Author Topic: Problem bout aswrvrt.sys  (Read 4089 times)

0 Members and 1 Guest are viewing this topic.

jaehyeong32

  • Guest
Problem bout aswrvrt.sys
« on: November 17, 2013, 02:37:34 PM »
Hey I download avast yet nd My PC doesnt work (before i used my "ALYac" its korea anti v)
So I google find dis forum :D

http://forum.avast.com/index.php?topic=120531.0
http://forum.avast.com/index.php?topic=135244.0

i read 2 also Answer by essexboy

the point

I Do Rufus and Farbar Recovery Scan tool x64 (Windows7 RC not work link)

1. i select command prompt chkdsk c: /r
    Done this work i try normal boot but still error

2.  i select command prompt e:\frst64.exe
     Now I hav FRST.txt(log)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013
Ran by SYSTEM on MININT-O2HQ9H0 on 17-11-2013 22:07:39
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: 0412
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [Korean IME Migration] - C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [ALYac] - C:\Program Files\ESTsoft\ALYac\AYLaunch.exe [274752 2013-08-05] (ESTsoft Corp)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-16] (Intel Corporation)
HKLM-x32\...\Run: [HncUpdate] - C:\Program Files (x86)\Common Files\Hnc\HncUtils\HncUpdate.exe [475136 2007-09-19] (Haansoft Inc.)
HKLM-x32\...\Run: [Korean IME Migration] - C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-17] (AVAST Software)
HKU\user\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\user\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\user\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-17] (Google Inc.)
HKU\user\...\Run: [DocStream] - C:\Users\user\AppData\Local\DocStream\DocStream.exe [11823176 2013-10-16] (Jiransoft Co., Ltd)
BootExecute: autocheck autochk * bootalyac.exe

==================== Services (Whitelisted) =================

S2 ALYac_RTSrv; C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [539968 2013-08-05] (ESTsoft Corp)
S2 ALYac_UpdSrv; C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [995136 2013-08-05] (ESTsoft Corp)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-17] (AVAST Software)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-16] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-16] (Intel Corporation)
S2 NSpeedMeterManager; C:\NIA\NSpeedMeter.exe [122880 2012-04-25] ()
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-27] ()

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-17] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-17] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-17] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-17] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-17] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-17] ()
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-17] ()
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-17] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-01] (Disc Soft Ltd)
S1 EstRtwIFDrv; C:\Windows\system32\drivers\EstRtw.sys [265496 2013-08-05] (ESTsoft Corp)
S3 EstRtwIFDrvTemp; c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [265496 2013-08-05] (ESTsoft Corp)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98104 2012-11-13] (AhnLab, Inc.)
S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [112888 2013-05-31] (AhnLab, Inc.)
S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [169720 2013-10-15] (AhnLab, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys

S3 VGPU; System32\drivers\rdvgkmd.sys


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========
delete

==================== One Month Modified Files and Folders =======

delete
==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4045.02 MB
Available physical RAM: 3458.28 MB
Total Pagefile: 4043.22 MB
Available Pagefile: 3451.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:60.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:365.76 GB) (Free:221.1 GB) NTFS
Drive f: (USB Drive) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AE0A01A2)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=366 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-11-10 16:31

==================== End Of Log ============================

Now what should I do?

p.s Sorry to my bad English.. cuz im asian

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Problem bout aswrvrt.sys
« Reply #1 on: November 17, 2013, 03:00:13 PM »
Can you boot to safe mode and restore to a point before you installed avast?

This has more than likely happened because of still having your old AV "ALYac" installed while installing avast ( cant have two AV's on the same system )

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Problem bout aswrvrt.sys
« Reply #2 on: November 17, 2013, 03:21:42 PM »
I will disable the old AV and see if that helps

Download the attached fixlist.txt to the same location as FRST
Run FRST and press fix
Once done reboot


jaehyeong32

  • Guest
Re: Problem bout aswrvrt.sys
« Reply #3 on: November 17, 2013, 03:32:35 PM »
#craigb

i try but cant restore to a point before i installed avast


#essexboy

now i goona try w8

jaehyeong32

  • Guest
Re: Problem bout aswrvrt.sys
« Reply #4 on: November 17, 2013, 03:43:45 PM »
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2013
Ran by SYSTEM at 2013-11-17 23:36:34 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [ALYac] - C:\Program Files\ESTsoft\ALYac\AYLaunch.exe [274752 2013-08-05] (ESTsoft Corp)
S2 ALYac_RTSrv; C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [539968 2013-08-05] (ESTsoft Corp)
S2 ALYac_UpdSrv; C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [995136 2013-08-05] (ESTsoft Corp)
S1 EstRtwIFDrv; C:\Windows\system32\drivers\EstRtw.sys [265496 2013-08-05] (ESTsoft Corp)
S3 EstRtwIFDrvTemp; c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [265496 2013-08-05] (ESTsoft Corp)

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ALYac => Value deleted successfully.
ALYac_RTSrv => Service deleted successfully.
ALYac_UpdSrv => Service deleted successfully.
EstRtwIFDrv => Service deleted successfully.
EstRtwIFDrvTemp => Service deleted successfully.

==== End of Fixlog ====

done and reboot still doent work TT

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Problem bout aswrvrt.sys
« Reply #5 on: November 17, 2013, 03:58:05 PM »
OK now I will disable Avast in case it was corrupted

Download the attached fixlist to the same USB as FRST
Run FRST and press fix
Once done reboot

jaehyeong32

  • Guest
Re: Problem bout aswrvrt.sys
« Reply #6 on: November 17, 2013, 04:05:14 PM »
omfg now its okay. everything is fine.

ty essexboy, craigb for help

idk what time ur country but rly fast answer *korea am0:00

one more Q

now i just try download avast again its okay? i dont hav any AV in my PC

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Problem bout aswrvrt.sys
« Reply #7 on: November 17, 2013, 04:54:36 PM »
I'd wait until essexboy replies as there may be further cleaning needed before installing again.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Problem bout aswrvrt.sys
« Reply #8 on: November 17, 2013, 05:16:42 PM »
You will need to totally uninstall the previous AV as that appears to have corrupted some of the avast files or stopped them from loading

Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast 
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

  • Run the uninstall tool and allow to boot to safe mode
  • Once complete reboot your system
  • Reinstall Avast
----------

jaehyeong32

  • Guest
Re: Problem bout aswrvrt.sys
« Reply #9 on: November 20, 2013, 06:14:11 PM »
rly thaks you again.

i think its already uninstall.. so i just download avast free right then.

whatever now avast is working good!

Cya. XOXO