system
8
OK ran your script, was able to reboot and login. Message: System Restore completed successfully. The system has been restored to 11/8/2013 12:41:44AM… Looking at progs, files this seemed so. Shutdown & boot no keyboard, restart and 4X4.
running malwarebytes as I type.
Here’s FRST speak:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by SYSTEM at 2013-11-20 16:10:00 Run:3
Running from F:
Boot Mode: Recovery
==============================================
Content of fixlist:
Start
CMD: copy /y C:\Windows\Minidump\102113-12760-01.dmp F:
HKLM.…\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-29] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] ()
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] ()
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
C:\Program Files\AVAST Software
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
End
========= copy /y C:\Windows\Minidump\102113-12760-01.dmp F:\ =========
1 file(s) copied.
========= End of CMD: =========
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avast => Value deleted successfully.
avast! Antivirus => Service deleted successfully.
aswFsBlk => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswTdi => Service deleted successfully.
aswVmm => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
C:\Windows\System32\Drivers\aswFsBlk.sys => Moved successfully.
C:\Windows\system32\drivers\aswMonFlt.sys => Moved successfully.
C:\Windows\System32\Drivers\aswrdr2.sys => Moved successfully.
C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.
C:\Windows\System32\Drivers\aswSnx.sys => Moved successfully.
C:\Windows\System32\Drivers\aswSP.sys => Moved successfully.
C:\Windows\System32\Drivers\aswTdi.sys => Moved successfully.
C:\Windows\System32\Drivers\aswVmm.sys => Moved successfully.
==== End of Fixlog ====
So mimidump 102113-12760-01.dmp on USB stick, running malwarebytes quick scan says Ok, lots of files in FRST \quarantine.
Many thanks for your assistance. Comments and further suggestions welcome, particularly how to get Avast Ver ? safely working.