Author Topic: Avast Service Doesnt Start - HELP!!!  (Read 40472 times)

0 Members and 1 Guest are viewing this topic.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5416
  • Spartan Warrior
Re: Avast Service Doesnt Start - HELP!!!
« Reply #15 on: August 19, 2012, 10:52:36 AM »
Unlike traditional antivirus programs that use definition-based detection, Malwarebytes uses a heuristic approach (behavior-based) to detect newer and unknown malware.  So, the registry keys found by Malwarebytes kind of fit that detection modality.

I have gone and PM'd a malware expert, so help should be on the way.  Please be patient, as malware experts volunteer their time here, and live in a multitude of different time zones.  So, at times, it may be a little bit of ping-pong going on, but in the end, it will all work out.
Windows 10 Home 64-bit 1909 Avast Premier Security version 20.1.2397 (build 20.1.5069.559) UI version 1.0.460.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #16 on: August 19, 2012, 11:51:28 AM »
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {653D0EFF-653E-4B62-BEA0-BF2F909CE969} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-616249376-839522115-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-616249376-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O20 - AppInit_DLLs: (dyeari.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\ljJDtUml) - File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

FINALLY

run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #17 on: August 19, 2012, 04:36:21 PM »
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

you mentioned that this may fix my system. will this fix modify in any way the tweaks and hacks that i put in my system?

Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #18 on: August 19, 2012, 04:39:39 PM »
Unlike traditional antivirus programs that use definition-based detection, Malwarebytes uses a heuristic approach (behavior-based) to detect newer and unknown malware.  So, the registry keys found by Malwarebytes kind of fit that detection modality.

I have gone and PM'd a malware expert, so help should be on the way.  Please be patient, as malware experts volunteer their time here, and live in a multitude of different time zones.  So, at times, it may be a little bit of ping-pong going on, but in the end, it will all work out.

hi mchain link. i appreciate that you contacted your malware expert friend.. but malwarebytes didnt detect any problems.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #19 on: August 19, 2012, 05:08:13 PM »
Quote
23:02:38.218    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a4655a0]<<
Malwarebytes does not check the MBR


Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #20 on: August 19, 2012, 05:19:30 PM »
Quote
23:02:38.218    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a4655a0]<<
Malwarebytes does not check the MBR

hi, but my question is, will your fix alter in any way my hacks? for example, i tweaked my system to remove some items from the control panel in my start menu. with your method modify my system? or will it just spit out a report?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #21 on: August 19, 2012, 05:26:54 PM »
It will remove two LSA/appint  entries

And if my guess is right then TDSSKiller will remove an MBR infection

Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #22 on: August 19, 2012, 06:59:04 PM »
It will remove two LSA/appint  entries

And if my guess is right then TDSSKiller will remove an MBR infection

can you please tell me what these "LSA/appint" entries mean? will they remove my registry tweaks made on my start menu and control panel?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #23 on: August 19, 2012, 10:54:03 PM »
No, they will not affect the tweaks  I am only removing bad entries

Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #24 on: August 20, 2012, 02:12:15 AM »
No, they will not affect the tweaks  I am only removing bad entries

hi essexboy.. i ran the programs and i attached the files below. i know you said to copy and paste the results. but theyre too long to post - but if you still want me to paste them, i can do that. i just think its easier for the thread. just to let you know, i still cant start the avast service after running the fix. please let me know the next steps.  and thank you... i'll await your next reply.
« Last Edit: August 20, 2012, 02:14:39 AM by koolx »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #25 on: August 20, 2012, 03:53:48 PM »
Did you turn off all those services ? 

Re-run TDSSKiller with the same parameters when you see the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #26 on: August 20, 2012, 05:02:14 PM »
Did you turn off all those services ?


what services are you referring? are you referring to the services that tdskiller found? just to let you know, i turned off many services that werent needed. i only got 10 services running.

Quote
Re-run TDSSKiller with the same parameters when you see the following select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

i deleted this and then i restarted my computer. but i still cant start avast. when i try to start it, i get the same error:
"error 5: access is denied on local computer"

but i found out something else.. i cant start many other services that i previously disabled. when i try to, i get the same error message. could this be the problem? if so, which services do i enable to get this issue fixed?
« Last Edit: August 20, 2012, 05:12:13 PM by koolx »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #27 on: August 20, 2012, 07:36:35 PM »
The bolded services should be running if you want the system to function normally

Quote
Farbar Service Scanner Version: 06-08-2012
Ran by x (administrator) on 19-08-2012 at 20:08:36
Running from "C:\Documents and Settings\x\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.

The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.

The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll".


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.

The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\System32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.

The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\System32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.

The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000B0000000A000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Offline koolx

  • Jr. Member
  • **
  • Posts: 37
Re: Avast Service Doesnt Start - HELP!!!
« Reply #28 on: August 20, 2012, 07:59:18 PM »
The bolded services should be running if you want the system to function normally

so far, i enabled BITS (Background Intelligence Transfer Serv) and Security Center. but, i dont see or know how to start: Dnscache Service, Sharedaccess Service, or Wuauserv Service. but regardless, i still cant enable the avast service.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast Service Doesnt Start - HELP!!!
« Reply #29 on: August 20, 2012, 09:10:37 PM »
DNS cache is also called DNS Client
Shared Access is windows firewall
Wuauserv is Windows Update AutoUpdate Service

Once you have restarted those could you run FSS again please