So my buddy managed to mess up his computer somehow. In the process of fixing it, i’ve found that windows won’t load (it gets stuck at the logo screen) And when i load it in safe mode, it freezes at aswRvrt.sys. From what i’ve seen googling it, that seems to be an avast issue. And from the forum posts i’ve looked at, i went ahead and ran the FRST, and have attached the file. Any further assistance would be greatly appreciated. Thank you in advance.
I’m on it …
@Revanx
FRST log shows badly infected machine with two type of rootkits, ZeroAccess and TDL4, an MBR based rootkit.
We shall run three FRSTScript. One by one. After each executed script, try to boot in Windows normaly.
- If you boot into Windows normally, report it here and do NOT make further changes.
- If you don’t boot into Windows normally, report it here and continue with steps.
It is important to do the steps one by one. Do not create tree fixlist.txt at the same time. Just follow the steps and doing them one by one
=====================================
Step#1
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
START
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
C:\Program Files (x86)\Ask.com
AppInit_DLLs: [0 ] ()
AppInit_DLLs-x32: [0 ] ()
C:\$Recycle.Bin\S-1-5-21-903024167-1320075759-2810401075-1000\$743272f754f8be0f338c3117c8cb7b6d
C:\$Recycle.Bin\S-1-5-18\$743272f754f8be0f338c3117c8cb7b6d
C:\Users\clark\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\clark\AppData\Local\Temp\SHSetup.exe
C:\Users\clark\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\clark\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\clark\AppData\Local\Temp\UNINSTALL.exe
cmd: bootrec /FixMbr
cmd: bootrec /fixBoot
Control:
END
[*] Save it to your USB flashdrive as fixlist.txt
[/list]
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Try to boot Widows normaly.
If you succeed => tell me and do NOT make any further action
If you do not succeed => continue with step 2
Step#2
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
Restore point made on: 2013-07-15 09:43:09
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Try to boot Widows normaly.
If you succeed => tell me and do NOT make any further action
If you do not succeed => continue with step 3
Step#3
Open notepad.
[list]
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
LastRegBack: 2013-07-05 05:31
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Try to boot Widows normaly.
If you succeed => tell me and do NOT make any further action
If you do not succeed => post me fresh FRST.txt logreport, as you did from in your fist post.
The first fix did it. Windows has loaded up normally, and i can proceed to sweep it from here. Thank you so much. Here is the log, just in case.
Cool. 8) But we’re not done yet, we still have work to do.
FRST has received update. We shall use fresh copy of FRST for diagnosis in normal mode. Therefore, follow these instructions:
Please download fresh Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
bump!
Are you still with me?