Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected infection & unable to update/install antivirus [Closed]


  • This topic is locked This topic is locked

#1
phospholamban

phospholamban

    New Member

  • Member
  • Pip
  • 7 posts
Good evening, thank you for taking your time to assist with my issue.
I've been battling this suspected virus infection since dec '14, ESET NOD antivirus install but definitions expired mid 2014. 
Experiencing chrome crashes + unable to even install/run alternative antivirus programs.
I am unable to copy + paste the logs without chrome crashing (tried copy + pasting small sections and it still crashes). Same issue with IE, unable to paste on this post without crashing.
 
Thank you once again for assisting me and apologies for not being able to paste directly to this post.

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you fully uninstall both Panda and ESET

Then run this fix with FRST

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S3 BS1363859444; \??\C:\Users\hans\AppData\Local\Temp\NTFS.sys [X]
2015-07-31 13:54 - 2015-03-10 15:22 - 01309756 _____ C:\Windows\system32\CFG1363859444
AlternateDataStreams: C:\ProgramData\Microsoft:cF2dHFN7xVyswzGu1dhIT
AlternateDataStreams: C:\ProgramData\Microsoft:TdeL5Ft6Vg13bZP9JV8SpdOH
AlternateDataStreams: C:\Users\hans\AppData\Local\Temp:Uwk60KN30RuPpAsCuBu
C:\Users\hans\AppData\Local\Temp\NTFS.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that


NEXT :

Run a fresh FRST scan please
  • 0

#3
phospholamban

phospholamban

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Dear Essexboy,

 

Thank you for your assistance. I've uninstalled ESET and panda, only errors encountered were failure to remove 2 registry ESET keys. Rest was uneventful.

I am still unable to copy + paste the fixlog/FRST log. Please find them attached. I am able to copy from notepad but the moment I paste into chrome it shuts down. On bootup, adobe updater also crashes. 

 

Warm regards

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now we will work in baby steps this may be windows related as opposed to a virus

Does windows update normally ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2692520 2009-05-14] (ESET)
HKU\S-1-5-21-2207518888-2136318659-246449119-1000\...\Run: [AdobeBridge] => [X]
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-05-22]
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [731840 2009-05-14] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [142776 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134024 2009-05-14] (ESET)
2015-07-31 23:44 - 2015-07-31 23:44 - 00006873 _____ C:\Windows\system32\DB1363859444
2015-07-31 23:40 - 2015-07-31 23:40 - 01309756 _____ C:\Windows\system32\CFG1363859444
2015-07-30 11:07 - 2015-07-30 11:08 - 05657376 _____ (AVAST Software) C:\Users\hans\Desktop\setup.exe
2015-07-30 11:05 - 2015-07-30 11:05 - 05481336 _____ (Avast Software s.r.o.) C:\Users\hans\Downloads\avast_free_antivirus_setup_online_cnet (1).exe
2015-07-30 11:04 - 2015-07-30 11:04 - 05481336 _____ (Avast Software s.r.o.) C:\Users\hans\Desktop\setup1.exe
2015-07-30 10:13 - 2015-07-30 10:13 - 00000000 ____D C:\Users\hans\AppData\Roaming\Panda Security
2015-07-31 23:31 - 2015-03-23 12:00 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-31 23:29 - 2015-03-23 11:59 - 00000000 ____D C:\ProgramData\Panda Security
2010-07-23 19:14 - 2013-06-12 19:13 - 0000037 ____H () C:\ProgramData\obmlf5
C:\Program Files\ESET
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Reset Chrome

1.In the top-right corner of the browser window, click the Chrome menu.
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings, click Reset settings.
5.In the dialogue that appears, click Reset.
  • 0

#5
phospholamban

phospholamban

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hey! Unfortunately windows haven't been updating regularly. 

I've done the above and here's the log (still failing to copy/paste).

 

Thanks again!

Attached Files

  • Attached File  FRST.txt   28.79KB   74 downloads

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This will repair several components of windows and may take up to an hour to run as it will be doing a lot of work

Once it has completed then download and try to install an antivirus and let me know the result


Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme

Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop

waioprescan.JPG

Next select Step 4 and run SFC

waiosfc.JPG

Next select Step 5 and back up the registry

waioregback.JPG

Open the Repairs tab

waioopenrep.JPG

Select the following repair numbers :

1 to 27

Set the system to reboot on completion
The press Start Repairs

waiorepair.JPG
  • 0

#7
phospholamban

phospholamban

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Good morning!

 

I ran the pre scan and repair as instructed, still failed to copy+paste the report on this post. On boot up, had one BSOD with page fault in nonpaged area, not seen it again. 

edit: I've also tried to install AVG antivirus, but am unable to, after clicking "run" on the security dialog (for downloaded programs) nothing happens.

 

Thank you for your time!

Attached Files


Edited by phospholamban, 31 July 2015 - 08:44 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if this will run and what if anything it finds

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#9
phospholamban

phospholamban

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good morning!
I can download but am unable to run aswmbr, after clicking "Run" for the security dialog, nothing happens. 
I manged to catch the error log for the CS6 crash that happens every boot, maybe it might  give some clues?
 
Problem signature:
  Problem Event Name: APPCRASH
  Application Name: CS6ServiceManager.exe
  Application Version: 3.0.0.389
  Application Timestamp: 4f5a20ec
  Fault Module Name: StackHash_27c7
  Fault Module Version: 6.1.7600.16385
  Fault Module Timestamp: 4a5bdb3b
  Exception Code: c0000374
  Exception Offset: 000cdcbb
  OS Version: 6.1.7600.2.0.0.256.1
  Locale ID: 3081
  Additional Information 1: 27c7
  Additional Information 2: 27c7f86da47671e4d7022fd4070d49a5
  Additional Information 3: e157
  Additional Information 4: e1574b43145a41e2213f61ccc0872840

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets approach this from a different angle :)

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Now try to run AswMBR.. Does it work
  • 0

#11
phospholamban

phospholamban

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hello!

I did the above and now I can't boot up at all. have this black screen (I've tried attaching a photo from my phone hope it turns out).

cheers

Attached Thumbnails

  • image.jpg

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK reboot the computer and immediately press and hold F8 a menu will appear select safe mode with networking

Then go to msconfig and reverse the changes
  • 0

#13
phospholamban

phospholamban

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Tried the F8 trick, it didn't give a chance to get to that menu, doesn't get to the black windows screen before it gets to that screen pictured above.

Found an old hdd, am trying to clone it over desperately to revive the computer.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This will create a recover console USB

Download the following three programmes to your desktop :

1. Rufus

For 64bit systems
2. Windows 7 64bit RC http://1drv.ms/1mRsW75
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus
RufusISO.JPG

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB

frstwintoboot.JPG



Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

Windows 7 and Vista screenshots

When you reboot you will see this.
Click repair my computer
RepairVista_7275.jpg

Select your operating system
RepairVista_7277202.jpg

Select Command prompt
RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
frst.JPG
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP