Hi,

I have the same problem other people had before. I’m not able to boot into the safe mode. The system says that the file is corrupted.

I was going to run Rufus to post the FRST.txt here, but I couldn’t find a good link for downloading Windows 7 64bit RC.

I’ve been trying to solve this problem by myself for some days now, but it is far beyond my computer knowledge. This is actually my father’s computer. He told me that this problem started with a update from avast that went wrong.

Please, can anyone help me?

Hi,

Did you followed this guide to get FRST report → http://forum.avast.com/index.php?topic=53253.0

Hi,

No, I didn’t.

Thanks

These are the results from the FRST.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.

LastRegBack: 2013-10-23 09:31

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

Hi,

I ran FRST and got the attached fixlog.txt.

I tried to boot windows normally, but it got stuck in the same part again.

thanks for helping me

Ok, let’s try a different approach…

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.

Restore point made on: 2013-10-31 17:01:43

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Ok.

Here’s the log.

And? Did you try to boot normally?

Yes, but the same problem happened again. The boot didn’t go past the recovery screen.

Ok, let’s try this one

We will now delete some of the Avast components, but we’ll fix it easily, when computer boots normally.

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.

S2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-31] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-31] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-31] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-31] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-31] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-31] ()
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-31] ()
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-31] ()
C:\Windows\System32\Drivers\aswRvrt.sys

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

It worked!

The log is attached to this post

Thanks a lot for your patience!

Great, let’s see if there are some remnants…

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Combofix says that avast is running, but I can’t see avast icon on the system tray. In fact, it seems that the avast is not even installed on my computer. Should I install it again?

Ok, we’re nearly done. I need answers to few questions?

• How many Antivirus programs are currently installed? I see Kingsoft, Kaspersky and Avast? Is there any other? Please delete them, and leave only Avast, that are we going to repair, after you uninstall other…

Then…

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Then…

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

The softwares keep saying that the avast is enabled and updated, but I still can’t find it on the system tray.

The logs are attached to this post.

Oops, forgot to attach the logs

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

SearchScopes: HKLM-x32 - {6F13248C-2D40-1473-4D68-63E9F88A6822} URL = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
SearchScopes: HKCU - {1A73B476-42B2-4CCA-AE4C-CF21C7E3235C} URL = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
SearchScopes: HKCU - {BD9E44CC-FA08-4585-B8A0-D74C700B41B1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297267&CUI=UN32803530921232731&UM=2
SearchScopes: HKCU - {D90A8940-DA30-42BE-A6DC-58B6804256ED} URL = http://dts.search-results.com/sr?src=ieb&appid=235&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {F3A2900B-AA5D-4F48-B393-F4E89FDB67AF} URL = https://isearch.avg.com/search?cid={C9B3B2F2-D7DA-4765-B6A8-E1544F107EAD}&mid=acfa1b3aee9547d0b8fcd152ba73cb4b-32d35533d834bb0927ab4e4b7e2350abac8e1723&lang=pt-br&ds=is015&pr=sa&d=2012-07-31 20:24:42&v=12.1.0.21&sap=dsp&q={searchTerms}
FF Homepage: hxxp://start.iminent.com/?appId=0D2B550C-8C4A-4AD5-AB87-35DDEBCA37A8
cmd: ipconfig /flushdns
AlternateDataStreams: C:\Windows\System32:61C406C8_Abn.gbp
AlternateDataStreams: C:\ProgramData\TEMP:728B799F
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Miguel\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:728B799F
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:D1B5B4F1

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Then…

Go to Control Panel → Uninstall a program , find Avast and click Uninstall.

Then you need to select Repair option, like on image below

Then…

Please go to: VirusTotal

[*] Click the Choose File button.
[*] Please copy/paste the following text into the ‘File name:’ box:

    C:\Windows\S4TSR.EXE  

[*] Click Open then click the Scan it! button just below.
[*] This will scan the file. Please be patient.
[*] If you get a message saying File already analyzed: click Reanalyse
[*] Once scanned, copy and paste the URL from your browser address bar in your next reply.

Hi,

I Ran FRST(The result is attached to this post). I tried to repair Avast, but I got a message saying that Avast was not installed(something like that) and that it may had been unistalled previously.

Should I follow with the remaining steps?

Follow this link to uninstall Avast, we’ll reinstall it later

http://www.avast.com/uninstall-utility