Suspected infection & unable to update/install antivirus [Closed]
#1
Posted 31 July 2015 - 12:44 AM
#2
Posted 31 July 2015 - 06:27 AM
Then run this fix with FRST
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
S3 BS1363859444; \??\C:\Users\hans\AppData\Local\Temp\NTFS.sys [X]
2015-07-31 13:54 - 2015-03-10 15:22 - 01309756 _____ C:\Windows\system32\CFG1363859444
AlternateDataStreams: C:\ProgramData\Microsoft:cF2dHFN7xVyswzGu1dhIT
AlternateDataStreams: C:\ProgramData\Microsoft:TdeL5Ft6Vg13bZP9JV8SpdOH
AlternateDataStreams: C:\Users\hans\AppData\Local\Temp:Uwk60KN30RuPpAsCuBu
C:\Users\hans\AppData\Local\Temp\NTFS.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
NEXT :
Run a fresh FRST scan please
#3
Posted 31 July 2015 - 08:19 AM
Dear Essexboy,
Thank you for your assistance. I've uninstalled ESET and panda, only errors encountered were failure to remove 2 registry ESET keys. Rest was uneventful.
I am still unable to copy + paste the fixlog/FRST log. Please find them attached. I am able to copy from notepad but the moment I paste into chrome it shuts down. On bootup, adobe updater also crashes.
Warm regards
Attached Files
#4
Posted 31 July 2015 - 09:02 AM
Does windows update normally ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM-x32\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2692520 2009-05-14] (ESET)
HKU\S-1-5-21-2207518888-2136318659-246449119-1000\...\Run: [AdobeBridge] => [X]
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-05-22]
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [731840 2009-05-14] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [142776 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134024 2009-05-14] (ESET)
2015-07-31 23:44 - 2015-07-31 23:44 - 00006873 _____ C:\Windows\system32\DB1363859444
2015-07-31 23:40 - 2015-07-31 23:40 - 01309756 _____ C:\Windows\system32\CFG1363859444
2015-07-30 11:07 - 2015-07-30 11:08 - 05657376 _____ (AVAST Software) C:\Users\hans\Desktop\setup.exe
2015-07-30 11:05 - 2015-07-30 11:05 - 05481336 _____ (Avast Software s.r.o.) C:\Users\hans\Downloads\avast_free_antivirus_setup_online_cnet (1).exe
2015-07-30 11:04 - 2015-07-30 11:04 - 05481336 _____ (Avast Software s.r.o.) C:\Users\hans\Desktop\setup1.exe
2015-07-30 10:13 - 2015-07-30 10:13 - 00000000 ____D C:\Users\hans\AppData\Roaming\Panda Security
2015-07-31 23:31 - 2015-03-23 12:00 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-31 23:29 - 2015-03-23 11:59 - 00000000 ____D C:\ProgramData\Panda Security
2010-07-23 19:14 - 2013-06-12 19:13 - 0000037 ____H () C:\ProgramData\obmlf5
C:\Program Files\ESET
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Reset Chrome
1.In the top-right corner of the browser window, click the Chrome menu.
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings, click Reset settings.
5.In the dialogue that appears, click Reset.
#5
Posted 31 July 2015 - 10:20 AM
Hey! Unfortunately windows haven't been updating regularly.
I've done the above and here's the log (still failing to copy/paste).
Thanks again!
Attached Files
#6
Posted 31 July 2015 - 10:38 AM
Once it has completed then download and try to install an antivirus and let me know the result
Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme
Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop
Next select Step 4 and run SFC
Next select Step 5 and back up the registry
Open the Repairs tab
Select the following repair numbers :
1 to 27
Set the system to reboot on completion
The press Start Repairs
#7
Posted 31 July 2015 - 08:37 PM
Good morning!
I ran the pre scan and repair as instructed, still failed to copy+paste the report on this post. On boot up, had one BSOD with page fault in nonpaged area, not seen it again.
edit: I've also tried to install AVG antivirus, but am unable to, after clicking "run" on the security dialog (for downloaded programs) nothing happens.
Thank you for your time!
Attached Files
Edited by phospholamban, 31 July 2015 - 08:44 PM.
#8
Posted 01 August 2015 - 04:24 AM
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#9
Posted 01 August 2015 - 08:54 PM
#10
Posted 02 August 2015 - 03:49 AM
In the search box type Msconfig and select the programme that appears at the top
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Now try to run AswMBR.. Does it work
#11
Posted 02 August 2015 - 04:56 AM
#12
Posted 02 August 2015 - 07:00 AM
Then go to msconfig and reverse the changes
#13
Posted 02 August 2015 - 07:04 AM
Found an old hdd, am trying to clone it over desperately to revive the computer.
#14
Posted 02 August 2015 - 07:11 AM
Download the following three programmes to your desktop :
1. Rufus
For 64bit systems
2. Windows 7 64bit RC http://1drv.ms/1mRsW75
3. Farbar Recovery Scan Tool x64
Insert the USB stick Then run Rufus
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
Then copy FRST to the same USB
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
Windows 7 and Vista screenshots
When you reboot you will see this.
Click repair my computer
Select your operating system
Select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
#15
Posted 06 August 2015 - 01:00 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users