aswRvrt.sys (free Ver.)noboot win7X32 on dell vostro1520

Avast Free Antivirus / Premium Security
1

boot critical file is corrupt c:\Windows\System32\Drivers\aswRvrt.sys no joy with safe mode, auto repair, system restore, chkdsk /r
Other comps down (other reasons) so working from W2K machine

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by SYSTEM on MININT-FJ1RVD6 on 18-11-2013 16:58:11
Running from F:
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM.…\Run: [OEM13Mon.exe] - C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM.…\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe ()
HKLM.…\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-29] (AVAST Software)
HKLM.…\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk → C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

========================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2013-03-25] (Absolute Software Corp.)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] ()
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] ()
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
S3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
S3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VGPU; System32\drivers\rdvgkmd.sys
S3 WPRO_41_1879; system32\drivers\WPRO_41_1879.sys

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-18 16:57 - 2013-11-18 16:57 - 00000000 ____D C:\FRST
2013-11-05 13:12 - 2013-11-05 13:12 - 00002012 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-11-05 13:12 - 2013-08-16 11:56 - 00216064 _____ C:\Windows\System32\gcapi_dll.dll
2013-11-05 13:11 - 2013-11-18 08:11 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-31 20:37 - 2013-10-31 20:37 - 05941446 _____ C:\Users\jim\Downloads\collusionData.json
2013-10-21 17:00 - 2013-10-21 17:00 - 00273952 _____ C:\Windows\Minidump\102113-12760-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-18 16:57 - 2013-11-18 16:57 - 00000000 ____D C:\FRST
2013-11-18 08:12 - 2013-10-01 19:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-18 08:12 - 2013-08-27 16:56 - 00000000 ____D C:\Users\jim\AppData\Roaming\vlc
2013-11-18 08:12 - 2013-04-04 11:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 08:12 - 2013-03-25 17:50 - 00000000 ____D C:\Users\jim\AppData\Roaming\IrfanView
2013-11-18 08:12 - 2013-03-25 07:20 - 00000000 ____D C:\users\jim
2013-11-18 08:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-11-18 08:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-11-18 08:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-11-18 08:11 - 2013-11-05 13:11 - 00000000 ____D C:\Program Files\Foxit Software
2013-11-18 08:11 - 2013-04-16 13:19 - 00000000 ____D C:\Users\jim\AppData\Roaming\Foxit Software
2013-11-18 08:11 - 2013-03-25 17:57 - 00000000 ____D C:\Users\jim\AppData\Roaming\JGsoft
2013-11-18 08:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-11-18 08:11 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-18 03:03 - 2011-04-11 18:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-18 03:02 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-11-13 22:34 - 2013-08-14 00:04 - 00000000 ____D C:\Windows\System32\MRT
2013-11-07 22:41 - 2013-03-25 09:03 - 02026668 _____ C:\Windows\WindowsUpdate.log
2013-11-07 22:30 - 2013-03-25 09:00 - 00017408 _____ C:\Windows\System32\rpcnetp.exe
2013-11-05 23:37 - 2013-03-25 18:56 - 00000000 ____D C:\Users\jim\AppData\Local\PasswordSafe
2013-11-05 13:12 - 2013-11-05 13:12 - 00002012 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-11-03 16:00 - 2013-03-25 17:57 - 00000000 ____D C:\Program Files\Password Safe
2013-11-03 08:52 - 2009-07-13 20:34 - 00027168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 08:52 - 2009-07-13 20:34 - 00027168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 21:22 - 2010-11-20 13:01 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-01 21:16 - 2013-07-15 08:28 - 00002072 _____ C:\Windows\setupact.log
2013-11-01 21:16 - 2013-03-25 10:19 - 00069792 _____ (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2013-10-31 20:37 - 2013-10-31 20:37 - 05941446 _____ C:\Users\jim\Downloads\collusionData.json
2013-10-21 17:00 - 2013-10-21 17:00 - 00273952 _____ C:\Windows\Minidump\102113-12760-01.dmp
2013-10-21 17:00 - 2013-08-15 22:19 - 288195863 _____ C:\Windows\MEMORY.DMP
2013-10-21 17:00 - 2013-05-21 19:29 - 00000000 ____D C:\Windows\Minidump

Some content of TEMP:

C:\Users\jim\AppData\Local\Temp\Checkupdate.exe
C:\Users\jim\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\jim\AppData\Local\Temp\Foxit Updater.exe
C:\Users\jim\AppData\Local\Temp\gcapi_dll.dll
C:\Users\jim\AppData\Local\Temp\gtapi_signed.dll
C:\Users\jim\AppData\Local\Temp\vlc-2.0.8-win32.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM.….exe: exefile => OK
HKLM.…\exefile\DefaultIcon: %1 => OK
HKLM.…\exefile\open\command: “%1” %* => OK

==================== Restore Points =========================

4
Restore point made on: 2013-11-04 21:54:48
Restore point made on: 2013-11-07 22:41:55
Restore point made on: 2013-11-13 01:19:09
Restore point made on: 2013-11-13 22:33:44

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3032.89 MB
Available physical RAM: 2623.51 MB
Total Pagefile: 3031.18 MB
Available Pagefile: 2627.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.67 GB) (Free:72.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:135.21 GB) (Free:132.61 GB) NTFS
Drive f: (ITETEKPEN) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 999 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

LastRegBack: 2013-11-10 15:23

==================== End Of Log ============================

2

Hi,

While trying to boot, make sure you use this options. See images below.
http://www.caldigit.com/img/VistaF8.png

Tell me will this fix your problem?

3

Hi Magna

no joy w/loose sigs; straight to auto repair & fails

4

Then we shall try system restore. FRST detects four valid system restore point. We shall use that …

This script shall return your computer on 2013-11-13 at 22:33:44.
All your personal data and programs will be preserved. System Restore is on the level of the system itself, has nothing to do with you.
If you agree continue with script and tell me is this fix your problem?

If none of this does not work, just let me know, and then we shall use some drastic measures in hopes to fix the problem.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


Restore point made on: 2013-11-13 22:33:44

[*] Save it to your USB flashdrive as fixlist.txt
[/list]

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.
Try to boot normaly.

If this fails, we shall try another system restore point created on 2013-11-13 at 01:19:09

Open notepad.
[list]
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


Restore point made on: 2013-11-13 01:19:09

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.
Try to boot normaly.

5

fail on restore points… bring forth the trebuchet

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by SYSTEM at 2013-11-19 18:03:30 Run:1
Running from F:
Boot Mode: Recovery

==============================================

Content of fixlist:

Restore point made on: 2013-11-13 22:33:44

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by SYSTEM at 2013-11-19 18:51:19 Run:2
Running from F:
Boot Mode: Recovery

==============================================

Content of fixlist:

Restore point made on: 2013-11-13 01:19:09

==== End of Fixlog ====

==== End of Fixlog ====

6

@ toddytonite
Please stay with to the end. This FRSTScript shall remove all avast! files, folders and drivers.
In addition FRSTScript will copy a file from Minidump folder (102113-12760-01.dmp) that constitute a report created by Windows that may say what the exact cause of the error.
This dump-report file is created on 2013-10-21 at 17:00. Tell me, is it that time when for the first time this problem occurred?

That dump file should be be savet in root of your flesh (USB) drive. Keep that file for now.
Tell me if this script solved the problem? Also tell me if the file (102113-12760-01.dmp) is saved on your USB device?

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.


Start
CMD: copy /y C:\Windows\Minidump\102113-12760-01.dmp F:\
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-29] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] ()
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] ()
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
C:\Program Files\AVAST Software
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
End

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment, try to boot in normal mode and post me the log please.

7

Hi Magna
With you to the bittersweet end.This began 11/18. Night before I was tired and inattentive. Checked news sites then watched Amazon movie; think Avast updated early on. Next morn first noboot. Will proceed with your hack attack and report back.

8

OK ran your script, was able to reboot and login. Message: System Restore completed successfully. The system has been restored to 11/8/2013 12:41:44AM… Looking at progs, files this seemed so. Shutdown & boot no keyboard, restart and 4X4.
running malwarebytes as I type.

Here’s FRST speak:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by SYSTEM at 2013-11-20 16:10:00 Run:3
Running from F:
Boot Mode: Recovery

==============================================

Content of fixlist:

Start
CMD: copy /y C:\Windows\Minidump\102113-12760-01.dmp F:
HKLM.…\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-29] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] ()
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] ()
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
C:\Program Files\AVAST Software
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
End

========= copy /y C:\Windows\Minidump\102113-12760-01.dmp F:\ =========

    1 file(s) copied.

========= End of CMD: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avast => Value deleted successfully.
avast! Antivirus => Service deleted successfully.
aswFsBlk => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswTdi => Service deleted successfully.
aswVmm => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
C:\Windows\System32\Drivers\aswFsBlk.sys => Moved successfully.
C:\Windows\system32\drivers\aswMonFlt.sys => Moved successfully.
C:\Windows\System32\Drivers\aswrdr2.sys => Moved successfully.
C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.
C:\Windows\System32\Drivers\aswSnx.sys => Moved successfully.
C:\Windows\System32\Drivers\aswSP.sys => Moved successfully.
C:\Windows\System32\Drivers\aswTdi.sys => Moved successfully.
C:\Windows\System32\Drivers\aswVmm.sys => Moved successfully.

==== End of Fixlog ====

So mimidump 102113-12760-01.dmp on USB stick, running malwarebytes quick scan says Ok, lots of files in FRST \quarantine.

Many thanks for your assistance. Comments and further suggestions welcome, particularly how to get Avast Ver ? safely working.

9

Ok, run FRST from normal mode ( yes, this tool may work from norma/safe mode too :slight_smile: ) and post me fresh created FRST.txt log.
If log is too long then you may use ‘Attachments and other options’ for attaching logs.

Although the problem is solved, I’ll see if I can get a copy of the minidump folder. In this way, avast guys can examine what exactly caused the error.
I will also see to contact someone from support to take a look at this case. But for now, please post here fresh FRST.txt report.

10

“Ok, run FRST from normal mode ( yes, this tool may work from norma/safe mode too :slight_smile: ) and post me fresh created FRST.txt log.
If log is too long then you may use ‘Attachments and other options’ for attaching logs.”

data dump #1
fixlog.txt
Addition.txt

11

data dump #2

bootfailure.txt
SrtTrail.txt
disklayout.txt
Let me know if you want minidump here

12

Hi toddytonite,

I’ve contacted avast team and I hope that someone will soon respond you in this topic.

FYI: All avast files are now located in C:\FRST[b]Quarantine[/b] folder. Do NOT delete this folder yet as it contains avast related files, hives …etc

I shall not interfere anymore here as my job here is done. But I will continue to monitor this topic.

I’m glad that the problem is solved, I hope avast tim will be able to find the cause of the problem.

All the best toddy :wink:

13

So appreciative of your efforts, concise instructions, guidance and obviously, the results. Hvala lijepa Magna.

14

I drugi put. :smiley: