Computer fails to boot because of aswrvrt.sys

Posting here because it might be faster than avast forums. Hope this is the right forum
I use malwarweytes and avast (both free) on my system. I have not updated Windows 7 since 2015. I use whatever the most recent versions are for my system.
A few months ago malwarebytes somehow forced an October 2019 windows security update on my computer so it could update itself. This also allowed Avast to update itself to a more recent version. I uninstalled the update but not the antiviruses and since these are rooted in the system i think this is the cause.
Booting after this, Windows boots into system recovery mode. It tries to do system repair but cant fix anything and cant find a cause. Originally the report pointed to "aswrvrt.sys" as being corrupt.
- Cant boot into safe mods
- Cant enable boot log
- Memory Diagnostic wont do anything
- sfc /scannow says theres a pending system repair - maybe it wants to finish uninstalling the update?
- cant do anything with dism, chkdsk turns up fine
- obviously cant run exes so no uninstallers

I found this thread on avast forums where someone used FRST to remove some drivers ans it worked for him https://forum.avast.com/index.php?topic=139009.0
I trid thia myself and it didnt do anything except make Startup Repair no longdr identify aswrvrt.sys as the problem.
I backed up my driver folders but nothing seems to be different except for aswrvrt.sys, which FRST removed but I put back.
Didnt try safe mode befofe this but now, the last driver it tries loading before crashing to recovery mode is CLASSPNP.sys

I ran a form of Windows 10 PE from a USB. Did not connect to the internet on it.
Avast uninstaller there opens for a littls bit but then closes. MBAM uninstaller crashes
Somehow dism (win7 not win10pe) was able to revert the pending action here but not in recovery mode. Right before, sfc stopped at 20% verification then said it found corrupt files. I cant read whats wrong from its log
After reverting pending actions and running sfc (pointing at win7) it says that windows resource protection could not perform the requested operation.

Also i dont have system restore enabled.

I wrote a lot but i would really appreciate any help. I hope my only hope isnt to reinstall windows. Merry christmas

Windows 7 at regular intervals will backup the registry hives in the following folder

 

Windows/system32/config/Regback

 

Look at the dates and sizes of the hives in Regback. If the creation dates are recent and not zero bytes you can first add a .bak extension to the registry hives in the config folder using your HirensPE disk.

 

Software to Software.bak

Security to Security.bak

Default to Default.bak

SAM to SAM.bak

System to System.bak

 

After the rename copy the registry hives in Regback to the config folder. Reboot and hope Windows starts. If not then backup your data with Hirens to a USB HDD and reinstall Windows.

Thank you for the fast reply.
I tried it and had no luck. With no filenames changed obviously.
I hope i can get some other ideas here before i reinstall.
Is anyone sure that i cant use FRST or something else to remove the antiviruses completely?

I thought of using an install disk to do a repair install but this is apparently not possible in windows 7 without booting into the system
I had another idea. What if i installed windows 7 on sometging else, booted into it and then used the antivirus uninstallers there? Maybe they only work on the system and not outside it.

Does anyone know how to backup all personal files outside the installation? Obviously cant restore the installation itself and theres probably more system files outside c:\windows. What about all preferences and changes?

Does anyone know how to backup all personal files outside the installation?i

 

All your personal files would be in the USERS directory. You should be able to backup to a USB HDD using Hirens.

 

Regarding FRST you might want to post in the Virus Removal Forum. There are experts there that deal exclusively with FRST, You can reference this thread.

 

Another option is to use AutoRuns offline. You can disable any AV service. I'm not sure if Hirens includes AutoRuns otherwise you would need to attach the HDD on another computer using a USB adapter. But if replacing your registry hives with a date earlier than your problem I'm not sure it would work.

 

https://www.winhelponline.com/blog/analyze-offline-system-autoruns-feature/

 

This explains Autoruns. Same for Windows 7 as 10 or 11.

 

https://www.thewindowsclub.com/sysinternals-autoruns-windows