Hi essexboy,
I’ve having problem with boot windows XP. If I’m booting to safe mode it stopped on aswrvrt.sys
Could you help me?
PS: I’m sorry for my english
Hi essexboy,
I’ve having problem with boot windows XP. If I’m booting to safe mode it stopped on aswrvrt.sys
Could you help me?
PS: I’m sorry for my english
Hi,
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
HKLM\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
C:\Documents and Settings\User\Local Settings\Temp
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Try to boot Windows normally…
Thank you for quick answer, but it’s not working. Still the same.
Re-run FRST and post fresh Scan report…
Here is a new log…
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-06] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-12-06] (AVAST Software)
S2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-12-06] (AVAST Software)
S1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2013-12-06] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-12-06] (AVAST Software)
S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-09-25] (ALWIL Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [247192 2013-12-09] (AVAST Software)
S1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-06] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-12-06] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-12-06] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-06] ()
C:\Program Files\AVAST Software\
C:\WINDOWS\system32\drivers\aswFsBlk.sys
C:\WINDOWS\system32\drivers\aswKbd.sys
C:\WINDOWS\system32\drivers\aswMonFlt.sys
C:\Windows\System32\DRIVERS\aswNdis.sys
C:\Windows\System32\Drivers\aswNdis2.sys
C:\WINDOWS\system32\drivers\aswRdr.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\WINDOWS\system32\drivers\aswSnx.sys
C:\WINDOWS\system32\drivers\aswSP.sys
C:\WINDOWS\system32\drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Try to boot Windows normally…
@rhat0
Do not spam this and every possible topic about your paranoid ideas. Every Windows (and every other OS) is perfect for someone who knows how to use it. Period.
Let us finish.
Still the same…
I send fixlog and new re-run FRST report.
We need to try one more method
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
RP: -> 2013-12-10 02:56 - 020480 _restore{3730FF46-EEC3-4326-B5A4-B994542A21AF}\RP1269
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
Try to boot Windows normally…
@TwinHeadedEagle
Restore system help me.
Thank you very much.
We’re not yet done, I saw the signs of infection on your system…
Run FRST from Windows now, and attach both reports…
Here are logs from Windows.
I see you installed ESET, there are still remnants of Avast. You need to clean it, problem could arise when using more than one Anti-virus
Use this instruction to clean Avast remnants
http://www.avast.com/uninstall-utility
One more step:
Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:
[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center/Action Center
[*]Windows Update
[*]Windows Defender
[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
[]Please copy and paste the log to your reply.
Then…
Instructions how to disable avast:
[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
Ok, I unistalled AVAST in safe mode and I run next tests from normal boot Windows.
Looks good, any remaining problems?
It see ok. Thank you, you really helped me.
Good, we’re done here
Keep your system and software updated. You’re using very very outdated version of Adobe Reader, uninstall it and download latest version.
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
Now I see that my user name is’t USER(like before) but it’s USER.PC_HORE. Computer name is PC_HORE. In Control panel / users are only USER and GUEST, but in C:/ Document And Settings are All user, User, Guest ang User.PC_HORE. When I logged to windows as User, data are reading/writing to USER.PC_HORE.
Do you know any advice for my problem?
I’m sorry for my english…
I forgot attachments…
You have two USER, if this new doesn’t have anythin important, you can delete it…
I do not know how that appeared?