Can't shut down, windows installer not working, virus detected

Hey there,

So the computer I'm trying to fix here, I've had for about 5-6 years. Two years ago when I more actively used it, it wouldn't shut down and it's been sitting in a corner of my room collecting dust ever since. The past couple days I decided to see if I could get it working again.

So here are the problems/situation:

I ran the Norton Removal Tool because I thought maybe Norton was conflicting with the required McAfee VirusScan Enterprise my school made me download, because I had the same problem on another computer. But after running the removal, the computer still won't shut down or restart--it gets to the "saving files" blue screen and then freezes. I have to just unplug the computer and plug it back in.

I'm also having a problem with Windows Installer and Add/remove programs. I couldn't remove the old versions of Java or install the new one, and I couldn't install SuperAntiSpyware. Every time something tries to install with Windows Installer, it starts and then just freezes.

I've been running the computer in safe mode a bit, because it was the only way to run the malware scans without them freezing half way through. I did a scan with Avast (disabled McAfee while I did it) and the McAfee Enterprise and a virus was detected on both, it might be the same one. I don't remember the name of the one on McAfee, but the Avast one was Kuang something. Both anti-virus programs said the files were deleted, but it hasn't solved the issues I've been having.

Also, the computer will shut down and restart while in safe mode, just not in the normal mode.

I've attached the Malwarebytes, ComboFix and MGlogs. As stated before, I couldn't get an SAS log because the computer wouldn't let me install it.

Since this is an older computer, I've been thinking of just tossing it, but I figured I'd try to fix it first--I have pictures and documents on here that I'd like to save, but I don't want to plug in my external hard drive because I'm afraid that will get infected too. I tried to burn the files to CD, but that didn't work either. I tried 5 different CDs (2 different brands) but I kept getting a message to insert a CD--apparently it wouldn't read that there was one in there.

Hope someone can help. Thanks!

-KHodo

 

Hi Khodo,
Welcome to Major Geeks!


1) You need to have MalwareBytes fix whatever it finds! Run it again!

Then please do the following:

2) Go to add/remove programs and uninstall the below:

Viewpoint Manager (Remove Only)
Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Did you set up the following? If not, please fix it as well.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Do the following programs need to load at startup? If not, please fix them as well.

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103508812\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

After you click fix, just close hijackthis.

7) Next I would like for you to run the following:
Windows Installer CleanUp Utility

8) When you finish the above, run CCleaner at the default setting with the Windows tab as the top one.

9) And now, see if you can run C:\MGtools\GetLogs.bat in normal starup rather than safe mode and attach the fresh MGlogs.zip.


Let me know how things went?

abri

 

Chaslang and abri,

Thanks very much for your help!

-I was unable to install the Windows Installer Cleanup. When I clicked on it, Windows Installer opened and froze. How ironic.

-I fixed the HijackThis entries you specified.

-I used Your Uninstaller to remove Viewpoint and the old versions of Java. I couldn't do these in the first step of the read me because like I said before, Add/Remove programs won't load. I was able to remove Viewpoint fine with Your Installer, but had to use the "force uninstall" for all the Javas.

-I had had MalwareBytes fix what it found the first time I ran the program. Ran it a second time and no malware was found.

-I uninstalled Windows Messenger.

-CCleaner ran fine.

-Getlogs.bat seemed to run fine in normal mode for the majority of the time. It froze at: adding:MGTools/sysinfo.txt </88 bytes security> <deflated 69%> The logs are here and attached, but I'm assuming the system information file is incomplete. I let it sit for about a half hour at that 69% point, but it appeared to have frozen.

I'm glad to know that it seems I have no malware on here and I'll be moving these issues to the software forum now. Thanks again for your help.

I'm thinking of just wiping the whole computer clean--do you think it'd be worth it to post in software forum and try to fix it or to just have it wiped?

 

Hi KHodo,

I'll post you the instructions for removing the tools and logs we had you install. I would not advise resetting your restore points as I doubt they're infected. Then see what the Software Forum can tell you.

If you want to keep HijackThis (analyse.exe) and the backups folder, then please skip the step which asks you to remove HijackThis via add/remove programs and see the extra instructions in brown at the bottom of the box. Keeping these will allow you to use the backups feature if you want to reload any of the startup programs you removed.

abri