Cannot run Malwarebytes, but I can run other programs

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 
 
 
Uninstall outdated Malwarebytes' Anti-Malware
 
Please download MBAM-clean and save it to your desktop.

• Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.
• It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.
 
 
 
Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

fixlist.txt

[timkr]

sorry for the delay, the laptop started to be slow again but I managed to screenshot taskbar with 400k Memory svchost PID, and I still cannot run malwarebytes i did re download from the link you provided and save them on desktop, again just like normal install (and yes i did this after running mbam-cleaner) agreement, choose path, and install with end message of launch malwarebytes and if i want to enable trial of malwarebytes..

 

oh and i do see Windows Update icon on task bar which says "New updates are available"

 

Fixlog.txt

[TwinHeadedEagle]

Huge svchost.exe is definitely from Windows Update.
 
 
Download Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and attach the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[timkr]

should i let windows update first and then run the rootkit tool or should i just run it now?

[TwinHeadedEagle]

Yes, let Windows Update first.

[timkr]

okay, i want to apologize in advance because it might take a while.. our internet connection is very very slow

[timkr]

um.. i think i cant seem to run mbarootkit also..., when i right click mbar.exe and then click ok to run as administrator, it doesnt show anything

[TwinHeadedEagle]

Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

[timkr]

okay, heres combofix log

ComboFix.txt

[TwinHeadedEagle]

Scan with TDSSKiller
 
Please download TDSSKiller by Kaspersky and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
• Your machine may appear very slow and unusable after that - it's normal.
• TDSSKiller will run automaticaly. Click on Change parameters and click OK.
• Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  If Cure is not available, please choose Skip instead.
• Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

[timkr]

TDSS found no threats, heres the log

TDSSKiller.3.0.0.44_17.05.2015_23.35.17_log.txt

TDSSKiller.3.0.0.44_17.05.2015_23.39.26_log.txt

[TwinHeadedEagle]

Okay, I want you to completely remove ESET now without installing it.
 
 
Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
 
 
Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
• Please include their content into your next reply.

[timkr]

finally.. after super long scan, heres the log

Addition.txt

FRST.txt

zoek-results.log

[TwinHeadedEagle]

How is your PC behaving now?

[timkr]

um my pc is still the same, should i reinstall mbam?

[TwinHeadedEagle]

Yes, try it.

[timkr]

still cannot run the program should i uninstall mcafee?

[TwinHeadedEagle]

Try, but I don't think this will improve something.

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
 

• Click the "Windows Orb" Start button, then click Computer.
• Right-click on the drive that you wish to check > Properties > Tools tab
• In the "Error checking" section, click on Check now.
• Place a checkmark in both boxes > Start.
• If the disk you have chosen is the Windows system disk:
• A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
• Click Schedule disk check > OK and close all windows.
• Re-start the computer. The disk will be checked when the system boots.
• This will take some time to run and at times may appear stalled but just let it run.
• When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
 

• Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
• The Event Viewer window will open.
• In the left pane, expand "Windows Logs" and then click on Application.
• In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
• Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
• Click on that Wininit entry to select it.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

 

 

---

 

Let's try System File Checker

 

 

https://support.microsoft.com/en-us/kb/929833

[timkr]

umm can we do this next weekend? because in 30 min my dad need to bring the laptop for work in a week (until friday, he works out of town, and it is monday here in indonesia..)

 

i just want to say thank you very much for helping me in the past couple of days, i know its a bit frustrating when the problem not solved immidiately, and i think i will re-install eset for now

(it wasnt sarcastic, i really do appriciate your help )

[AdvancedSetup]

Are you still with us?

This topic will be closed soon if we do not hear back from you.

[timkr]

yes i am, but will wait for my dad laptop

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!