I am using Avast Internet security, and I have been updating my definitions regularly and performing scans regularly. For some odd reason today 160515 when I boot up my laptop it takes ages to boot and when I decides to boot I can’t do anything because all the programs are not responding, I can’t even use the safe mode to scan the pc because it doesn’t wanna open avast, I have used the command prompt safe mode login and I couldn’t run the aswcmd.exe.
Hi mrmavit, welcome to the forum
I have notified expert Essexboy to help you.
Greetz, Red.
Are you able to access safe mode with networking ?
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
Attached is the requested documents
Run these from safe mode with networking, once done then reboot the system to normal mode and let me know how that goes
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\Users\MrMavit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-01] ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3575058634-1794328025-2576854496-1003\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 2014-12-10 14:03 - 2014-10-21 14:50 - 0000000 ____H () C:\Users\Administrator\AppData\Local\BITCE2B.tmp 2014-10-08 10:00 - 2014-10-08 10:00 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat Task: {15B6100A-4E6B-492B-B712-D8230480562D} - System32\Tasks\{0A30719E-A0E1-486E-BB62-D9AFB394C92A} => pcalua.exe -a C:\Users\MrMavit\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt Task: {5BBEF104-4279-4B5D-AC4D-FB36478D91B9} - System32\Tasks\{809432DF-D3B3-4350-B6E0-4506746F2E3A} => pcalua.exe -a C:\Users\MrMavit\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=smt <==== ATTENTION Task: {6902F088-5E6E-4233-9219-5F53234CB8C1} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2014-02-24] ( ) Task: {6F97BD02-EACC-4CED-A8D8-339145030CF0} - \clear.fi No Task File <==== ATTENTION Task: {80D50119-172C-4A76-B6E6-1D35978C2576} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor) Task: {A88266EF-BDB8-4E16-ABAA-2FB92F8F0F5C} - \SPBIW_UpdateTask_Time_313039303234353732342d455b2a34504141454a5a576c No Task File <==== ATTENTION Task: {D8414FAA-014C-4C36-B6FA-70BFBC1A8EF6} - \clear.fiAgent No Task File <==== ATTENTION C:\Users\MrMavit\AppData\Roaming\mystartsearch C:\Users\MrMavit\AppData\Roaming\omiga-plus C:\Program Files (x86)\File Type Advisor Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
After completing the fixlog, the software did not generate the log file, attached is the adware log
Are you able to get to normal mode now ? If so how is it behaving
I have always been able to log in normal mode, the problem is I can’t do anything on normal mode, even my antivirus is not working, hence I get that particular error when I try to run Avast! nothing is working on a normal mode!
I am gonna log off, we’ll continue tomorrow
OK when you are ready we will then start the computer in clean boot mode and try to determine what is causing the conflict
Starting in Safe mode
In the search box type Msconfig and select the programme that appears at the top
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.How does the computer behave in normal mode now ?
There is no work around that seems to be working, even if I do what you told me to do my computer is still not working, and I really really want to avoid formatting that machine hence I bought avast internet security and I scanned it regularly and updated it regularly!
The only safe mode I can use reliably is safe mode network, the normal safe mode behaves just like a normal boot.
How do I scan for viruses on safe mode command prompt?
This does not really make sense as the clean boot is basically the same as safe mode with networking ?
When you boot normally how long do you wait before you decide that it is not working