Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVAST 2015 - Possible to Uninstall from System Repair Screen?

Started by avasta_argh , Nov 10 2014 05:17 AM

  • Please log in to reply

#1
avasta_argh
Posted 10 November 2014 - 05:17 AM

avasta_argh

    New Member

  • Member
  • Pip
  • 2 posts
Dear All,
 
Last week (before the SP1 release?) I wanted to give avast2015 a try after my previous ESET subscription
had expired. The installation was OK on my Win7-64bit box, and I  simply turned off the computer when the "restart request" popped up
because it was already late in the evening and I assumed all went well. After coming back to office the next morning I was greeted by a black
screen asking to repair windows installation. I tried all the options and can't even get into the safe-mode, it always reverts back to the
startup repair screen. Therefore I can't use the official uninstaller utility. Is there a way to fix it from the command prompt of startup repair
process? I think the problem is caused by asw*.sys files, maybe aswRvrt.sys?
 
I've been trying to fix this for a few days without reinstalling Win7 from scratch, can you please help me? I don't want to go through the
whole process of reinstalling and changing settings of simulation packages, office etc. I know that Avast is a very good antivirus programme
and can't understand why this happened. :(
 
Please find the FRST output, Thanks a lot in advance.
 

  • 0

Advertisements

#2
avasta_argh
Posted 10 November 2014 - 05:20 AM

avasta_argh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by SYSTEM on MININT-I2KH0DC on 09-11-2014 20:04:06
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [00PCTFW] => C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe [2672600 2011-04-07] (PC Tools)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKU\Guest\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\user\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
BootExecute: autocheck autochk /p \??\D:autocheck autochk * 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5912240 2011-09-28] (CANON INC.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 PCToolsFirewallPlus; C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [286000 2011-01-24] (PC Tools)
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S4 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S4 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-04] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-04] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-04] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-04] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-04] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-04] ()
S3 cpuz137; C:\Users\user\Desktop\pc-wizard_2014.2.13\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S2 DS1410D; C:\Windows\SysWow64\Drivers\DS1410D.sys [6592 2001-06-18] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PCTFW-PacketFilter; C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [119688 2011-01-12] (PC Tools)
S1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [334976 2011-01-17] (PC Tools)
S3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis64.sys [79000 2010-07-08] (PC Tools)
S3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis64.sys [79000 2010-07-08] (PC Tools)
S3 pctplfw; C:\Windows\System32\drivers\pctplfw64.sys [179976 2011-01-17] (PC Tools)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [166384 2014-09-09] (Windows ® Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [25600 2013-01-11] (Feitian Technologies Co., Ltd.)
S3 VEtherMp50; C:\Windows\System32\Drivers\VEtherMp50.sys [46648 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 VEtherSp50; C:\Windows\System32\Drivers\VEtherSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 13:52 - 2014-11-04 13:52 - 01050432 ____C (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 01049920 ____C () C:\Windows\System32\Drivers\aswsnx.sys.1415101946316
2014-11-04 13:52 - 2014-11-04 13:52 - 00436624 ____C (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-04 13:52 - 2014-11-04 13:52 - 00267632 ____C () C:\Windows\System32\Drivers\aswVmm.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00116728 ____C (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00093568 ____C (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00083280 ____C (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00082768 ____C () C:\Windows\System32\Drivers\aswmonflt.sys.1415101946316
2014-11-04 13:52 - 2014-11-04 13:52 - 00065776 ____C () C:\Windows\System32\Drivers\aswRvrt.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-04 13:52 - 2014-11-04 13:52 - 00029208 ____C () C:\Windows\System32\Drivers\aswHwid.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-04 13:52 - 2014-11-04 13:52 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-11-04 13:39 - 2014-11-04 13:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-04 13:27 - 2014-11-04 13:39 - 00000000 ____D () C:\ProgramData\AVAST Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 21:38 - 2012-01-06 16:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-04 21:32 - 2012-07-11 20:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-11-04 20:52 - 2012-01-26 17:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
 
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\setup64.exe
C:\Users\user\AppData\Local\Temp\_is169B.exe
C:\Users\user\AppData\Local\Temp\_is6CA7.exe
C:\Users\user\AppData\Local\Temp\_isD6ED.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2014-10-15 01:42] - [2014-07-17 04:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Windows ™nykleme Y”neticisi
--------------------
tanmlayc:           {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  tr-TR
default                 {default}
displayorder            {default}
timeout                 30
 
Windows ™nykleme Ykleyicisi
-------------------
tanmlayc:           {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (kurtarld) 
locale                  tr-TR
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
 
Windows ™nykleme Ykleyicisi
-------------------
tanmlayc:           {current}
device                  ramdisk=[C:]\Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\Winre.wim,{62a8e92d-6836-11e4-90b8-c7602c768376}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (kurtarld) 
locale                  
osdevice                ramdisk=[C:]\Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\Winre.wim,{62a8e92d-6836-11e4-90b8-c7602c768376}
systemroot              \windows
winpe                   Yes
 
Windows Bellek Snama Arac
---------------------
tanmlayc:           {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  tr-TR
 
Aygt se‡enekleri
--------------
tanmlayc:           {62a8e92d-6836-11e4-90b8-c7602c768376}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16351.14 MB
Available physical RAM: 15167.28 MB
Total Pagefile: 16349.34 MB
Available Pagefile: 15169.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (SISTEMA) (Fixed) (Total:111.68 GB) (Free:44.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Windows 7 64-bit onarım diski) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 44B082CC)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
 
LastRegBack: 2014-10-31 15:08
 
==================== End Of Log ============================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP