Hi,
two days ago, I turn off my notebook normally, but today, it won't start and when trying to boot into safe mode, it stuck on aswRvrt.sys.
I was searching for solution and find out, in every case it's a bit different.
Cause I can't attach file (can't find, how to do that) here is paste of it:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by SYSTEM on MININT-TH946GA on 08-07-2014 22:52:21
Running from E:\
Platform: Windows 7 Ultimate (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2013-02-08] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2013-02-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2013-02-08] (Realtek Semiconductor)
HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => No File
==================== Services (Whitelisted) =================
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-14] (AVAST Software)
S2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
S2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
==================== Drivers (Whitelisted) ====================
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-14] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-14] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-14] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-14] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-14] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-08 21:57 - 2014-07-08 22:52 - 00000000 ____D () C:\FRST
2014-06-14 08:44 - 2014-07-05 13:04 - 00002700 _____ () C:\Windows\setupact.log
2014-06-14 08:44 - 2014-06-14 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-14 08:43 - 2014-06-14 08:43 - 00000996 _____ () C:\Windows\PFRO.log
2014-06-14 08:20 - 2014-06-14 08:53 - 00016162 _____ () C:\Windows\IE11_main.log
2014-06-14 08:12 - 2014-06-14 08:12 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-14 08:12 - 2014-06-14 08:12 - 00000000 ____D () C:\Users\cifr\AppData\Roaming\AVAST Software
2014-06-14 08:11 - 2014-07-04 07:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-14 08:11 - 2014-06-14 08:11 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys.1402729919210
2014-06-14 08:11 - 2014-06-14 08:11 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys.1402729919210
2014-06-14 08:11 - 2014-06-14 08:11 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-06-14 08:11 - 2014-06-14 08:11 - 00208416 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00085328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-14 08:11 - 2014-06-14 08:11 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-06-14 08:10 - 2014-06-14 08:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-14 08:09 - 2014-06-14 08:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-14 08:05 - 2014-06-14 08:05 - 94714880 _____ (AVAST Software) C:\Users\cifr\Downloads\avast_free_antivirus_setup.exe
==================== One Month Modified Files and Folders =======
2014-07-08 22:52 - 2014-07-08 21:57 - 00000000 ____D () C:\FRST
2014-07-08 22:44 - 2014-06-06 11:38 - 00000000 ____D () C:\STEREO22
2014-07-08 22:44 - 2013-02-07 20:27 - 00000000 ____D () C:\users\cifr
2014-07-08 22:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-07-06 11:38 - 2013-02-07 22:55 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 11:38 - 2013-02-07 22:55 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 11:37 - 2013-02-09 08:10 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 11:37 - 2013-02-08 19:22 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-07-06 11:37 - 2013-02-07 20:11 - 01638334 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 16:38 - 2013-02-10 13:33 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-07-05 13:13 - 2009-07-14 05:45 - 00020704 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 13:13 - 2009-07-14 05:45 - 00020704 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 13:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 13:04 - 2014-06-14 08:44 - 00002700 _____ () C:\Windows\setupact.log
2014-07-04 07:35 - 2014-06-14 08:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-24 15:53 - 2009-07-14 16:18 - 00669132 _____ () C:\Windows\System32\perfh005.dat
2014-06-24 15:53 - 2009-07-14 16:18 - 00141760 _____ () C:\Windows\System32\perfc005.dat
2014-06-24 15:53 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-23 08:50 - 2013-02-07 22:55 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 08:50 - 2013-02-07 22:55 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 13:56 - 2014-06-06 11:07 - 00000000 ____D () C:\UCTO2014
2014-06-14 13:56 - 2013-02-07 20:28 - 00000000 ____D () C:\Users\cifr\AppData\Local\VirtualStore
2014-06-14 13:52 - 2013-02-07 22:58 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-14 08:53 - 2014-06-14 08:20 - 00016162 _____ () C:\Windows\IE11_main.log
2014-06-14 08:44 - 2014-06-14 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-14 08:43 - 2014-06-14 08:43 - 00000996 _____ () C:\Windows\PFRO.log
2014-06-14 08:26 - 2014-04-16 12:43 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-14 08:23 - 2013-02-07 21:57 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-14 08:20 - 2013-02-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 08:12 - 2014-06-14 08:12 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-14 08:12 - 2014-06-14 08:12 - 00000000 ____D () C:\Users\cifr\AppData\Roaming\AVAST Software
2014-06-14 08:11 - 2014-06-14 08:11 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys.1402729919210
2014-06-14 08:11 - 2014-06-14 08:11 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys.1402729919210
2014-06-14 08:11 - 2014-06-14 08:11 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-06-14 08:11 - 2014-06-14 08:11 - 00208416 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00085328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-06-14 08:11 - 2014-06-14 08:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-14 08:11 - 2014-06-14 08:11 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-06-14 08:10 - 2014-06-14 08:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-14 08:09 - 2014-06-14 08:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-14 08:05 - 2014-06-14 08:05 - 94714880 _____ (AVAST Software) C:\Users\cifr\Downloads\avast_free_antivirus_setup.exe
2014-06-14 07:59 - 2013-02-08 19:47 - 00000000 ____D () C:\ProgramData\MFAData
Some content of TEMP:
====================
C:\Users\cifr\AppData\Local\Temp\gixpefdq.dll
C:\Users\cifr\AppData\Local\Temp\UNINSTALL.EXE
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-07-06 11:38:32
Restore point made on: 2014-07-06 18:05:52
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 3766.69 MB
Available physical RAM: 3209.96 MB
Total Pagefile: 3764.84 MB
Available Pagefile: 3192.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:70.03 GB) (Free:32.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (KINGSTON) (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 73 GB) (Disk ID: D0888870)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
========================================================
Disk: 1 (Size: 245 MB) (Disk ID: CE3465A5)
Partition 1: (Active) - (Size=245 MB) - (Type=0B)
LastRegBack: 2014-06-29 18:29
==================== End Of Log ============================