If I try to boot into Windows normally, it gets to the “Starting Windows” screen and hangs. If I attempt Safe Mode, it hangs when attempting to load the aswRvrt.sys. Downloaded farbar recovery scan tool x64 like was detailed in another thread. Here are the results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by SYSTEM on MININT-KDNTFMQ on 16-07-2015 09:11:34 Running from f:\ Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: RecoveryThe current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM.…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM.…\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)
HKLM.…\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32.…\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32.…\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-12] (Intel Corporation)
HKLM-x32.…\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-15] (Advanced Micro Devices, Inc.)
HKLM-x32.…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)
HKLM.…\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-05-25] (Microsoft Corporation)
HKU\dougc.…\Run: [Starfield Updater] => C:\Users\dougc\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-09-29] (Starfield Technologies)
HKU\dougc.…\Run: [wben] => C:\Users\dougc\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\dougc.…\Run: [Workspace Status] => C:\Users\dougc\AppData\Local\Workspace\WorkspaceStatus.exe [694760 2014-09-29] (Starfield Technologies)
Startup: C:\Users\doug.BAREFOOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2015-02-10]
ShortcutTarget: Trillian.lnk → C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2014-05-21]
ShortcutTarget: Trillian.lnk → C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-29] (Avast Software)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-09] (Microsoft Corporation)
S2 tcsd_win32.exe; “C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe”==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()
S0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [406784 2014-04-09] (Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-25] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-28] (Realtek Semiconductor Corp.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-29] (Avast Software)==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 09:11 - 2015-07-16 09:11 - 00000000 ____D C:\FRST
2015-07-15 06:07 - 2015-07-15 06:08 - 00000000 ____D C:\Users\doug.BAREFOOT\AppData\OICE_15_974FA576_32C1D314_38AA
2015-07-15 06:07 - 2015-07-15 06:07 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST—ASAP— PREFER BY 8-8 (4).xlsx
2015-07-15 05:22 - 2015-07-15 05:22 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST—ASAP— PREFER BY 8-8 (3).xlsx
2015-07-14 05:38 - 2015-07-14 05:38 - 00001157 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-14.csv
2015-07-13 05:57 - 2015-07-13 05:57 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-13 05:57 - 2015-07-13 05:57 - 00000000 ____D C:\Windows\System32\vbox
2015-07-13 05:54 - 2015-07-13 05:54 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2015-07-10 07:53 - 2015-07-15 06:07 - 00010514 _____ C:\Users\doug.BAREFOOT\Desktop\2015mailinglistaddons.xlsx
2015-07-10 07:27 - 2015-07-10 07:27 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST—ASAP— PREFER BY 8-8 (2).xlsx
2015-07-10 07:27 - 2015-07-10 07:27 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST—ASAP— PREFER BY 8-8 (1).xlsx
2015-07-10 07:27 - 2015-07-10 07:27 - 00000000 ___D C:\Users\doug.BAREFOOT\AppData\OICE_15_974FA576_32C1D314_F2D
2015-07-10 06:08 - 2015-07-10 06:08 - 11855872 _____ C:\Users\doug.BAREFOOT\Downloads\mitch goes boom (1).avi
2015-07-10 05:09 - 2015-07-10 05:09 - 00011106 _____ C:\Users\doug.BAREFOOT\Downloads\Booth Descriptions 2015.xlsx
2015-07-09 07:51 - 2015-07-09 07:51 - 00156583 _____ C:\Users\doug.BAREFOOT\Downloads\FIRST MAIL DROP LIST—ASAP— PREFER BY 8-8.xlsx
2015-07-09 06:40 - 2015-07-09 06:40 - 00007321 _____ C:\Users\doug.BAREFOOT\Downloads\part2.05060103.05000506@barefootathletics.com
2015-07-09 06:40 - 2015-07-09 06:40 - 00007321 _____ C:\Users\doug.BAREFOOT\Downloads\part2.05060103.05000506@barefootathletics (1).com
2015-07-09 04:54 - 2015-07-09 04:54 - 00005838 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-09.csv
2015-07-08 04:46 - 2015-07-08 04:46 - 01099226 _____ C:\Users\doug.BAREFOOT\Downloads\DiamondHead_Logo.ai
2015-07-08 04:46 - 2015-07-08 04:46 - 00570654 _____ C:\Users\doug.BAREFOOT\Downloads\DiamondHead_Logo.eps
2015-07-08 04:45 - 2015-07-08 04:45 - 00108342 _____ C:\Users\doug.BAREFOOT\Downloads\hardat.bmp
2015-07-07 10:02 - 2015-07-07 10:02 - 00004435 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-07-07.csv
2015-07-01 10:38 - 2015-07-01 10:38 - 00012514 _____ C:\Users\doug.BAREFOOT\Downloads\Shirt Order.xlsx
2015-06-29 10:35 - 2015-06-29 10:35 - 03974689 _____ C:\Users\doug.BAREFOOT\Downloads\Antiqued Gold and Silver Rope Edge Berry Concho 1-1_2- All Western Cowboy - Circle KB Idaho USA.webarchive
2015-06-29 07:28 - 2015-06-29 07:28 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
2015-06-29 07:28 - 2015-06-29 07:28 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-22 11:58 - 2015-06-22 11:58 - 00002062 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-06-22.csv
2015-06-18 11:06 - 2015-06-18 11:06 - 00390785 _____ C:\Users\doug.BAREFOOT\Downloads\download (1).php
2015-06-18 10:55 - 2015-06-18 10:55 - 00409908 _____ C:\Users\doug.BAREFOOT\Downloads\winmail.dat
2015-06-18 10:53 - 2015-06-18 10:53 - 00390785 _____ C:\Users\doug.BAREFOOT\Downloads\download.php
2015-06-18 04:59 - 2015-06-18 04:59 - 00000878 _____ C:\Users\doug.BAREFOOT\Downloads\orders-2015-06-18.csv==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 08:45 - 2015-04-05 00:00 - 00000000 ___SD C:\Windows\System32\GWX
2015-07-16 08:45 - 2015-02-10 12:14 - 00000000 ____D C:\users\doug.BAREFOOT
2015-07-16 08:45 - 2015-02-10 11:54 - 00000000 ____D C:\users\Administrator
2015-07-16 08:45 - 2014-12-11 01:23 - 00000000 ____D C:\Windows\System32\appraiser
2015-07-16 08:45 - 2014-11-19 05:54 - 00000000 ____D C:\users\crdsecagent$admin
2015-07-16 08:45 - 2014-05-20 11:29 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-07-16 08:45 - 2014-05-20 09:52 - 00000000 ____D C:\users\dougc
2015-07-16 08:45 - 2014-05-19 05:03 - 00000000 ____D C:\users\doug
2015-07-16 08:45 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2015-07-16 08:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 08:44 - 2015-02-13 09:30 - 00000000 __RHD C:\MSOCache
2015-07-16 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-07-16 08:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-16 00:00 - 2014-05-20 10:56 - 00000000 ____D C:\Windows\System32\MRT
2015-07-15 23:17 - 2014-05-20 09:50 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl
2015-07-15 13:58 - 2014-05-21 06:30 - 00000000 ____D C:\Users\dougc\Desktop\Doug Shop works
2015-07-14 00:46 - 2014-01-09 14:44 - 01966423 _____ C:\Windows\WindowsUpdate.log
2015-07-14 00:27 - 2014-01-09 12:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 23:49 - 2014-05-19 07:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 18:19 - 2009-07-13 20:45 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 18:19 - 2009-07-13 20:45 - 00031312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 06:49 - 2014-05-19 07:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 06:00 - 2009-07-13 21:13 - 00783606 _____ C:\Windows\System32\PerfStringBackup.INI
2015-07-13 05:55 - 2015-02-10 12:14 - 00002261 _____ C:\Users\doug.BAREFOOT\Desktop\Google Chrome.lnk
2015-07-13 05:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 05:54 - 2009-07-13 20:51 - 00037955 _____ C:\Windows\setupact.log
2015-07-13 05:53 - 2010-11-20 19:47 - 00533178 _____ C:\Windows\PFRO.log
2015-06-29 19:24 - 2014-05-19 07:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswsp.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00272248 _____ C:\Windows\System32\Drivers\aswVmm.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00065736 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2015-06-29 07:28 - 2014-05-19 07:24 - 00029168 _____ C:\Windows\System32\Drivers\aswHwid.sys
2015-06-29 07:27 - 2014-05-19 07:24 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
2015-06-26 00:47 - 2014-05-22 05:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-23 10:30 - 2010-11-20 19:27 - 00300704 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== Restore Points =========================
Restore point made on: 2015-06-15 22:32:23
Restore point made on: 2015-06-18 23:32:51
Restore point made on: 2015-06-22 23:32:50
Restore point made on: 2015-06-29 07:24:49
Restore point made on: 2015-06-29 23:32:47
Restore point made on: 2015-07-06 23:32:54
Restore point made on: 2015-07-13 05:58:37
Restore point made on: 2015-07-14 00:46:40
Restore point made on: 2015-07-16 00:00:21==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8134.2 MB
Available physical RAM: 7316.26 MB
Total Virtual: 8132.4 MB
Available Virtual: 7321.19 MB==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.11 GB) (Free:385.02 GB) NTFS
Drive d: (Win8_x64) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive e: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:5.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (JW’s Drive) (Removable) (Total:29.81 GB) (Free:3.2 GB) NTFS
Drive g: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 03658F27)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)LastRegBack: 2015-07-12 21:25
==================== End of log ============================
If anyone can give me assistance that would be helpful.