Onepercent Posted May 6, 2017 ID:1122537 Share Posted May 6, 2017 It's not letting me install ad block to chrome and also preventing installation of malwarebytes, there were some files called "gB59E.tmp.exe" and variations of those that run as processes in the background, i've done 3 scans with avast and it seemed to have deleted some virus' that came installed but this one thing seems to always come back and prevent things. I get an error "Runtime Error (at 14:76) could not call proc" when trying to install malwarebytes and the download for adblock fails. Also, trying to download and run chrome installer from internet explorer mentions the file has been deleted or moved, unless I manually save it somewhere myself and then run it. Here are the Farbar recovery scan tool log files, i've been lurking and seen some threads mentioning their use. Hope they provide some insight, thanks! FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 6, 2017 ID:1122583 Share Posted May 6, 2017 (edited) Hello Onepercent and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Continue with the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... If Malwarebytes will not install try to install via Chameleon, instructions at following link:https://www.malwarebytes.com/chameleon/ Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... One other point, this private IP address is used for internet connection DNS Servers 10.0.0.138 Is known to you and trusted..? Thank you, Kevin... fixlist.txt Edited May 6, 2017 by kevinf80 Link to post Share on other sites More sharing options...
Onepercent Posted May 6, 2017 Author ID:1122593 Share Posted May 6, 2017 (edited) Okay, I couldn't install Malware bytes normally so I used chameleon to install and run, because of the nature of chameleon doing everything automatically I couldn't set any specifics such as rootkits and archives before the scan , though it seemed they were already checked by default after the scan. The "Fixlog" is attached And both Mbam-log and the protection log for today are included as attached As for the 10.0.0.138 DNS, that is my internet router, which is trusted. EDIT: The Mbam and protection logs are in XML format due to me not being able to specify because of chameleon automating the scan and aren't supported by this forum, what should I do? Fixlog.txt Edited May 6, 2017 by Onepercent Link to post Share on other sites More sharing options...
kevinf80 Posted May 6, 2017 ID:1122594 Share Posted May 6, 2017 There are no attachments..? Link to post Share on other sites More sharing options...
Onepercent Posted May 6, 2017 Author ID:1122597 Share Posted May 6, 2017 Sorry, i've just saved the XML data into notepad, they are attached. mbam-log.txt Protection-log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 6, 2017 ID:1122598 Share Posted May 6, 2017 I do not want logs in XML format..... Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Scan Report" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply... Link to post Share on other sites More sharing options...
Onepercent Posted May 6, 2017 Author ID:1122601 Share Posted May 6, 2017 (edited) I'm sorry but the malwarebytes no longer has the section you are directing me in, the malwarebytes program is no longer in free trial and the UI doesn't have those options. EDIT: Well, This is embarrassing, This is my first time using malwarebytes, hope you understand.. So on the free version after the trial period ends, I can do what you asked via the history, and within the application logs. I apologize for my incompetence. Mbam Logfile.txt Protection Logfile.txt Edited May 6, 2017 by Onepercent Link to post Share on other sites More sharing options...
Onepercent Posted May 6, 2017 Author ID:1122605 Share Posted May 6, 2017 (edited) The corrected logfile Mbam Logfile.txt Edited May 6, 2017 by Onepercent Link to post Share on other sites More sharing options...
kevinf80 Posted May 6, 2017 ID:1122607 Share Posted May 6, 2017 Thanks for those logs, continue with the following: Download AdwCleaner by Xplode onto your Desktop. Or from this Mirror Double click on Adwcleaner.exe to run the tool Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Let me see those logs, also tell me if there are any remaining issues or concerns... Thank you, Kevin Link to post Share on other sites More sharing options...
Onepercent Posted May 6, 2017 Author ID:1122614 Share Posted May 6, 2017 Ok. I will do this tomorrow same time, Atm I need my PC for work. Thank you for your assistance thus far. Link to post Share on other sites More sharing options...
kevinf80 Posted May 6, 2017 ID:1122618 Share Posted May 6, 2017 Thanks for the update, catch up later.... Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122759 Share Posted May 7, 2017 (edited) Okay, I'm resuming the fixing process. I haven't installed anything new or changed anything apart from saving some word documents so hopefully nothing should have changed in the meantime. Expect results in the hours it take for the scan to complete. Edited May 7, 2017 by Onepercent Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122761 Share Posted May 7, 2017 Thanks for the update, be aware Sophos scan may take several hours, it is very thorough so time taken is dependent on the amount of data to scan, size of system etc etc... Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122788 Share Posted May 7, 2017 Here are the log files attached. Adwcleaner didn't detect anything, Sohpos Virus removal detected 3 threats and were cleaned. AdwCleaner[S13].txt AdwCleaner[C5].txt SophosVirusRemovalTool logfile.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122798 Share Posted May 7, 2017 What is the current status of your PC, any remaining issues or concerns...? Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122799 Share Posted May 7, 2017 Ok so i'm no longer getting any redirects or false browsers taking over. Adblock is now successfully reinstalled. Seems that the Malwarebytes sitll can't be installed normally (Error runtime at 1476: Could not call proc) which is weird. Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122800 Share Posted May 7, 2017 Run the following scan and post its log... Please download Gmer from Here by clicking on the "Download EXE" Button. Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default ) Leave everything else as it is. Close all other running Programs as well as your Browsers. Click the Scan button & wait for it to finish. Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop. Please post the content of the ark.txt here. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries **If GMER crashes** Follow the instructions here and disable your security temporarily… Thank you, Kevin... Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122809 Share Posted May 7, 2017 here is the finished scan file from GMER. I had to uninstall avast because it would block the program from fully functioning, even if I disabled the shield avast would still block the program. Hope the scan helps. ark.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122815 Share Posted May 7, 2017 GMER log is clean, nothing sinister found... Run Malwarebytes Cleaner Utility, available at the following link: https://downloads.malwarebytes.com/file/mb_clean Ensure to reboot when the utility completes... Next, Set windows up for a "Clean Boot" Instructions here: https://support.microsoft.com/en-sg/help/929135/how-to-perform-a-clean-boot-in-windows Next, Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... Does the install complete? Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122821 Share Posted May 7, 2017 I downloaded the malwarebytes cleaner which completely removed any malwarebytes program, I then set a clean boot and restarted (which is what the windows instructions told me to do). But now trying to install malwarebytes is blocked by the administrator and is preventing me from using the malwarebytes installer, shall I disable clean boot and then install malwarebytes? then AFTER installation initiate clean boot? Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122822 Share Posted May 7, 2017 The clean boot option disables all 3rd party services, no MS services are changed. I had hoped clean boot would let Malwarebytes install... The same link with instructions for clean boot also has instructions to reset back to Normal mode. Do that please... Next, Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop. Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. When RKill completes try Malwarebytes install one more time.. Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122824 Share Posted May 7, 2017 I rebooted back into normal mode via msconfig settings. I then tried installing malwarebytes, but still showed the red "Admin blocked the install 'Not trusted' etc" I then ran Rkill from the desktop and it successfully completed its process from the dos window, logfile is attached in this reply.. I then tried installing malwarebytes again, but it still shows the red "Admin blocked the install 'Not trusted' etc" this is really weird.. I await further commands. Rkill.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122827 Share Posted May 7, 2017 Do the following: a) Click Start b) In the search box type regedit select ok to open registry editor c) Select Edit then Permissions d) Select Advanced tab and Select Permissions from tab menu Have a look at your listed Administator account, what are the permissions...? Link to post Share on other sites More sharing options...
Onepercent Posted May 7, 2017 Author ID:1122830 Share Posted May 7, 2017 (edited) \ The Administrator is on full control. Also, the other image is what the admin blocked prompt looks like when I try to run the malwarebytes installer, I used my phone to take a pic because print screen doesn't work when it shows up. Edited May 7, 2017 by Onepercent Link to post Share on other sites More sharing options...
kevinf80 Posted May 7, 2017 ID:1122834 Share Posted May 7, 2017 Where it shows "Inherited from" what is listed against your Admin account...? It starts as MACHINE\SOFTW in the image you`ve posted... Link to post Share on other sites More sharing options...
Recommended Posts