Can't Run Any Anti-malware Applications

Let's see if we can figure out what is going on with this. We need this to run and create a log. If it is stopping at about 80%, it is a sign of a new MBR infection going around. So let's make sure you are doing it right.

• Download TDSSKiller from Kaspersky directly onto your Desktop
• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7,8 and 10, do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).

• If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• You may see a window similar to the below appear

http://forums.majorgeeks.com/chaslang/images/TDSSkiller/tds1.jpg

• Click on Run to allow the application to run properly.
• If you see any popup warnings from your antivirus or firewall about it trying to access the nework or similar, make sure that you allow it to run/have access.
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.

You will then see the below window
http://forums.majorgeeks.com/chaslang/images/TDSSkiller/tds2.jpg

• Click on the Start scan button to begin the scan and wait for it to finish. When it finishes, you will see a window similar to below accept you may have one indicating infections were found.

http://forums.majorgeeks.com/chaslang/images/TDSSkiller/tds3.jpg

• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should already be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
• Reboot and the infection should hopefully be removed.

TDSSkiller - How to run

 

Try this version:
MBAM Chameleon

 

Shouldn't be necessary.

 

That one.

 

Sorry....once extracted. the application one. It should open a command prompt. Follow the instructions.

 

Screen shot:

 

Please download and run Emsisoft Emergency Kit.
Double click EmergencyKitScanner.exe to install EEK
When the installation of EEK is complete the Emergency Kit scanner will run.
NOTE: Make sure to enable PUPs detection.
Click "Yes" to Update Emsisoft Emergency Kit
Under "Scan" click-on "Malware Scan".
IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted.
Save the scan log somewhere that you can find it (desktop).
Exit Emsisoft Emergency Kit.
Attach the log.

 

Okay....some progress. Rerun RogueKiller and have it remove these items;
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected|Proc.RunPE] regsvr32.exe(11048) -- C:\Windows\SysWOW64\regsvr32.exe[-] -> Found
[Proc.Injected|Proc.RunPE] regsvr32.exe(10180) -- C:\Windows\SysWOW64\regsvr32.exe[-] -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{3946AFE1-4DB0-4D85-990E-A30C1A50ED38} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsProgressBar) -> Found
¤¤¤ Files : 1 ¤¤¤
[VT.Unknown][File] C:\Users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klodbo.lnk [LNK@] C:\Users\jon\AppData\Local\Egsazlo\EGSYGI~1.BJY -> Found

Reboot and rescan with RogueKiller, and try to also run ADWCleaner, MBAM and Hitman.

 

Please download the latest version of FRST the below link.
Farbar Recovery Scan Tool and save it to your Desktop.
Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. You must download to a clean computer!!

Plug the flashdrive into the infected PC before you boot up!!

Option1: Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)
Now boot into normal Windows can continue with the below.

Please download Zemana Malware Removal to your desktop and run it please.
It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please.

 

Download ZHPCleanerto your desktop.
Close all applications (including your web browsers and antivirus)
Double-click on ZHPCleaner to run the tool.
If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
Please click the "J'accepte/I agree" button.
First press the "Scanner" button. Be patient, the scan may take some time.
Do NOT fix/repair anything yet! Please upload that logfile also with your next reply.

Then please run MGTools.exe and attach the MGLogs.zip.

 

Hummmm ......right click start/run and type in msconfig. When it opens, click on the startup tab and give me a screen shot, please.

 

Where did you download QuickTime from?

 

Well, I am not sure if it maybe corrupt, but please use Revo to uninstall it, reboot and rerun ZHP again. I am not finding any thing in your MGLogs.

But these are suspect in ZHP ( so remove them first):
FOUND folder: C:\Users\jon\AppData\Roaming\HMYGSetting =>Adware.Suspect
FOUND file: C:\Users\jon\AppData\Roaming\HMYGSetting\SEIgnore.db =>Adware.Suspect
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adobe-reader.en.softonic.com [] =>.SUP.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net [] =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com [] =>.SUP.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com [] =>.SUP.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\uhytajrtpo-a.akamaihd.net [] =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adobe-reader.en.softonic.com [386] =>.SUP.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net [] =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com [474] =>.SUP.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com [847] =>.SUP.SlimWareUtilities
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com [] =>.SUP.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\uhytajrtpo-a.akamaihd.net [] =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com [] =>Toolbar.Ask

 

Sorry....Revo Uninstaller

 

No problem. Tell me how things are running now. What issues remain, if any?

 

Please do. Your other issues may just be with Windows. We shall see.

 

Just remove what ADW found. Otherwise your logs are clean. Any issues remaining should be addressed in the software forum.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You are very welcome. Good luck.

 

LOL.....you're welcome.