Malware won't let me use RogueKiller and MGtools; mbam, etc. didn't find anything

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Jackaloper, Jul 27, 2013.

  1. Jackaloper

    Jackaloper Private E-2

    Hi,

    I'm running my laptop in safe mode with networking. I use Windows 7 (professional?) and Firefox. Whatever I have will not allow me to run just about any .exe in normal start up. Mbam and CCleaner weren't even working in safe mode for a while; and who knows what is happening with my Itunes. It also wouldn't allow me to open downloaded rkill and a couple of other programs that I looked up. It would either crash firefox or windows explorer. Mbam eventually found a couple of things, but when it cleared them, the problems were still present. I did this before I found this forum.

    After, I found this forum and proceeded to follow every step of the Read & Run thread to the best of my abilities. I tweaked the system and installed all five programs recommended, but trying to run Rogue Killer and MGtools would, respectively, temporarily crash Windows Explorer and prompt a system error (about not having permission to execute a 16-bit application). I'm not really sure if the Windows Explorer would actually crash trying to run RogueKiller, because it would just shut down the open window and give me a crash report,; I didn't have to reboot the computer at any point after these "crashes". Mbam, tdsskiller, and hitman all turned up a clean system.

    I think it might have also taken out Comodo and AVG, but I am not sure. I haven't been able to access them.

    I need to use this computer in the mean time for work. Will using it allow the thing that is messing it up more time to do so? Also, should I reverse the user account control stuff and try to put up another antivirus in the mean time?

    Thank you for your time!
     

    Attached Files:

    Jackaloper, Jul 27, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm not sure that you are having malware problems.


    Please do the below so that we can boot to System Recovery Options to run a scan.

    For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
     
    chaslang, Jul 27, 2013
    #2
  3. Jackaloper

    Jackaloper Private E-2

    I ran frst.exe off of a flashdrive with no problem. It logged it. However, when I restart the computer in safe mode or normal mode, the computer will not register that there is a flash drive connected. It briefly mentioned that new hardare was found and then stated that the drive software didn't load correctly. When I try to see why not, it quickly vanishes. Now, it won't show anything when I replug it back in.

    Is there a way to save the log on the pc instead with command prompt?
     
    Jackaloper, Jul 29, 2013
    #3
  4. Jackaloper

    Jackaloper Private E-2

    Sorry, I'm not very good at this. I jumped the gun with that last reply. I have now attached the FRST.exe log. I went back into system repair and saved it to the pc hard drive since I can't use the flash in safe mode either.

    So what does that mean when I can use the flash disk under command prompt in system repair, but not in any other mode?
     

    Attached Files:

    Jackaloper, Jul 29, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As I expected previously, it does not appear that you are having malware problems. Your logs are clean. What I would suggest that you first try is to UNINSTALL all of the below and then reboot.

    AVG
    Comodo
    Malwarebytes
    SpyHunter

    After reboot, is there any change?


    Question: Who asked you to run Combofix on 7/27 ?
     
    chaslang, Jul 30, 2013
    #5
  6. Jackaloper

    Jackaloper Private E-2

    I seem to have been able to uninstall Comodo and MBAM. I can't even find Spyhunter in the programs list to uninstall it. AVG uninstaller crashed every time, so I was unable to remove it.

    I reran Farbar in safe mode once before I tried to uninstall the programs and after. I am sending these logs along with their additional info in one txt file. It used to have a roguekiller log too (I thought it didn't work), but it was too large. I thought that the extra farbar info might help. There is something in there about a faulty security processor loader driver and some errors.

    As for the combofix, I downloaded it before I found this forum. A reputable-looking site said to try it, so I did-does this make you cringe:-o. Then I read up abut it as I was running it and decided it was a bad idea to continue before contacting people who actually knew what they were doing. Why, it seems, I ran it again, or why it is in the logs again, I don't remember. I just don't remember. It's so...late...right now...
     
    Jackaloper, Jul 31, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not post any new logs/info.

    Logs that are too large to attach can be compressed into a ZIP file and attach that.

    Run the below to help remove AVG:

    AVG Remover 2013.3341


    Then run the below fix to remove additional leftovers from AVG, SpyHunter, ComboFix and other items you do not need.


    Download this >> View attachment fixlist.txt


    Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST.exe on your flash drive.
    Now reboot back into the System Recovery Options as you did previously.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (See how to attach)

    Now boot into normal Windows and continue with the below.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • Fixlog.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Aug 2, 2013
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds