No Endpoints + Other Hellish Things

Viruses and worms
1

Upon attempting a scan, Avast is giving me the following error: Unable to start scan. There are no more endpoints available from the endpoint mapper.

(The longer part of this story is last night I got the BSOD, Windows Security Center Service can’t be started, and stop error 0x0000007e. Couldn’t solve the problem then so tried more stuff today, such as running Spybot S&D, Malwarebytes, did a few System Restores, Scannows, and chkdsks, some startup repairs and Windows Memory Diagnostic and FRST. Couldn’t get into Avast at all so uninstalled and reinstalled, then got the endpoint error. At wit’s end – can only get on in Safe Mode.)

Thank you to anyone who can help me out here. :o

(modifying to add .txts from scans – ignore the malwarebytes one…I’m scanning again right now, because I think something messed up as it’s only .62kB)

2

I ran Malwarebytes Anti-Malware again and the window was so large after the scan that I couldn’t click on the Export button for the log. Of course, this time it didn’t find anything because I’d already quarantined the 3 items it found earlier today. ctrl-(minus) won’t make the window any smaller. I will just type the names of the items here: PUP.Optional.Softonic.A, and two of these: PUP.Optional.AZLyrics.A (one in “localstorage” and one in “localstorage-journal”)

The latest: Upon restart, this message “a disk read error occurred, ctrl-alt-delete to restart” – this is getting “funner and funner”

3
Couldn't get into Avast at all so uninstalled and reinstalled, then got the endpoint error.
Did you use the uninstall tool ?

And there are logs missing.
Addition.txt (farbar)
And the aswmbr log.

4

When you ran chkdsk did you use the /r switch ?

5

Yes, I did use the uninstall tool.

(attaching the Addition.txt log – unsure what the aswmbr log is, please explain…)

Last night, I found myself on a screen that had something to the effect of “Restore to last known good configuration (advanced)” – which I had avoided because of the ‘advanced’ part. Decided to give it a try and now I can load up windows without being in Safe Mode of some kind.

As far as I know, my problems now are:

  1. Avast firewall won’t turn on. Scans work as does everything else I’ve tried so far.

  2. Windows Security Center …it seems to have disappeared, but there is “Network Firewall” under Security which states "Windows Firewall and avast! both report that they are turned off. The yellow avast “ball” on my taskbar that normally spins has an ! on it with the message “Attention” because the firewall is off.

Hi Essex Boy! I’m back again haha :smiley: – couldn’t stay away. Anyhow, what is the /r switch?

6

Error from trying to turn on windows firewall = 0x80070433, image attached:

7

It appears that one of Avasts drivers may be corrupt. So I will remove some Adware and then ask you to do a clean install

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3912699862-1525504398-953937193-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-3912699862-1525504398-953937193-1001 -> {44816E91-C68A-2FF3-3D8F-8970062E5600} URL = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110717&user_guid=2E198D12F9CE4F1BA6C3149D23A3875A&machine_id=6f54fe0d2baa63a712a006b23e5a14a7&browser=IE&os=win&os_version=6.1-x64-SP1 SearchScopes: HKU\S-1-5-21-3912699862-1525504398-953937193-1001 -> {AE20E31D-A4AF-61A7-4793-9D50BE6A462E} URL = http://ed.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z118&partner_id=692&product_id=736&affiliate_id=&channel=42854&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110726&user_guid=2E198D12F9CE4F1BA6C3149D23A3875A&machine_id=6f54fe0d2baa63a712a006b23e5a14a7&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source} BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Browser Enhancements -> {40205287-E793-41AC-B95C-D8D064BA33CA} -> C:\Program Files (x86)\WebEnhancements\BrowserEnhancements.dll No File BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2015-02-19 10:46 - 2015-02-19 10:46 - 00000000 __SHD () C:\Users\Tara\AppData\Local\EmieUserList 2015-02-19 10:46 - 2015-02-19 10:46 - 00000000 __SHD () C:\Users\Tara\AppData\Local\EmieSiteList 2015-02-19 10:46 - 2015-02-19 10:46 - 00000000 __SHD () C:\Users\Tara\AppData\Local\EmieBrowserModeList 2011-12-11 10:30 - 2011-12-11 10:49 - 0000440 _____ () C:\ProgramData\8G2cDpANWSt65b EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

[]Run the uninstall tool and accept the reboot to safe mode
[]Once complete reboot your system
[*]Reinstall Avast

8

Thank you. Here’s the logs. Now on to the Finally section.

9

On the last step, installing Avast, got the following error in setup: Please fix this issue to continue the installation-- The Base Filtering Engine (BFE) service is not running

I’ve clicked the Retry button several times already.

Should I reconnect to the internet? Or is it not safe without AV?

10

OK lets check out the BFE

Download and run farbar service scanner

https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

11

The Farbar log:

12

Download this reg fix to your desktop http://download.bleepingcomputer.com/win-services/7/BFE.reg
Right click the file and select Merge
Accept the warnings
Reboot and then install Avast

13

will do, thanks!

14

That did the trick! Thank you, Essex! Avast up and running perfectly and Windows Firewall, too! I’m so relieved.

Is there anything else I need to do?

15

Just this …

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: