Known Good as well with no luck. I guess that only Current Control Set, so this does a lot more.

Thank you for continuing to help beyond AVAST problem. Am I pretty much at try a restore of the OS since this still doesn't work?

Devon

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by SYSTEM at 2008-12-31 16:30:41 Run:2
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-03-13 07:20

*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

[essexboy]

The other alternative I have left is to remove comodo and see if that is causing the blockage

[thekochs]

The other alternative I have left is to remove comodo and see if that is causing the blockage

Looks like he also had Mcafee prior.....if OP is going to do a O/S re-install perhaps a FIXLST as you suggested with Comodo removed and Mcafee would be worth a try ?

[dBMan]

I cannot get into the OS otherwise, is there an easy way to remove Comodo? Not sure what's involved to make those fixlist.txt files.

Devon

[essexboy]

This will now disable comodo

Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that

[thekochs]

I cannot get into the OS otherwise, is there an easy way to remove Comodo? Not sure what's involved to make those fixlist.txt files.

Devon

Any chance you have imaging software where you did backups offline to a USB HDD of your system ?

Let Essexboy provide you the fixlist for you.
Also, do you have repair CD ?
While you wait for Essexboy read this: http://www.maximumpc.com/article/how-tos/how_repair_faulty_windows_installation_without_reformatting

[dBMan]

Removing Comodo didn't work either. I did the scan as suggested in the link and it found corrupted files but couldn't repair them. So aswRvrt.sys was merely a victim in this whole thing and not the cause. Thank you so much everyone for jumping in and helping. I really appreciate it. Time to reinstall or see if the drive itself is toast.

Devon

[essexboy]

Sorry we could not resolve this