Avast Service Doesnt Start - HELP!!!

hi, but my question is, will your fix alter in any way my hacks? for example, i tweaked my system to remove some items from the control panel in my start menu. with your method modify my system? or will it just spit out a report?

It will remove two LSA/appint entries

And if my guess is right then TDSSKiller will remove an MBR infection

can you please tell me what these “LSA/appint” entries mean? will they remove my registry tweaks made on my start menu and control panel?

No, they will not affect the tweaks I am only removing bad entries

hi essexboy… i ran the programs and i attached the files below. i know you said to copy and paste the results. but theyre too long to post - but if you still want me to paste them, i can do that. i just think its easier for the thread. just to let you know, i still cant start the avast service after running the fix. please let me know the next steps. and thank you… i’ll await your next reply.

Did you turn off all those services ?

Re-run TDSSKiller with the same parameters when you see the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

what services are you referring? are you referring to the services that tdskiller found? just to let you know, i turned off many services that werent needed. i only got 10 services running.

Re-run TDSSKiller with the same parameters when you see the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

i deleted this and then i restarted my computer. but i still cant start avast. when i try to start it, i get the same error:
“error 5: access is denied on local computer”

but i found out something else… i cant start many other services that i previously disabled. when i try to, i get the same error message. could this be the problem? if so, which services do i enable to get this issue fixed?

The bolded services should be running if you want the system to function normally

Farbar Service Scanner Version: 06-08-2012 Ran by x (administrator) on 19-08-2012 at 20:08:36 Running from "C:\Documents and Settings\x\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal ****************************************************************

Internet Services:

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.

The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.

The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

System Restore:

Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: “C:\WINDOWS\System32\srsvc.dll”.

System Restore Disabled Policy:

Security Center:

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:

wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.

The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: “C:\WINDOWS\System32\wuauserv.dll”.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.

The ImagePath of BITS service is OK.
The ServiceDll of BITS: “C:\WINDOWS\System32\qmgr.dll”.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.

The ImagePath of EventSystem: “C:\WINDOWS\system32\svchost.exe -k netsvcs”.
The ServiceDll of EventSystem: “C:\WINDOWS\system32\es.dll”.

Windows Autoupdate Disabled Policy:

File Check:

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000B0000000A000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****

so far, i enabled BITS (Background Intelligence Transfer Serv) and Security Center. but, i dont see or know how to start: Dnscache Service, Sharedaccess Service, or Wuauserv Service. but regardless, i still cant enable the avast service.

DNS cache is also called DNS Client
Shared Access is windows firewall
Wuauserv is Windows Update AutoUpdate Service

Once you have restarted those could you run FSS again please

i restarted those services and i ran FSS. look at the attached log from FSS. but again, after restarting all the requested services, the avast service doesnt start. at this point, i think this could be a permissions or group policy issue.

What error does Avast give for not starting ? Does it mention a service ?

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

the error i get is:
“Could not start the avast antivirus service on Local Computer. Error 5: access is denied.”

but also, i checked the dependencies of the avast service. and i see it depends on 2 services:
[b]- Remote Procedure Call (RPC)

  • aswMon2[/b]

i do have RPC enabled, but i dont see aswMon2 in my list of services. how can i get this service in my list to enable it?

HAsve you tried a repair install of Avast ?

Hi koolx,

If I may interject for a moment or two:

It does appear as if you had a rootkit on your system, and several needed services were then disabled, some that Avast! needed to run properly, so merely uninstalling, removing remnants left over with aswclear.exe, would not ever allow Avast! to install properly and run. This is the damage you are now trying to repair ATM. That is why I brought essexboy in to assist you in fixing your issues. Damage appears to be much more severe than first indicated here.

essexboy does know what he is doing here.

Also ensure that you run windows repair as that will fix access problems

thanks mchain link…

hi essexboy… to answer your question, i tried a repair of avast 3 times last week but it didnt work. i did run the Windows Repair (all in one) and restarted my system… but when i tried to start the avast service, it still gave me error 5. maybe i should try to uninstall then reinstall avast after doing the Windows Repair (all in one)? i’ll try it and report back.

As essexboy lives in England, might be a bit before he is back online. (Different time-zone) You should do the proposed solution, that of repairing Avast! as essexboy requests, before going on to uninstall, aswclear, etc.,. That way he knows exactly where you are with your system, and no further changes need to be looked for. Makes the repair work a little bit easier for both of you.

Please be patient, you are under his expert care.

hi mchain link. thanks for the reassurance. i really appreciate all your help as well as essexboy. i’ll be patient.