Several problems including blocked antiviruses

[Firebeard]

I had noticed my Avira was disabled and despite it saying it is updating the program seems to have been prevented from doing so. When I tried to use Malwarebytes to scan it, it was blocked when updating and will no longer open, though every time I've tried to reboot it tries and fails again. I've used Chameleon and it has failed every single time, and now whatever bug I've fallen victim to has disabled Firefox after it updated. I do have a Torrent program and I don't know how to disable it, but I will do so if simply refusing to use it isn't an option.

 

 

Thank you for your time, and for any assistance

FRST.txt

Addition.txt

[CatByte]

Hello and welcome to the Malwarebytes forum.

Please do the following:

Download attached fixlist.txt file and save it to the Desktop.

FixList.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT

Please run the following:

Download ComboFix from the following location:

Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

NEXT

The log shows there are two AV products installed

AV: AVG (Disabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Avira Antivirus (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

If you want to keep Avast, and the AVG is just leftovers, then please run the AVG removal tool:

Download the AVG remover from http://www.avg.com/ww-en/utilities

(Choose the 32 bit version)

- Run AVG remove tool

- Restart PC

Please let me know if there are any outstanding issues.

[Firebeard]

Thanks you for your help, I have run all the programs you listed here with no real changes yet. Thanks for the AVG remover, and as for Avast it didn't help and nor was it disabled by the bug I've got. Someone recommended something named Sophos, but I haven't even thought about using it yet since I didn't want to disrupt anything being done here.

ComboFix.txt

[CatByte]

Do you have the Fixlog? It should be on the desktop, if you could attach that too please.

NEXT

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

SecCenter::AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Avira Antivirus *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}Registry::[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"services"=-[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=-"FirewallOverride"=-

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix may request an update; please allow it.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• when the window opens, click on Change Parameters
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
• click OK
• Press Start Scan
  • If Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
     

[Firebeard]

Sorry about missing that Fixlog, IE is causing me some problems since I don't dare update it due to fear it'll be neutralized like Firefox. Logs attached instead of pasted below since the post was too long.

 

Fixlog.txt

ComboFix.txt

TDSSKiller.3.1.0.5_07.10.2015_20.59.20_log.txt

[CatByte]

what does FireFox do when you try to use it

 

Please uninstall it then re-install it.

 

Reset IE

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Backup Internet Explorer Bookmarks

https://kb.wisc.edu/helpdesk/page.php?id=1419

Backup Firefox Bookmarks

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Proceed with the reset once done.

Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.

In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.

Reset Internet Explorer

In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings

When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.

Close Internet Explorer.

Re-install Avira as well, see if it will now work

[Firebeard]

what does FireFox do when you try to use it

 

Please uninstall it then re-install it.

 

 

Nothing starts or pops up, just the "Bad Thing Happened" noise after a few seconds after trying to open it. The instructions given require the program to open to get the favorites.

 

I'll try reinstalling Avira and hope there's another way to save Firefox bookmarks in the meantime, but if they must be lost I'll bite my lip and do it.

[CatByte]

you should be able to import favourites from another browser if you the same ones in IE

Did you try booting to safe mode to open FireFox?

Check in task manager to see if there are other instances of Firefox.exe still open that need to be ended.

Reboot the PC twice.

Is Malwarebytes antimalware still not functioning?

If not, try a clean install:

(make sure you have your ID and KEY available before starting this process as this will erase it)

Step 1: Download and run the clean-up tool and allow a reboot when prompted.

http://www.malwarebytes.org/mbam-clean.exe

Step 2: Install Malwarebytes' Anti-Malware by following the link below.

http://downloads.malwarebytes.org/file/mbam

Save the file and double-click it to begin the installation

Step 3: Once installed, activate the software with your ID and key:

Click the link **I also have an ID** to get the correct activation window for your type of license.

[Firebeard]

I tried starting Firefox in Safe Mode with the Task Manager on, and saw the program show up there only to disappear. After reinstalling Avira and then Malwarebytes with the tool provided neither works. I keep getting several "The application failed to initialize properly" errors when Malwarebytes tries to open and a single one when Avira tries to scan or update. It's autoprotection still fails to start as well.

[CatByte]

Let's see if mbar finds anything

 

Download Malwarebytes Anti-Rootkit (MBAR) from the following link and save it to your desktop.
http://downloads.malwarebytes.org/file/mbar

Next...Double click on the MBARfile you downloaded.


Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
(By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.)

mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

After reading the Introduction, click 'Next' if you agree.
On the Update Database screen, click on the 'Update' button.

Once you see 'Success: Database was successfully updated' click on 'Next'.
Click the 'Scan' button.
A.With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
If malware is found,  press the Cleanupbutton when the scan completes,
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.
1.mbar-log-2015-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
2.system-log.txt

[Firebeard]

It was unable to update when it tried, and when I ran it anyway it found nothing.

mbar-log-2015-10-08 (15-36-20).txt

system-log.txt

[CatByte]

Well, it does not appear to be infection related.

Lets see what the windows repair tool can do.

Please download Windows Repair (all in one) from here:
http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

Install the program then run the following steps:

Go to step 3 and allow it to run the Disk check (this will check for any bad sectors)
Once that is done then go to step 4 and allow it to run the SFC (system file checker)
NEXT, on the REPAIRS tab => Click the Open Repairs Button
Click the select all check box and then click on Start Repairs.
Please DON'T use the computer while each scan is in progress.

A restart may be needed to finish the repair procedure.

 

Let me know how things are now

 

[Firebeard]

When running the repair tool I selected the 'check upon boot' option it suggested, and now the computer I was using to post here is stuck in a boot up loop. Sorry it has taken so long for me to get back here and post, but I've now got access to a laptop to use in the meantime.

 

I don't know how I could fix this at home, but I'm willing to give it a try if possible. Just note that I don't have a working CD/DVD drive that shows up before the boot process is finished.

[CatByte]

Directly after the post screen, the startup screen that has your manufactures logo on it, when you see the black screen with the underscore cursor press F8 and then select Disable Automatic Restart on System Failure, then when it restarts and crashes you will get a Blue Screen of Death, BSoD, on there will be a Stop: code, reply back and let us know what code you are receiving.

Also take a look here;

http://getintopc.com/tutorials/how-to-install-windows-xp-with-usb-drive/

Once you are through the first screens then use the "Repair Windows" install option.

[Firebeard]

The code I got was 0x000000ED (0x8AEEC900, 0xC000009C, 0x00000000, 0x00000000)  for an Unmountable Boot Volume

 

Unfortunately the USB trick didn't see to work when put in several different working USB slots.

[CatByte]

You should have the Recovery console installed on the machine.

 

This might seem a little difficult, but if you follow the instructions exactly and are careful in copying the commands exactly, you should be able to get this to work,

 

we are going to try and run a system restore through the recovery console,

 

If you encounter any errors, please list them exactly

 

1. Restart your computer like you're going to Safe Mode, except choose Start Windows Normally

and press 'Enter'.

2. Before Windows loads, you will be prompted to choose which Operating System to start.

3. Use the up and down arrow key to select Microsoft Windows Recovery Console

4. You must enter which Windows installation to log onto. Type 1and press 'Enter'.

5. At the C:\Windows prompt, type the following entries one at a time, taking care to include all spaces and underscores, and press 'Enter':

 

set allowallpaths = true

 

cd c:\system~1\_resto~1\rp1087\snapshot

 

6. Now the command prompt will look like this: c:\system~1\_resto~1\rp1087\snapshot

 

7. Type the following entries one at a time, taking care to include all spaces and underscores, and press 'Enter':

 

copy _registry_machine_system c:\windows\system32\config\system

 

Type y to the prompt and press 'Enter'.

 

copy _registry_machine_software c:\windows\system32\config\software

 

Type y to the prompt and press 'Enter'.

 

exit

 

Windows should now begin loading.

 

Let me know how that goes

[Firebeard]

Trying to get the Recovery Console to work resulted in another Unmountable Boot BSoD with a slightly different code which started the same: 0x000000ED (0x89E01E30, 0xC000014F, 0x00000000, 0x00000000)

[CatByte]

Do you have access to another machione?

 

Try this please.  You will need a CD and a USB drive.

 

Download  GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
  
• A new folder will appear on the desktop.
  
• Open the GETxPUD folder and click on the get&burn.bat
  
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  
• Click on Start and follow the prompts to burn the image to a CD.
   
   
  
• Now download http://noahdfear.net/downloads/rst.sh to the USB drive
  
• Insert the USB drive and CD in the unbootable computer
  
• The computer must be set to boot from the CD
  
• Gently tap F12 and choose to boot from the CD
  
• Follow the prompts
  
• A Welcome to xPUD screen will appear
  
• Press File
  
• Expand mnt
  
• Expand your USB (sdb1)
  
• Confirm that you see rst.sh that you downloaded there
  
• Press Tool at the top
  
• Choose Open Terminal
  
• Type bash rst.sh
  
• Press Enter
  
• After it has finished a report will be located at sdb1 named enum.log
  
• Plug that USB back into the clean computer and open it
  

Please note:  If you have an ethernet connection you can access the internet by way of xPUD (Firefox).  You can perform all these steps on your unbootable computer.  When you download the download will reside in the Download folder.  It can be found under the File tab also.  You can similarly access our thread by way of this OS too so you can send the logs that way.

 

Please also note - all text entries are case sensitive

 

Copy and paste the enum.log for my review

[Firebeard]

I mentioned earlier how the CD and DVD drive I have aren't working, they were disabled somehow when I had a broken video card replaced. I tried it anyway and either my computer wasn't set to boot from disk (Pressing f12 did nothing for me), or it was the above.

 

I'm sorry this problem has gotten so out of hand.

[CatByte]

well if there is a way to recover it, we'll try and find it.

 

This can be done via USB stick as well as CD, is it recognizing the USB?

 

Another method we can try is to try and fix the boot from the recovery console.

 

Were you able to get into the recovery console ok?

 

If so, boot up into the recovery console again (reboot the PC > on start up > quickly arrow up to rhe recovery console > it should then load for you

 

The Recovery Console takes several seconds to start. When the Recovery Console menu appears, a numbered list of the Windows installations on the computer appears. (Generally, only c:\Windows exists.) Press a number before you press ENTER, (It's usually #1) even when only one entry appears. If you press ENTER without selecting a number, the computer restarts and starts the process again.

 

Now type Fixmbr

 

Now try booting normally,

 

If that doesn't work, boot to the Recovery console again and this time try FIXBOOT

try booting normally again.

Let me know how it goes.

[Firebeard]

I wasn't able to get into the recovery module. It checks hardware, asks if I want to install some third party software I can't recall the acronym for, and then Blue Screen. Still Unmountable.

 

As for the USB, I don't think it's trying to boot from it. It registers apparently as the light on it flashes, but so far nothing's happened both times I've tried using the USB as you've suggested.

[CatByte]

can you get into the BIOS? (Usually F2)  if so > see if there is an option to boot from USB if so > move it up in the boot order with the arrows.

Does the hard drive show in the BIOS?

 

Do you have access to another PC where you can create the recovery console on a USB if you can boot to it

http://www.msfn.org/board/topic/163531-how-can-i-make-a-recovery-console-iso-into-a-bootable-usb/#entry1045494

 

If you cant boot to DVD/CD or USB and you cannot load the Recovery console, then the oly other thing you can do is take the hard drive out and slave it to another computer and run the FIXMBR, FIXBOOT Chkdsk  commands using the other PC

 

https://dtidatarecovery.com/how-to-slave-hard-drive/

 

let me know

[CatByte]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!