BleepingComputer.com: Cannot Install Antivirus or Turn on Firewall

I'm completely comfortable with computers and the internet and never have problems with my own, or if I do, usually sort them out quick and easy. But my dad and little brother have trashed the parent computer with God-knows-what, and it's been having consistent little problems.

I've worked around it and removed any suspicious exe's from the processes and found a couple of the mimic security clients and anti-malwares that are just junk themselves. I removed those with RevoUninstaller. I ran Registry First Aid, defragged and compressed everything, and both SuperAnitSpyware and MalwareBytes. Each found a few files that I already removed and can't recall what they were called. Some were trojans, some were malware.

In the process I've tried to install EsetNod32 several times, and the computer is somehow blocking it. I removed both AVG free and Windows Security Essentials and attempted to install it again, and the installer locks up right at the start. It used to say "eset nod32 install ended prematurely because of an error your system is not modified" but now it doesn't even attempt to install.

I've also tried to turn on the Windows Firewall, and I get error "Windows Firewall Can't Change Some Of Your Settings. Error Code 0x80070424".

We've had a lot of slow connection issues on and off, and it seems to affect the router itself, as my school macbook connected to the wireless experiences connection issues with like Facebook and Yahoo the same time it messes up my dad's computer. I have to dump the cache, clear cookies, and restart usually to get it working again. I've recently reset my router and modem entirely, and after clearing the registry (the first time I ran the first aid I got 2000+ erros, but since it only yields like 2-40 at a time) the connection speeds have been more stable.

I'm concerned that I can't install my prefferred antivirus, the firewall wont turn on, and that I haven't completely eliminated the original infection. (Whatever it was??)

I wish I could tell you more, but since I don't run this computer often, and my dad has no idea what he's talking about, I can only give you this much to start with. I'm ready to run a hijackthis log if needed, and I know this forum is anti combofix and rkill and all that, but I have experience with them previously if need be, though I don't think this computer is that seriously bugged (I brought a computer from the graveyard that /everyone/ told me needed wiped and reimaged completely with help from this forum, so, I look forward to that again).

Anyway, thanks!


~Shey

[Edit: Windows 7 x64bit]

This post has been edited by Sheylore: 16 January 2012 - 03:27 PM

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


Launch it and Type

consrv.dll in the BOX and click on search files

Post the generated log

Good luck

Farbar Service Scanner
Ran by DAD (administrator) on 16-01-2012 at 15:37:35
Windows 7 Home Premium Service Pack 1 (X64)

************************************************
================== Search: "consrv.dll" ===================

====== End Of Search ======


Aka, nothing?

Lets fix the firewall issue first

To be on safer side before running registry fixes i would suggest you to

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Now Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

If it opens as a notepad,right click on them

Click on OPEN WITH

Click on BROWSE

navigate to C:/WINDOWS and select REGEDIT and click ok

Now you should get a UAC prompt,click YES

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Good luck

Fantastic, it worked to fix the firewall.

What next?

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-16 17:16:51
Windows 6.1.7601 Service Pack 1
Running: n17sc3pn.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\DAD\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- EOF - GMER 1.0.15 ----



That doesn't look like a bad file. Could I have gotten rid of the junk already and something else be preventing me from installing my antivirus?

Download

http://download.eset.com/special/ESETUninstaller.exe

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2012_1796.exe

Run both the removal tools

Click on start button and type

cmd

Right click cmd and select run as administrator

Now run this command

net stop winmgmt

Click Y and press ENTER

Now type

start wbem

Delete the repository folder in WBEM

Now again run this command

net start winmgmt

Restart your PC,try to install nod32 again

Good luck

It won't let me delete the repository file - says is in use by another program. I closed everything and tried again - still no?

Run this command again

net stop winmgmt

click Y and press ENTER

You may receive access denied messages,click continue and delete it

Reboot and try again..

This post has been edited by narenxp: 16 January 2012 - 06:22 PM