also @ TechSpot: Google challenges U.S. gag order, citing First Amendment

Can't download anti-virus software for some reason

Discussion in 'Virus and Malware Removal' started by Gabbie, Jan 18, 2013.

Post New Reply
Page 2 of 4

  1. Gabbie Newcomer, in training Posts: 44

    YAAA! it works this time! tks!
    Gabbie, Feb 12, 2013
    #21

  2. Broni Malware Annihilator Posts: 40,078   +187

    Very well...
    I still need to you run the tool.
    Broni, Feb 12, 2013
    #22

  3. Gabbie Newcomer, in training Posts: 44

    Sorry. Didnt run the scan back then.

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1020

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 7.0.5730.13

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.596000 GHz
    Memory total: 1061031936, free: 612614144

    ------------ Kernel report ------------
    02/13/2013 18:30:21
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltMgr.sys
    sr.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igxpmp32.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\athw.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\DKbFltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\fsvga.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\M3000KNT.sys
    \SystemRoot\System32\Drivers\STREAM.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\igxpgd32.dll
    \SystemRoot\System32\igxprd32.dll
    \SystemRoot\System32\igxpdv32.DLL
    \SystemRoot\System32\igxpdx32.DLL
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86367ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff863bad98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.02.13.05
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86367ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8634db70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86367ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff863b99e8, DeviceName: \Device\0000005f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff863bad98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe25aa698, 0xffffffff86367ab8, 0xffffffff851df800
    Lower DeviceData: 0xffffffffe10b2b58, 0xffffffff863bad98, 0xffffffff852264d0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F031EC87

    Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 14329917

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14329980 Numsec = 298246725
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================

    Thank you!!
    Gabbie, Feb 13, 2013
    #23

  4. Broni Malware Annihilator Posts: 40,078   +187

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
    Broni, Feb 13, 2013
    #24

  5. Broni Malware Annihilator Posts: 40,078   +187

    Still with me?
    Broni, Feb 18, 2013
    #25

  6. Gabbie Newcomer, in training Posts: 44

    Broni! Thank you for bearing with me!

    eh... I'm having issue again. I can't see the page: http://support.microsoft.com/kb/948247

    I don't dare to run the combofix yet...... before I create the restore point...

    is it possible that I don't have anything that require me to disable? I used to have MCAFEE ANTIVIRUS but then I've deleted it since it wasn't working anymore. I checked and it's no longer in the list of software available on this laptop.

    Thank you!
    Gabbie, Feb 23, 2013
    #26
     

  7. Gabbie Newcomer, in training Posts: 44

    Ehhh the only thing that I can think of would be the Malwarebytes anti-malware version 1.70.0.1100 thingy that I've downloaded and also the windows firewall (do I need to disable it please?) (it's not MICROSOFT SECURITY ESSENTIALS though. it's part of the laptop I suppose...)
    Sorry for my silly questions.....*nerd*
    Gabbie, Feb 23, 2013
    #27

  8. Broni Malware Annihilator Posts: 40,078   +187

    Never disable firewall.


    Broni, Feb 23, 2013
    #28

  9. Broni Malware Annihilator Posts: 40,078   +187

    Still with me?
    Broni, Feb 28, 2013
    #29

  10. Gabbie Newcomer, in training Posts: 44

    HI Broni! Hope you are well.

    there's the rkill log
    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 03/03/2013 04:49:21 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Active Proxy Server Detected

    * Proxy Disabled.
    * ProxyOverride value deleted.
    * ProxyServer value deleted.
    * AutoConfigURL value deleted.
    * Proxy settings were backed up to Registry file.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Backup Registry file created at:
    C:\Documents and Settings\Acer\桌面\rkill\rkill-03-03-2013-04-49-31.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic

    * Automatic Updates (wuauserv) is not Running.
    Startup Type set to: Automatic

    * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 03/03/2013 04:50:31 PM
    Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)
    Gabbie, Mar 3, 2013
    #30

  11. Gabbie Newcomer, in training Posts: 44

    But for some reason after running the Combofix test, I got a box telling me sth like I cant name it as (blank), best to name it with numbers and letters.*nerd*
    Gabbie, Mar 3, 2013
    #31

  12. Broni Malware Annihilator Posts: 40,078   +187

    I have no idea what you're saying :)
    Broni, Mar 3, 2013
    #32

  13. Broni Malware Annihilator Posts: 40,078   +187

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
    Broni, Mar 7, 2013
    #33

  14. Broni Malware Annihilator Posts: 40,078   +187

    Reopened.
    Broni, Mar 10, 2013
    #34

  15. Gabbie Newcomer, in training Posts: 44

    :D! Thank you!
    If I may, please allow me to explain once again:
    I ran the test, but at the end, instead of getting the report, I only got a box/window popped out telling me that I can't name the file as "blank" (there was no name at all), I should rename it with numbers/ letters. I didn't see anything new in the folder or on desktop...(I was confused)
    Today I ran the test again and was hoping to print screen it. But it worked!:eek: the laptop was being restarted but at the end I still can't locate the report.....:confused: Maybe it's because it's not stored on the desktop :\ (remember that you mentioned I should save it in desktop...) it's in the "download" folder.
    I'll double check if it's in the combofix folder if there's any. I hope I can get this done within 24 hrs....
    Thank you so much.
    Gabbie, Mar 10, 2013
    #35

  16. Broni Malware Annihilator Posts: 40,078   +187

    If it's not there re-run Combofix.
    Broni, Mar 10, 2013
    #36

  17. Gabbie Newcomer, in training Posts: 44

    I ran the test for 3 times after downloading it to the desktop again. I still can't see any report.....
    I tried to look for it in the folder, I can only see a lot of funny doc. (can't upload the screen shot for some reason..)
    Gabbie, Mar 11, 2013
    #37

  18. Broni Malware Annihilator Posts: 40,078   +187

    Did you try safe mode?
    Broni, Mar 11, 2013
    #38

  19. Gabbie Newcomer, in training Posts: 44

    Im sorry would you mind to explain a bit further please?
    Gabbie, Mar 11, 2013
    #39

  20. Broni Malware Annihilator Posts: 40,078   +187

    Restart computer in safe mode and run Combofix from there.
    Broni, Mar 11, 2013
    #40
Page 2 of 4

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.