Avast WEBforum
Other => Viruses and worms => Topic started by: DTwyman on January 05, 2014, 12:54:54 PM
-
Hi,
I tried to start my computer yesterday and just like many others on this forum, it wouldn't load Windows. The screen I got upon a normal boot was options for either Windows Repair (which gets stuck on the light blue screen forever), or start windows normally, which freezes and then loops back to the options screen.
I've tried booting in safe mode, but it gets stuck after loading file aswrvrt.sys
I've been reading other similar posts on this forum to try to resolve the issue, but I can't find a ISO file for Windows 7 64bit as essexboy's dropbox link has expired. Could anyone help me out??
I have access to an internet connected pc, but don't have administrator privileges (is in the university library). I can download things such as rufus and FRST though.
Please help me out! Am a broke student and can't afford any costly repair shops :(
Thanks,
Dave
-
Please download Farbar Recovery Scan Tool x64 (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to a flash drive.
- Plug the flashdrive into the infected PC.
- Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
- Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
- In the command window type in notepad and press Enter.
- When notepad opens, click File and select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run. When the tool opens click Yes to disclaimer.
- Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.
-
Thanks for the reply!
Ive downloaded FRST64 and saved it on a USB. I plugged it in and was able to access the advanced boot options via F8, but when I try to go to repair your computer, it freezes on the light blue 'login' screen.
Any tips?
Thanks
Dave
-
Do you have installation disk for Windows 7 64-bit?
-
Unfortunately not, the laptop came with it preinstalled :p
-
I can give you link for Windows 7 download, and you'll need to burn iso to disc. Do you agree with this?
-
Is it possible to burn it to USB? I don't have any writeable discs to hand. Otherwise yes, I agree :)
-
Yes, it is possible :)
You'll need to download Windows 7 ISO and the tool required to burn iso
Windows 7 ISO --> http://msft.digitalrivercontent.net/win/X17-59465.iso
Windows 7 USB Download tool --> http://images2.store.microsoft.com/prod/clustera/framework/w7udt/1.0/en-us/Windows7-USB-DVD-tool.exe
Download both files, first one is big, it will take some time...
Then, you need to install Windows 7 USB Download tool and run it. Follow the steps, you'll need to choose ISO. It is quite simple.
When you finish, you'll need to boot USB and to attach report.
-
Do you think it's possible to use Rufus to make the ISO? I dont have administrator privileges on this PC.
-
Actually, my USB stick here isn't big enough for the ISO file. I'll have to wait until I go home tonight and use my housemate's one. Thanks for your help so far! I'll post the FRST file when it's done
Dave
-
Do you think it's possible to use Rufus to make the ISO? I dont have administrator privileges on this PC.
Yes I think it is possible :)
-
Sorry my reply has taken so long, needed to get a bigger USB off of my friend to save the ISO file.
I loaded the ISO onto the USB using Rufus and also saved FRST on it as well. Have plugged it in and booted from USB. Windows menu came up asking for my language etc, so I amended that to fit and then on the next screen I clicked the repair computer button, but now it's frozen as before, stuck on the blue screen. It's only been about 5-10mins since the screen came up, so I'll wait a bit longer before trying again, but am I going wrong somewhere / should I try something else?
Thanks,
Dave
-
I think that you must use DVD to burn ISO, and then boot from DVD?
-
So booting the ISO from USB isnt possible? I'll see if I can get hold of a DVD somewhere then
-
And I presume that if I click on Install Windows 7, it will start a reinstall and essentially format my laptop and delete all the stuff I'm trying to save by doing this fix :p
-
Oh, hold on, System Recovery Options window has come up. I obviously wasn't patient enough the first time around. Should I restore my computer using an earlier system image, or carry on through the recovery tools option?
At the moment the window is still loading, so can't proceed either way (cursor is still the loading circle)
DT
-
Use Repair tools, exactly like in my instructions...
-
Sweet. Am in to system recovery. Have typed all of those command prompts in and am currently waiting on FRST64 for the scan. It's being ridiculously slow though :(
Will reply back as soon as it's done with the text file
-
No problem, let it scan, post report when it is finished :)
-
It never started the scan, just waited for ages with a message saying it was preparing to do it. Then BSOD came up and I've now restarted the whole process.
When my recovery systems options window first comes up, it tells me that my OS is Windows 7 (which is correct), but that the location and partition size are (D:) and 0Mb. I'm no expert, but this doesn't sound right to me. Might have been why it has been taking so long to do anything.
Do I need to load a driver for it to check (C:) where I presume it should be loading from or am I worrying about nothing?
-
Can you execute chkdsk c: /r within CMD inside repair tools?
-
When it eventually loads that far, I'll try that
Thanks!
-
I was able to do chkdsk c: /r and it has completed it's scan. Do you want me to attach any of the data?
The only thing that has come up that seems to indicate a problem is the last line: "Failed to transfer logged messages to the event log with status 50"
-
Try now to run FRST?
-
The FRST scan eventually started and I now have the .txt file attached :)
Fingers crossed the problem is resolvable
-
Result is not yet complete? What is the letter of your system partition (C, D, E)?
-
When I was going through the system recovery options, it had (D:) as my system partition with 0Mb free on it :s Otherwise my standard drive that I save stuff to is (C:) and as far as I know I don't have an (e:) drive unless it's a DVD/CD-ROM or something?
Shall I run the scan again?
-
Try chkdsk d: /r. When you finish, try to attach fresh FRST report...
-
The chkdsk scan finally finished on the d drive and here is the new frst scan .txt file
Thanks
-
I restarted my computer this morning via USB and in contrast to what was happening yesterday, it took no time at all to load up the Windows ISO etc. I went to repair options and it managed to do a startup repair scan! Seems like chkdsk on the (D:) drive cleared something up.
The startup repair was unable to do anything automatically, but it did find the root cause of the problem. Here is what the diagnosis found:
"A patch is preventing the system from starting.
Repair action: System files integrity check and repair
Result: Failed. Error Code = 0x490
Time Taken = 1196746ms"
All of the other tests were performed successfully.
It's now prompting me to remove any devices and try restarting the pc. Should I do that, or go into advanced options and run more frst scans first?
DT
-
Hi, I didn't respond because I used to consult with my coleagues about this, because this problems is really weird.
I want you to go to Repair Tools, open CMD and try this commands:
Bootrec.exe /fixMBR
Bootrec.exe /fixBoot
Restart and see if there is a progress...
-
Okay, I'll try that now.
While I was waiting I thought I might as well run another FRST scan, and the results this time seems to be a lot more comprehensive. Attached is the latest scan
I'll try those two commands now and see what happens
DT
-
Have just tried both of those commands and they both completed successfully
On restart the pc loaded as normal and has now managed to load the OS and am logging in.
Is there anything I should do to prevent this kind of thing happening again?? As you can imagine it's been a distressing few days for me :p
-
Terrific 8)
Is there anything I should do to prevent this kind of thing happening again?? As you can imagine it's been a distressing few days for me :p
Unfortunatelly, we cannot know what caused this, sh*t happens. I had this problem few weeks ago, PC worked normally previous day, in the morning system won't load. I spent several hours trying to fix it, using BIOS, Startup Repair, setting partitions as active, rebuilding boot and mbr, various other CMD commands, and succesfully fixed it. What caused it I don't know, and honestly, I don't give a damn ;D
I would recommend you to uninstall avast completely, then clean the possible remnants with this (http://www.avast.com/uninstall-utility) tool, and then reinstall it again.
But before that, let's scan the system, and make sure everything is all right.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Then...
Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:
Gmer download link (http://www2.gmer.net/download.php)
Note: file will be random named
Double-clicking to run GMER.
- Wait for initial scan to finish - if there is any query, click No;
- Click Scan button and wait until the full scan is complete;
- Click Save ... - save the report to the Desktop (named Gmer );
> Attach here Gmer logreports.
-
Wicked, again, thanks for all your help so far :) You've been a lifesaver.
Here are all of those scan files.
-
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dalesearch.com/?babsrc=HP_ss&mntrId=A026C44619F36404&affID=124440&tsp=5028
URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQscY9rU2&i=26
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=A026C44619F36404&affID=124440&tsp=5028
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQscY9rU2&i=26
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\David\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
C:\Users\David\AppData\Roaming\Complitly
CHR HKLM-x32\...\Chrome\Extension: [ajhcekcffkpnaednoeoegnmnjdlnjjmg] - C:\ProgramData\Codec-C\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pbmbgangfmfbhnngbdgkplhjnfoaeihd] - C:\Program Files (x86)\i-beta\Extensions\Chrome\i-beta.crx
C:\Program Files (x86)\i-beta
C:\Program Files (x86)\Skype\Toolbars
C:\Program Files (x86)\Complitly
C:\ProgramData\Codec-C
AlternateDataStreams: C:\Users\David\Downloads\revised copy of contract.eml:OECustomProperty
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Then...
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
- Click on the Scan button.
- After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Post logfile will also be saved in the C:\AdwCleaner folder.
Then...
Tell me how are the things now? Any remaining issue?
-
Here's the frst fixlog. Am running the adwcleaner scan now.
-
Have run all of those scans etc now. Here are the adwcleaner files from the clean and subsequent restart. It all seems to running fine now, nothing I can tell is wrong.
Only thing is I got a runtime warning as soon as I restarted and logged in. It happens now and again. The pop up says something like "program was requested to shut down in an unusual way". As said, it happens now and again, I click 'ok' and it's as if nothing ever happened.
Do you recommend me still un-installing avast and reinstalling. Any other tips to keep the pc in a tip top condition?
Thank you!
-
Yes, uninstall and reinstall Avast...
-
Thanks very much man! PC seems to be back up and running again. Am in process of uploading all my important docs and photos etc to the cloud and will make sure to keep regular system images and backups handy!!
Managed to uninstall avast fully and it is now reinstalled and fingers crossed won't cause any more problems.
Thanks for your help and if you have any more tips on how to stop it happening I'd be grateful to hear them.
Happy New Year
DT
-
Happy Holidays to you to :)
My advices are:
- backup you important data regulary
- update your software and system
We're done here, only to remove used tools:
Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
-
Wicked, thanks v much for your help TwinHeadedEagle! Is much appreciated.
Laptop seems to be fully operational and I can now crack on with my essays (Yay....)
DT :D