Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

impossible installed antivirus software


  • This topic is locked This topic is locked
12 replies to this topic

#1 gcerri

gcerri

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 28 February 2016 - 05:21 PM

Good evening, sorry for my bad english language,

My antivirus software was Comodo (only firewall), AVG 2015 free, spybot, malwarebytes anti-malware, spywareblaster all free license.

My browser is Firefox.

I perform regular update of software.

Some days ago, Firefox was slow, but I didn't think about it.

I unistall AVG 2015 free to install Bitdefender free, but after the peroid free I forgotten to submitted the registration free and I cann't install Bitdefebder another time.

So I had non a antivirus, I think to reinstall AVG 2015

I cann't install any antivirus software (AVG, Bitdefender) only Microsoft Security Essential and I use Microsoft firewall .

In my PC I have Vista, and free: spybot, malwarebytes anti-malware, spywareblaster.

I performed antivirus scan with Microsoft Security Essential, spybot and malwarebytes anti-malware: no virus was found.

So I try to install Comodo Internet Security, Bitdefender or AVG 2015 free but it was impossible so I performed Hajiack and Combofix: of these I attach the log.

 

Can you help me??????????

 

Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 29 February 2016 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 gcerri

gcerri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 March 2016 - 05:18 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

Here is to you, I hope you resolve my problems..

Thank you very much...

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 03 March 2016 - 09:05 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1904796891-2009036076-3679215666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1904796891-2009036076-3679215666-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-12] (AVG Technologies)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17064 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [628336 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40712 2015-08-05] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91176 2015-08-05] (COMODO)
S3 catchme; \??\C:\Users\gcerri\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
Task: {665F7700-D416-4A6F-A063-375CDCD51B4F} - \GlaryInitialize 4 -> No File <==== ATTENTION
Task: {6FDEF36D-45CF-4485-9E18-9FCED61939B9} - \GlaryInitialize 3 -> No File <==== ATTENTION
Task: {7A2B6FC9-AFF7-42F0-B616-436EF8443EB2} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis627A.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
C:\ProgramData\cis627A.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and run the Comodo removal tool.
https://forums.comodo.com/install-setup-configuration-faq-cis-b141.0/-t71897.0.html

Restart the computer normally.

==

Download the AVG removal tool from this page.
http://www.avg.com/se-en/utilities
Select this dowload AVG Remover

Run the tool and restart the computer when completed.

===

Can you now install your preferred security program?

#5 gcerri

gcerri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 04 March 2016 - 05:11 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1904796891-2009036076-3679215666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1904796891-2009036076-3679215666-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-12] (AVG Technologies)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17064 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [628336 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40712 2015-08-05] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91176 2015-08-05] (COMODO)
S3 catchme; \??\C:\Users\gcerri\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
Task: {665F7700-D416-4A6F-A063-375CDCD51B4F} - \GlaryInitialize 4 -> No File <==== ATTENTION
Task: {6FDEF36D-45CF-4485-9E18-9FCED61939B9} - \GlaryInitialize 3 -> No File <==== ATTENTION
Task: {7A2B6FC9-AFF7-42F0-B616-436EF8443EB2} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis627A.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
C:\ProgramData\cis627A.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and run the Comodo removal tool.
https://forums.comodo.com/install-setup-configuration-faq-cis-b141.0/-t71897.0.html

Restart the computer normally.

==

Download the AVG removal tool from this page.
http://www.avg.com/se-en/utilities
Select this dowload AVG Remover

Run the tool and restart the computer when completed.

===

Can you now install your preferred security program?

 

I have done all, I hope well.

So here is the log previous remove Comodo e AVG



#6 gcerri

gcerri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 04 March 2016 - 05:13 PM

Sorry I have forgotten the attach.......

 

Thank you very much

Attached Files



#7 gcerri

gcerri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 04 March 2016 - 05:57 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1904796891-2009036076-3679215666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1904796891-2009036076-3679215666-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-12] (AVG Technologies)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17064 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [628336 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40712 2015-08-05] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91176 2015-08-05] (COMODO)
S3 catchme; \??\C:\Users\gcerri\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
Task: {665F7700-D416-4A6F-A063-375CDCD51B4F} - \GlaryInitialize 4 -> No File <==== ATTENTION
Task: {6FDEF36D-45CF-4485-9E18-9FCED61939B9} - \GlaryInitialize 3 -> No File <==== ATTENTION
Task: {7A2B6FC9-AFF7-42F0-B616-436EF8443EB2} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis627A.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
C:\ProgramData\cis627A.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and run the Comodo removal tool.
https://forums.comodo.com/install-setup-configuration-faq-cis-b141.0/-t71897.0.html

Restart the computer normally.

==

Download the AVG removal tool from this page.
http://www.avg.com/se-en/utilities
Select this dowload AVG Remover

Run the tool and restart the computer when completed.

===

Can you now install your preferred security program?

 

I have done double clock on AVG remove... all right... I think....

I have done double clock on comodo uninstaller tool v0.3b, after I do........ 

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 05 March 2016 - 08:39 AM

I AVG is completely remove and all is well you can forget about the Comodo.

If not then you have to run No 1.

p.s.
Make sure you have a good System Restore point in case something goes wrong.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 11 March 2016 - 10:22 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#10 gcerri

gcerri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 March 2016 - 03:41 PM

Hello,

I don't know if I have  uninstalledd Comodo: I have wroten: ' I acknowledge the risks' after double click on Unistall Comodo Internet Security.

Firefox is very slow.

It impossibile to install Microsoft Security Essential update....

What's the problem???



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 13 March 2016 - 07:53 AM

Lets remove any left over from the Failed Comodo installation.

Follow the directives on this page.

https://forums.comodo.com/install-setup-configuration-help-cis-b137.0/-t36499.0.htmle

 

When completed restart the computer normally.

 

Let me know what problem persists.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 19 March 2016 - 08:29 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:03 PM

Posted 25 March 2016 - 06:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users