BSOD on aswrvrt.sys

Viruses and worms
1

I have a pc that doesn’t boot with BSOD on aswrvrt.sys. I found similar threads (e.g https://forum.avast.com/index.php?topic=120531.0) and tried to follow the procedure but the link for the Windows 7 RC is dead.

2

https://forum.avast.com/index.php?topic=53253.0

Scroll down to “If you cannot Boot the computer” and follow the instructions.

3

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by SYSTEM on REATOGO (05-02-2016 18:50:06)
Running from E:
Platform: Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM.…\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM.…\Run: [Everything] => C:\Program Files\Everything\Everything.exe [602624 2009-03-12] ()
HKLM.…\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [390720 2011-02-01] (Acronis)
HKLM.…\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM.…\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM.…\Run: [vmware-tray.exe] => C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [104088 2012-08-15] (VMware, Inc.)
HKLM.…\Run: [adm_tray.exe] => C:\Program Files\Acronis\DriveMonitor\adm_tray.exe [466784 2011-02-24] ()
HKLM.…\Run: [DFX] => C:\Program Files\DFX\DFX.exe [1131472 2012-10-18] ()
HKLM.…\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM.…\Run: [NSU_agent] => C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM.…\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM.…\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM.…\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM.…\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM.…\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\eugenec.…\Run: [tlbHost] => C:\Program Files\TrueLaunchBar\tlbHost.exe [313720 2011-07-09] (Tordex)
HKU\eugenec.…\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\eugenec.…\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\eugenec.…\Run: [BlazeServoTool] => C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [286720 2010-03-06] (BlazeVideo Company)
HKU\eugenec.…\Run: =>
HKU\eugenec.…\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-17] (Google Inc.)
HKU\eugenec.…\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-18] (Nokia)
HKU\eugenec.…\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\eugenec.…\Run: [BitComet] => C:\Program Files\BitComet\BitComet.exe [12805888 2013-02-19] (www.BitComet.com)
HKU\Maria.…\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKU\Maria.…\Run: [BlazeServoTool] => C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [286720 2010-03-06] (BlazeVideo Company)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [804528 2011-02-01] (Acronis)
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-04] (Andrea Electronics Corporation)
S2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-03-05] (Acronis)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S2 cpextender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [355496 2011-10-18] (Check Point Software Technologies)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.)
S2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357016 2012-08-15] (VMware, Inc.)
S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719512 2012-08-01] (VMware, Inc.)
S2 VMware NAT Service; C:\Windows\system32\vmnat.exe [435864 2012-08-15] (VMware, Inc.)
S2 vmware-converter-agent; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.)
S2 vmware-converter-server; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
S2 vmware-converter-worker; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
S3 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] ()
S3 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-14] (Check Point Software Technologies, Ltd.)
S2 Active@ Disk Monitor; C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 bmdrvr; C:\Windows\System32\drivers\bmdrvr.sys [54992 2013-08-27] (VMware, Inc.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-08-29] (Windows (R) Win 7 DDK provider)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-03-04] (DT Soft Ltd)
S2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-08-01] (VMware, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145152 2012-05-26] (ITE )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [728064 2011-07-14] (Realtek Semiconductor Corporation )
S3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25624 2012-08-15] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2012-08-15] (VMware, Inc.)
S2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2012-08-15] (VMware, Inc.)
S2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-08-15] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-08-01] (VMware, Inc.)
S2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [61848 2012-08-15] (VMware, Inc.)
S3 VNA; C:\Windows\System32\DRIVERS\vna.sys [129304 2011-03-06] (Check Point Software Technologies)
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458776 2013-10-23] (Check Point Software Technologies LTD)
S0 vsock; C:\Windows\System32\drivers\vsock.sys [61296 2012-07-06] (VMware, Inc.)
S2 vstor2-mntapi10-shared; C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys [22768 2011-07-12] (VMware, Inc.)
S2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-08-27] (VMware, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys
S3 vna_ap; system32\DRIVERS\vnaap.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-05 18:49 - 2016-02-05 18:49 - 00000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Some files in TEMP:

C:\Users\eugenec\AppData\Local\Temp\NEventMessages.dll
C:\Users\eugenec\AppData\Local\Temp\NOSEventMessages.dll

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3071.48 MB
Available physical RAM: 2765.45 MB
Total Virtual: 2896.14 MB
Available Virtual: 2831.04 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (Win7x32) (Fixed) (Total:43.82 GB) (Free:13.44 GB) NTFS
Drive e: (PERF USB 2G) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 43.9 GB) (Disk ID: 42680B54)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=43.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

LastRegBack: 2014-01-29 15:15

==================== End of FRST.txt ============================

4

Is there any way to completely remove avast from a boot cd?

I examined all the files on hard disk and most of the files that were updated the last day that the pc was working were avast definitions.