Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win 7 - Cannot install, requires admin privileges [Closed]


  • This topic is locked This topic is locked

#1
McDiamond

McDiamond

    Member

  • Member
  • PipPip
  • 13 posts
The computer at my family's home was acting strangely when I checked it out earlier this week. Now that I've sat down with it, I've been able to find out that I'm unable to use System Restore and cannot install programs like Malware Bytes. Nearly every other action sends back an alert saying that I need administrative privileges when I already am an administrator. When I try to run TDSKiller, I get a "Can't initialize log" warning at 10% initializing and "can't load driver" warning at 40% initializing. When I try to run ComboFix, I'm told that the file cannot be found.

A scan with an AVG Rescue disk found pages of malicious cookies and trojan horses, yet deleting all these have not yielded the results I want.

Please let me know if there is any more information I can provide.

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is showing a mass of problems

Could you initially try this programme. If this fails do you either have the windows CD or access to another computer and a USB stick for making a boot disk

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
McDiamond

McDiamond

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Good morning!

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this will be part one of what may be a long damage repair process.. But, let see

Download the attached fixlist.txt to the same location as FRST

Run FRST and press FIX
On completion a log will pop up please post that

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#5
McDiamond

McDiamond

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Attached File  Fixlog.txt   7.4KB   94 downloadsHere is the fixlog that was generated.

Edited by McDiamond, 20 February 2014 - 01:46 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reboot the computer please and let me know if you can run OTL
  • 0

#7
McDiamond

McDiamond

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just finished.

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will now try to remove the IFEO's now that we have killed the file. Again on completion a log will popup please post that. I will be taking it a step at a time for safeties sake :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [Windows COM Host] C:\{$3639-2282-3518-6023$}\iexplorer_.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
[2010/04/28 16:41:56 | 000,001,036 | -HS- | C] () -- C:\ProgramData\erTd
[2010/04/26 17:31:19 | 000,000,928 | -HS- | C] () -- C:\ProgramData\KLry0l
[2010/04/25 13:08:29 | 000,010,986 | -HS- | C] () -- C:\ProgramData\w1vjs2h771

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
McDiamond

McDiamond

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the quick and precise help.

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was the original OTL log :) but no problem

Now we will try combofix to get the main driver

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements


#11
McDiamond

McDiamond

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Tried running ComboFix.exe as-is from the desktop. Was told the file could not be found.
Posted Image

I tried renaming the file to iexplorer.exe and was then told that I need to be an admin in order to run it.
Posted Image
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now re-run FRST for me please, there will be just one log this time
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ooops ... Hang on a second could you right click combofix and select rename. Then rename it to gotcha
  • 0

#14
McDiamond

McDiamond

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Attached File  FRST.txt   30.14KB   53 downloadsChanging the name to "gotcha.exe" didn't help. :P

Edited by McDiamond, 20 February 2014 - 03:29 PM.

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Never give in :)

Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

• Click on Next > then on Update button to download fresh definitions.
Posted Image

• When database updates click Next

• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
Posted Image

• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.


• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP