AVAST 2015 - Possible to Uninstall from System Repair Screen?

Dear All,

Last week (before the SP1 release?) I wanted to give avast2015 a try after my previous ESET subscription
had expired. The installation was OK on my Win7-64bit box, and I simply turned off the computer when the “restart request” popped up
because it was already late in the evening and I assumed all went well. After coming back to office the next morning I was greeted by a black
screen asking to repair windows installation. I tried all the options and can’t even get into the safe-mode, it always reverts back to the
startup repair screen. Therefore I can’t use the official uninstaller utility. Is there a way to fix it from the command prompt of startup repair
process? I think the problem is caused by asw*.sys files, maybe aswRvrt.sys?

I’ve been trying to fix this for a few days without reinstalling Win7 from scratch, can you please help me? I don’t want to go through the
whole process of reinstalling and changing settings of simulation packages, office etc. I know that Avast is a very good antivirus programme
and can’t understand why this happened.

Thanks a lot in advance.

Can’t attach files so I paste the result of FRST, thank you.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by SYSTEM on MININT-I2KH0DC on 09-11-2014 20:04:06
Running from F:
Platform: Windows 7 Professional Service Pack 1 (X64)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32.…\Run: [00PCTFW] => C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe [2672600 2011-04-07] (PC Tools)
HKLM-x32.…\Run: =>
HKLM-x32.…\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32.…\Run: [AvastUI.exe] => “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
HKU\Guest.…\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser.…\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\user.…\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
BootExecute: autocheck autochk /p ??\D:autocheck autochk *

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5912240 2011-09-28] (CANON INC.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 PCToolsFirewallPlus; C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [286000 2011-01-24] (PC Tools)
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S2 avast! Antivirus; “C:\Program Files\AVAST Software\Avast\AvastSvc.exe”
S4 NvNetworkService; “C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe”
S4 nvUpdatusService; “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”
S3 WinHttpAutoProxySvc; winhttp.dll

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-04] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-04] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-04] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-04] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-04] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-04] ()
S3 cpuz137; C:\Users\user\Desktop\pc-wizard_2014.2.13\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S2 DS1410D; C:\Windows\SysWow64\Drivers\DS1410D.sys [6592 2001-06-18] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PCTFW-PacketFilter; C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [119688 2011-01-12] (PC Tools)
S1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [334976 2011-01-17] (PC Tools)
S3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis64.sys [79000 2010-07-08] (PC Tools)
S3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis64.sys [79000 2010-07-08] (PC Tools)
S3 pctplfw; C:\Windows\System32\drivers\pctplfw64.sys [179976 2011-01-17] (PC Tools)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [166384 2014-09-09] (Windows (R) Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [25600 2013-01-11] (Feitian Technologies Co., Ltd.)
S3 VEtherMp50; C:\Windows\System32\Drivers\VEtherMp50.sys [46648 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 VEtherSp50; C:\Windows\System32\Drivers\VEtherSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys
S3 usb6xxxk; ??\C:\Windows\system32\drivers\usb6xxxkl.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 13:52 - 2014-11-04 13:52 - 01050432 ____C (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 01049920 ____C () C:\Windows\System32\Drivers\aswsnx.sys.1415101946316
2014-11-04 13:52 - 2014-11-04 13:52 - 00436624 ____C (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-04 13:52 - 2014-11-04 13:52 - 00267632 ____C () C:\Windows\System32\Drivers\aswVmm.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00116728 ____C (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00093568 ____C (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00083280 ____C (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00082768 ____C () C:\Windows\System32\Drivers\aswmonflt.sys.1415101946316
2014-11-04 13:52 - 2014-11-04 13:52 - 00065776 ____C () C:\Windows\System32\Drivers\aswRvrt.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-04 13:52 - 2014-11-04 13:52 - 00029208 ____C () C:\Windows\System32\Drivers\aswHwid.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-04 13:52 - 2014-11-04 13:52 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-11-04 13:39 - 2014-11-04 13:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-04 13:27 - 2014-11-04 13:39 - 00000000 ____D () C:\ProgramData\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 21:38 - 2012-01-06 16:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-04 21:32 - 2012-07-11 20:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-11-04 20:52 - 2012-01-26 17:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype

Some content of TEMP:


==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

[2014-10-15 01:42] - [2014-07-17 04:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== BCD ================================

Windows ™nykleme Y”neticisi

tanmlayc: {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale tr-TR
default {default}
displayorder {default}
timeout 30

Windows ™nykleme Ykleyicisi

tanmlayc: {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Professional (kurtarld)
locale tr-TR
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows

Windows ™nykleme Ykleyicisi

tanmlayc: {current}
device ramdisk=[C:]\Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\Winre.wim,{62a8e92d-6836-11e4-90b8-c7602c768376}
path \windows\system32\winload.exe
description Windows Recovery Environment (kurtarld)
osdevice ramdisk=[C:]\Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\Winre.wim,{62a8e92d-6836-11e4-90b8-c7602c768376}
systemroot \windows
winpe Yes

Windows Bellek Snama Arac

tanmlayc: {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale tr-TR

Aygt se‡enekleri

tanmlayc: {62a8e92d-6836-11e4-90b8-c7602c768376}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16351.14 MB
Available physical RAM: 15167.28 MB
Total Pagefile: 16349.34 MB
Available Pagefile: 15169.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (SISTEMA) (Fixed) (Total:111.68 GB) (Free:44.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Windows 7 64-bit onarım diski) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 44B082CC)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)


LastRegBack: 2014-10-31 15:08

==================== End Of Log ============================


If your VM busted, or your Physical Computer?

Because I’ve yet to see anything merge through a VM into a host computer (In terms of OS’ at least).

Regardless, remover notified. Sit tight, and wait for help please

Thank you for the reply, yes it is the real physical computer. I was playing with VM trial some time ago.
:-[ Eagerly waiting :cry:

Well, I notified people of your case and another. Valinorum was online, so he may be here shortly.

This will remove all drivers and services used by Avast

Download the attached Fixlist.txt to the same location as FRST
Run FRST as before and press fix
On completion try a normal boot

Thank you so much, i’ll try this fixlist and let you know soon :slight_smile: