[phospholamban]

Good evening, thank you for taking your time to assist with my issue.

I've been battling this suspected virus infection since dec '14, ESET NOD antivirus install but definitions expired mid 2014. 

Experiencing chrome crashes + unable to even install/run alternative antivirus programs.

I am unable to copy + paste the logs without chrome crashing (tried copy + pasting small sections and it still crashes). Same issue with IE, unable to paste on this post without crashing.

 

Thank you once again for assisting me and apologies for not being able to paste directly to this post.

Attached Files

•  Addition.txt   44.24KB   196 downloads
•  FRST.txt   32.25KB   226 downloads
•  AdwCleanerS0.txt   1.65KB   204 downloads

[Advertisements]

Hi could you fully uninstall both Panda and ESET

Then run this fix with FRST

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S3 BS1363859444; \??\C:\Users\hans\AppData\Local\Temp\NTFS.sys [X]
2015-07-31 13:54 - 2015-03-10 15:22 - 01309756 _____ C:\Windows\system32\CFG1363859444
AlternateDataStreams: C:\ProgramData\Microsoft:cF2dHFN7xVyswzGu1dhIT
AlternateDataStreams: C:\ProgramData\Microsoft:TdeL5Ft6Vg13bZP9JV8SpdOH
AlternateDataStreams: C:\Users\hans\AppData\Local\Temp:Uwk60KN30RuPpAsCuBu
C:\Users\hans\AppData\Local\Temp\NTFS.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that


NEXT :

Run a fresh FRST scan please

[Essexboy]

Hi could you fully uninstall both Panda and ESET

Then run this fix with FRST

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S3 BS1363859444; \??\C:\Users\hans\AppData\Local\Temp\NTFS.sys [X]
2015-07-31 13:54 - 2015-03-10 15:22 - 01309756 _____ C:\Windows\system32\CFG1363859444
AlternateDataStreams: C:\ProgramData\Microsoft:cF2dHFN7xVyswzGu1dhIT
AlternateDataStreams: C:\ProgramData\Microsoft:TdeL5Ft6Vg13bZP9JV8SpdOH
AlternateDataStreams: C:\Users\hans\AppData\Local\Temp:Uwk60KN30RuPpAsCuBu
C:\Users\hans\AppData\Local\Temp\NTFS.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that


NEXT :

Run a fresh FRST scan please

[phospholamban]

Dear Essexboy,

 

Thank you for your assistance. I've uninstalled ESET and panda, only errors encountered were failure to remove 2 registry ESET keys. Rest was uneventful.

I am still unable to copy + paste the fixlog/FRST log. Please find them attached. I am able to copy from notepad but the moment I paste into chrome it shuts down. On bootup, adobe updater also crashes. 

 

Warm regards

Attached Files

•  Fixlog.txt   2.48KB   175 downloads
•  FRST.txt   29.93KB   145 downloads

[Essexboy]

OK now we will work in baby steps this may be windows related as opposed to a virus

Does windows update normally ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2692520 2009-05-14] (ESET)
HKU\S-1-5-21-2207518888-2136318659-246449119-1000\...\Run: [AdobeBridge] => [X]
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-05-22]
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [731840 2009-05-14] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [142776 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134024 2009-05-14] (ESET)
2015-07-31 23:44 - 2015-07-31 23:44 - 00006873 _____ C:\Windows\system32\DB1363859444
2015-07-31 23:40 - 2015-07-31 23:40 - 01309756 _____ C:\Windows\system32\CFG1363859444
2015-07-30 11:07 - 2015-07-30 11:08 - 05657376 _____ (AVAST Software) C:\Users\hans\Desktop\setup.exe
2015-07-30 11:05 - 2015-07-30 11:05 - 05481336 _____ (Avast Software s.r.o.) C:\Users\hans\Downloads\avast_free_antivirus_setup_online_cnet (1).exe
2015-07-30 11:04 - 2015-07-30 11:04 - 05481336 _____ (Avast Software s.r.o.) C:\Users\hans\Desktop\setup1.exe
2015-07-30 10:13 - 2015-07-30 10:13 - 00000000 ____D C:\Users\hans\AppData\Roaming\Panda Security
2015-07-31 23:31 - 2015-03-23 12:00 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-31 23:29 - 2015-03-23 11:59 - 00000000 ____D C:\ProgramData\Panda Security
2010-07-23 19:14 - 2013-06-12 19:13 - 0000037 ____H () C:\ProgramData\obmlf5
C:\Program Files\ESET
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Reset Chrome

1.In the top-right corner of the browser window, click the Chrome menu.
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings, click Reset settings.
5.In the dialogue that appears, click Reset.

[phospholamban]

Hey! Unfortunately windows haven't been updating regularly. 

I've done the above and here's the log (still failing to copy/paste).

 

Thanks again!

Attached Files

•  FRST.txt   28.79KB   171 downloads

[Essexboy]

This will repair several components of windows and may take up to an hour to run as it will be doing a lot of work

Once it has completed then download and try to install an antivirus and let me know the result


Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme

Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop



Next select Step 4 and run SFC



Next select Step 5 and back up the registry



Open the Repairs tab



Select the following repair numbers :

1 to 27

Set the system to reboot on completion
The press Start Repairs

[phospholamban]

Good morning!

 

I ran the pre scan and repair as instructed, still failed to copy+paste the report on this post. On boot up, had one BSOD with page fault in nonpaged area, not seen it again. 

edit: I've also tried to install AVG antivirus, but am unable to, after clicking "run" on the security dialog (for downloaded programs) nothing happens.

 

Thank you for your time!

Attached Files

•  Tweaking.com - Windows Repair - Pre-Scan.txt   5.7KB   202 downloads

Edited by phospholamban, 31 July 2015 - 08:44 PM.

[Essexboy]

OK lets see if this will run and what if anything it finds

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[phospholamban]

Good morning!

I can download but am unable to run aswmbr, after clicking "Run" for the security dialog, nothing happens. 

I manged to catch the error log for the CS6 crash that happens every boot, maybe it might  give some clues?

 

Problem signature:

  Problem Event Name: APPCRASH

  Application Name: CS6ServiceManager.exe

  Application Version: 3.0.0.389

  Application Timestamp: 4f5a20ec

  Fault Module Name: StackHash_27c7

  Fault Module Version: 6.1.7600.16385

  Fault Module Timestamp: 4a5bdb3b

  Exception Code: c0000374

  Exception Offset: 000cdcbb

  OS Version: 6.1.7600.2.0.0.256.1

  Locale ID: 3081

  Additional Information 1: 27c7

  Additional Information 2: 27c7f86da47671e4d7022fd4070d49a5

  Additional Information 3: e157

  Additional Information 4: e1574b43145a41e2213f61ccc0872840

[Essexboy]

OK lets approach this from a different angle

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Now try to run AswMBR.. Does it work

[phospholamban]

hello!

I did the above and now I can't boot up at all. have this black screen (I've tried attaching a photo from my phone hope it turns out).

cheers

Attached Thumbnails

• 

[Essexboy]

OK reboot the computer and immediately press and hold F8 a menu will appear select safe mode with networking

Then go to msconfig and reverse the changes

[phospholamban]

Tried the F8 trick, it didn't give a chance to get to that menu, doesn't get to the black windows screen before it gets to that screen pictured above.

Found an old hdd, am trying to clone it over desperately to revive the computer.

[Essexboy]

This will create a recover console USB

Download the following three programmes to your desktop :

1. Rufus

For 64bit systems
2. Windows 7 64bit RC http://1drv.ms/1mRsW75
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus


Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB





Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

Windows 7 and Vista screenshots

When you reboot you will see this.
Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.