Crash aswMBR

Status
Not open for further replies.
J

joliegew

New member
I tried to run aswMBR three times, but in all cases it crashes after the following lines:
...
14:31:32.512 AVAST engine scan C:\Windows\system32
14:34:56.501 Scanning: C:\windows\assembly\GAC_MSIL\Microsoft.visualstudio.Tools.Applications...

The error message was: (translated)

"avast! Antirootkit not running anymore

A problem arrose which resulted in a halt of this program.
The program is closed and you get a message when a solution is available.
Closing program"

Although aswMBR crashed, is it worthwhile if I send DDS.txt and Attach.zip awaiting a solution to the aswMBR-crash? I have them ready to be posted.
Thank you.
 
Hi and :snwelcome: Joliegew :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

============ Next ==============




Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

============ Next ==============



Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    TDSSKillermain.png


  • If an infected file is detected, the default action will be Cure, click on Continue.


    TDSSKillerMal-1.png


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    TDSSKillerSuspicious.png


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    TDSSKillerCompleted.png


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
On your next reply please post :
  • OTL.txt
  • Extras.txt
  • TDSSKiller log
Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
 
OTL.zip & Exras.zip

Hello Robybel,

Find herewith two zips, the third one you'll find in the next message.
I had to go to another computer with these files, because I didn't succeed in attaching them at the computer that behaves badly; just to let you know this.

Thank you for heling me! :thanks:
 
Hi Joliegew

AdwCleaner

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

============ Next ==============


  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • AdwCleaner log
  • All RKreport.txt
  • Let me know what problems you find
Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
 
Zipped AdwCleaner.logs and RKreport.txt's

Hi Robybel,

It was difficult to establish what you asked for, especially because AdwCleaner didn't finish, so that no reboot was forced. As you can see in the zip-file, I undertook many, many runs by AdwCleaner, by which I think every time my pc became somewhat better to handle. Nevertheless I spent hours to come so far as I am now. I hope that what I send you makes sense to understand what happened successively. I cropped everything together with RKreport[3], as the zp-file is called. I hope you don't mind.

Thank you in advance!
Joliegew
 
Hi Joliegew;)

Good job :bigthumb: But:

If you can, don't attach the log, just copy/paste its contents


Please follow this step

thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


next

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    TDSSKillermain.png


  • If an infected file is detected, the default action will be Cure, click on Continue.


    TDSSKillerMal-1.png


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    TDSSKillerSuspicious.png


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    TDSSKillerCompleted.png


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
JRT-contents

Hi Robybel,

Only JRT gave output:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by LieMaa on wo 20-03-2013 at 15:10:09,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{61d1c847-df80-423a-8c6d-dc03b97e6ebe}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2a696bce-44cf-45a4-b905-59cdfa08531a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{78875f5c-a685-4405-8dc5-d48dc65452b0}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\LieMaa\appdata\local\adawarebp"

TDSSKiller finished without anything to complain about:yes:

:thanks: again!
 
Hi Joliegew

The report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
 
Hi Joliegew

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 
ComboFix stuck

Again I have to use another computer to try to get help:
ComboFix ended up with a kind of log file, which was shown onto the desktop background without anything else than the log file shown onto the empty desktop. I closed the log and saw only the empty desktop. I could not do anything else than switching off the computer and on again.
I chose for reboot in safe mode, without internet connection.
The result is a list of loaded Windows files, and underneath:
Please wait...

Then, nothing happens anymore...
 
Black screen

I tried a normal boot by switching off and on again, becase Ctrl-Alt-Del didn't work. The normal boot resulted in the green progress running startup screen and then a black screen with a normal cursor that can be moved bij the mouse. After some time the standard screen saver by Vista is shown, with three coming and going komets and then the Windows Vista emblem. Much disk activity, that after an hour and longer gets less active. Ctrl-Alt-Del doesn't work.
I tried again the safe boot method, but this didn't work either: Loading files and Please wait...
 
Hi joliegew

download Farbar Recovery Scan Tool 32-Bit
Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Advanced Boot Options

Hi Robybel,
Following your description I can land at Advanced Boot Options, but then I have only the following options, but not "Repair your computer":
Safe mode
Safe Mode with Networkork
Safe Mode with Command Prompt
Enable Boot Logging
Enable Low Resulution Video
Last Known Good Configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable Automatic Restart on sytem failure
Disable Driver Signature Enforcement
Start Windows Normally

What should I choose now?
 
Windows installation disk

If I understand well, I can choose from either Advanced Boot Options, or by using Windows installation disk.
I tried also this second option, but I got exactly the same list of options, but no "Repair your computer".
I also cut that off as well, and hope for a new post from you.
TIA
 
Repair your computer

Hi Robybel,

I'll do that, but as described, I don't get the option Repair your computer, which cannot be found in the list that I get, as I reported.

Joliegew
 
Status
Not open for further replies.
Back
Top