Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ran malware programs can't run anti-virus. [Closed]


  • This topic is locked This topic is locked

#1
kevo1243

kevo1243

    New Member

  • Member
  • Pip
  • 8 posts

So I'm having major problems with my computer. I think I have some kind of virus because none of the anti-virus scanners I have/had will run. I followed the pinned topic on what to do and I had some success but now I am stuck. Currently I have ran the Microsoft Malware remover, Super Anti-Spyware, and Vipre Rescue. They all found malware and said them removed it but I still can open any anti-virus programs or scanners. I have McAfee which won't open or uninstall at all. I had Spybot SD and that works but won't run the system scanner so I uninstalled it. I also have downloaded (several times with several different methods) MBAM but it won't run after it's download to my computer. The past few tries safe mode hasn't work either. I'm not sure what to do from here. Any help will be greatly appreciated. Thanks.


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first thing to do is have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Done. Here are the logs.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if the AV's run after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

CreateRestorePoint:
HKU\S-1-5-21-891251935-3120285653-2804985873-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
HKU\S-1-5-21-891251935-3120285653-2804985873-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxp://websearch.goodforsearch.info/?pid=24388&r=2015/04/28&hid=16055180246164775777&lg=EN&cc=US&unqvl=86&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: No Name - C:\Users\Doris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2015-01-16] [not signed]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-07] [not signed]
S2 763bdca1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemMuscle\SystemMuscle.dll",serv
S4 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [66576 2010-02-07] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [135696 2010-02-07] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [56336 2010-02-07] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [100368 2009-11-23] (Trend Micro Inc.)
S3 BS844634783; \??\C:\Users\Doris\AppData\Local\Temp\NTFS.sys [X]
2015-11-09 19:25 - 2015-11-09 19:25 - 00002982 _____ C:\Windows\System32\Tasks\{981DCB0E-CA7D-461D-9849-771EED5634FC}
2015-11-08 08:16 - 2015-11-08 08:18 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-06 05:34 - 2015-11-06 06:06 - 00090112 _____ C:\ProgramData\7B571D05.EX
2015-11-06 04:30 - 2015-11-06 04:30 - 00004096 _____ C:\ProgramData\RegSvcs_32.exe
2015-11-06 04:29 - 2015-11-06 04:29 - 00004096 _____ C:\ProgramData\igfxEM_32.dll
2015-11-03 09:34 - 2015-11-03 09:34 - 00004096 _____ C:\ProgramData\igfxext.dll
2015-11-02 11:32 - 2015-11-02 11:32 - 00004096 _____ C:\ProgramData\TabTip32.exe
2015-11-02 11:32 - 2015-11-02 11:32 - 00004096 _____ C:\ProgramData\RdpSaProxy.dll
2015-10-30 11:47 - 2015-11-09 10:57 - 03471692 _____ C:\Windows\system32\CFG844634783
2015-10-30 11:33 - 2015-11-10 20:43 - 00000000 ____D C:\Users\Doris\AppData\LocalLow\{9B9E384B-DCAD-4947-9C85-0398126A8F74}
2015-10-30 11:33 - 2015-10-30 11:35 - 00000000 ____D C:\Users\Doris\AppData\LocalLow\{5680D453-3077-4CEB-BF4C-C225BDDED71F}
2015-10-30 11:33 - 2015-10-30 11:34 - 00000000 ____D C:\Users\Doris\AppData\LocalLow\{EAD0D77F-C8C2-4664-B5ED-B96A684CCAD7}
2015-10-30 11:24 - 2015-10-30 11:24 - 00000000 ____D C:\Users\Doris\AppData\OICE_15_974FA576_32C1D314_29F8
CustomCLSID: HKU\S-1-5-21-891251935-3120285653-2804985873-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\actxprxy.dll () <==== ATTENTION
Task: {F278912E-2671-42DF-B66B-48116DF441AC} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\Doris\AppData\Roaming\Microsoft\Protect
C:\Users\Doris\AppData\Local\Temp\NTFS.sys
c:\Program Files (x86)\SystemMuscle
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here are the logs. No success with the AV.

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one folder did not want to go .. Time for a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#7
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I had already downloaded and ran ComboFix a few days ago. Should I run it again? Would the log be ComboFix.txt?


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Yes run it again please


  • 0

#9
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here is the ComboFix log.

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK once this next fix has run could you repair McAfee as per this page https://kc.mcafee.co...tent&id=KB56087

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
c:\programdata\VusSumx
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements


#11
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here's the log. I'm still trying to figure out how to fix McAfee from the cmd screen.

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

GO for an uninstall/re-install


  • 0

#13
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I just can't get the <path> part to work. I have several McAfee folders and when I tried to plug the file location in most of them say Cannot find the file specified. The one I thought might be correct said Access denied.


Edited by kevo1243, 18 November 2015 - 04:24 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK download the McAfee removal tool from here http://www.majorgeek...moval_tool.htmland run it

Once done download a fresh copy of McAfee and install it please
  • 0

#15
kevo1243

kevo1243

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Sorry been busy past few days. I'm not able to get that to run. Not many things I download will run but the computer is a lot fast. I think the way to go is manually uninstall through the cmd prompt but I need to figure out how.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP