Repeated IE 11 Install Failures

[the stuart]

Can you from your post 7 expand the modified field and once you've got the date.
Got to Event log >> Application for that day, whats showing, was new user created??, does it say by what/who.
Roy

torchwood, thanks for the comeback. After the computer sitting shut down for 2 days, I have returned to your request with the following result. In my effort to reproduce the questionable User Profiles to which you have alluded, I find that all but one has disappeared. And that one has questionable disk capacity associated with it.



I will look for the Event log to which you refer, but I am just following instructions here, so please provide detailed instructions for any task that might prove helpful.

Thanks,
stu

 

[the stuart]

Event Log

torchwood, I am afraid that I am unable to discern what event log you are referring to.

 

[the stuart]

System File Checker

Since there seems not to be any competition for my identity at the moment, I attempted to open the elevated command prompt. Being successful at this, I ran sfc/scannow and received a clean bill of health.



If anyone can explain where the alter egos went and how I regained this level of administrative privilege, please chip in.

 

[torchwood]

fixit

Hi Stuart,
Can you run this MS fixit to repair your user profile
http://support.microsoft.com/kb/947215

Your user accounts do seem to be changing, from 2 to 4 to 1 with odd characteristics.
Certainly not an everyday occurance, pushing me towards an infection, virus/rootkit.

Keep the fixit on your desktop.

AFTER you have run the fixit recheck your User profile, make a copy please.
THEN REBOOT
Check it again if its changed then that would definately point to an infection.
The changing of this profile could cause the Cryptographics error and and why IE wont download.

THIS FORUM WILL BE UNDERGOING MAINTAINCE IN 8hrs time for 3/4 hrs.

Whilst its offline
could you run Malwarebytes free dont take the trial version (check the scan for Rootkits in dashboard)
And Run ESET on-line. you will have to dissable any other AV you have on the system.
Include your WD HD in the scans.

Roy

 

[the stuart]

Toolkit

torchwood, MS Fixit is in my toolkit, and I have run it in the past. But, I will make sure that I have the most current version and run it again.

I have been concerned about rootkits as well and have run Norton Power Eraser in the past, which encouraged me to uninstall capturelibservice.exe, which is a component of Freemake and is known to consume resources and may also provide a backdoor for malware. The general consensus is to remove it, which I did. I did not check to see if I lost any functionality in Freemake. Maybe Freemake is not so free.

Norton PE also listed 4 files that had the entry "C:\assembly\Native\Images..." at the start of very long file names. Norton was suspicious of them, but did not have good evidence and could not recommend removing them. I investigated Native Images on the web and it seemed that they could be a MS creation, so I left them.

I later ran MalwareBytes MBAR beta anti-rootkit. This program removed 9 entries, but did not allow the option to preview the selections before removing them. I did not see an option to generate a report. However, I ran Norton PE again and found that the native Images were gone.

I have found that the rootkit tools mess up passwords and such; so I don't run them unnecessarily. Please confirm if said tools need to be run.

Meanwhile, since I had recovered some Administrative privilege, I again ran IE 11 installation from the stand alone .exe. It once again reverted at 98%. I will show a snapshot in a following post. However, since I did not run the installation out of Windows Updates, I did not get the typical Error message. Rather, I grabbed a log from C:\Windows\Windowsupdate.log and found reference at the point of reversion to:

Error 0x80004015

There are references to this on the web, and proposed scanners and repair tools. However, I don't know if they are trusted sources. Do you have a trusted source for a scanner/repair tool for this error code?

 

[the stuart]

Failed IE 11 Installation Logs

Here is today's Windowsupdate log for the failed IE 11 installation. In addition to Error 0x80004015, there is an earlier reported error 0x8024000b. Both of these errors were present in my initial effort to present my problem. They have been reported on the web in recent years. I do not know if it is reasonable to address them as individual problems, or whether there is an overarching problem to be addressed.

View attachment 2016-02-20 Windowsupdatel.og Failed IE 11 Installation.txt

Following is an abstract of the log from today in IE11_main. Again it shows a late failure to remove a temporary directory, but I have no knowledge as to whether this is of any significance.

View attachment 2016-02-20 IE11_main abstract.txt

 

[the stuart]

Microsoft Fixit

Hi Stuart,
Can you run this MS fixit to repair your user profile
http://support.microsoft.com/kb/947215

Your user accounts do seem to be changing, from 2 to 4 to 1 with odd characteristics.
Certainly not an everyday occurance, pushing me towards an infection, virus/rootkit.


AFTER you have run the fixit recheck your User profile, make a copy please.
THEN REBOOT
Check it again if its changed then that would definately point to an infection.
The changing of this profile could cause the Cryptographics error and and why IE wont download.

Roy

torchwood, I downloaded a fresh MS Fixit and ran it. User profile immediately after:


Rebooted. User profile immediately after reboot. No change. Is it supposed to know the size? Properties of c: knows the size.

 

[the stuart]

Malwarebytes install fail

Hi Stuart,

Whilst its offline
could you run Malwarebytes free dont take the trial version (check the scan for Rootkits in dashboard)
And Run ESET on-line. you will have to dissable any other AV you have on the system.
Include your WD HD in the scans.

Roy

torchwood, I downloaded the program that I believe you have referred to. I was unable to install it. Access was denied. This has been a problem with several (x86) programs and I believe that it is systemic.






I still have Malwarebytes mbar Anti-rootkit program on my computer, but I don't like it because it does not provide the opportunity to review what it has isolated for removal

 

[the stuart]

Windows Update Posting Instructions

Progressing to Step 4 of the Windows Update Posting Instructions, having right-clicked on the CBS folder on the desk top to send to a compressed zip folder, I received the following File Access Denied message:
View attachment 382192

I do not know if this is normal. However, I clicked on Continue for all current items and the program created a .zip file of nearly 1GB on my desktop. However, I am afraid that I don't have the foggiest on what to do with it.

 

[torchwood]

Hi Stuart,
More interestings snippit from those logs,
its showing its trying to update drivers on your WD drive,
its failing to read your update manifests,
and your system is trying to use the wrong authorisation/policy security discripters to download.
With the above, plus the IE10/11, Office 2003 crypto, MBAM antirootkit finding errors, Norton finding problems, User profile corruption.
Tha most Damming of these is that MBAM found something, although we dont know what.
99% of Security/malware forums advocate the wiping of drives and a Re-install of the OS after rootkit infection.

Its looking more and more likely that the only way to really get your system running properly is a clean install.

The more we are looking into it, the more problems were finding.
I am NOT a malware expert.
IF you do not want to persue the clean install route, I would advise you to go to BleepingComputers, Am I infected sub-forum, and follow the instructions there.
(xref this topic).

Roy

 

[the stuart]

torchwood, thank you for the frank assessment. There does seem to be a lot wrong. Some say that the mbar program leans towards false positives, but we will never now what it objected to (pity). Since I no longer use this computer for serious work, I will have to consider the merits of limping along until something dies, such as the hard drive, versus a proper reconstruction. As you have noticed, I have tugged earlier generations of software into the present and it is sometimes not easy to reinstall original discs and find available the beneficial updates.

I will take your advice and reference this thread over on BleepingComputers and see if there is a malware expert there that can assist with a reasonable recovery of my system.

Thanks for your time and advice.

stu