Solved Not able to run any antivirus program

May 7, 2016 at 01:26:35
Specs: Windows 8.1
Hi, I am unable to run any internet security program in my laptop.
I had Kaspersky Internet Security 2014 for one year then it expired on December 2015.
Then i had to install Kaspersky Internet Security 2010 Trial Version for 90days.
After the 3 months it expired and i installed Kaspersky Internet Security 2015 but it was unable to run at all, I uninstalled it and intalled it again like 2 times but in vain it was not able to run. It loads but then goes away and nothing happens.
Then yesterday i downloaded bitdefender and installed it after uninstalling kaspersky and that also was not able to run.
Then i googles some solutions.Used rdkill then tdds killer kaspersky and also malwarebytes which removed 240 malware but its still the same.
The bitdefender is unable to run. Kindly help.

See More: Not able to run any antivirus program

Report •


✔ Best Answer
May 8, 2016 at 07:28:47
Remove it using their uninstaller.

I use this on many, many comps, lets see how it goes. You can only have one AV installed.

Baidu Antivirus ( includes Ad cleaner/blocker )
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Baidu-...
http://www.freewarefiles.com/screen...
http://antivirus.baidu.com/en/



#1
May 7, 2016 at 03:17:17
"Kaspersky Internet Security 2015 but it was unable to run at all, I uninstalled it and intalled it again like 2 times but in vain it was not able to run"
It is partially uninstalled, use their uninstaller.

Kasperksy Lab Products Remover
http://www.softpedia.com/get/Tweak/...
http://support.kaspersky.com/common...
http://www.bleepingcomputer.com/dow...

"i downloaded bitdefender and installed it after uninstalling kaspersky and that also was not able to run"
Use their uninstaller.

BitDefender Uninstall Tool Download
http://www.bitdefender.com.au/suppo...
http://www.bleepingcomputer.com/dow...
http://www.softpedia.com/get/Tweak/...

I use Microsofts AV.


Report •

#2
May 7, 2016 at 03:21:40
"removed 240 malware but its still the same"
After using the uninstallers, you will not yet be clean.

Here are the next 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#3
May 7, 2016 at 10:38:38
Hi, this is the file after i ran scan with adqcleaner

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 20:34:58
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 8.1 Pro (X64)
# Username : userpc - VIVEK
# Running from : C:\Users\userpc\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
[-] Folder Deleted : C:\Users\userpc\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\userpc\AppData\Roaming\goforfiles
[-] Folder Deleted : C:\Users\userpc\AppData\Roaming\IHlpr
[-] Folder Deleted : C:\Users\userpc\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\userpc\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\userpc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

***** [ Files ] *****

[-] File Deleted : C:\Windows\Reimage.ini
[-] File Deleted : C:\Windows\SysNative\roboot64.exe

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1961-n-bf.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKCU\Software\GoforFiles
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\MaxiGet
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKLM\SOFTWARE\GoforFiles
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2222 bytes] - [07/05/2016 20:34:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [2482 bytes] - [07/05/2016 20:33:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2368 bytes] ##########


Report •

Related Solutions

#4
May 7, 2016 at 10:43:11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 Pro x64
Ran by userpc (Administrator) on Sat 05/07/2016 at 20:40:02.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 17

Successfully deleted: C:\ProgramData\1462549404.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\userpc\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\userpc\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\userpc\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_userpc (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_userpc.job (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Windows\prefetch\AVCFREE.EXE-C8A8E029.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERCTRL.EXE-93AE3934.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMAKEVC.EXE-50CE5925.pf (File)
Successfully deleted: C:\Windows\prefetch\FREESTUDIOMANAGER.EXE-B1B83F67.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEVIDEOTOMP3CONVERTER.EXE-EDB1B2EA.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEVIDEOTOMP3CONVERTER_5.0.7-47490C7F.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEVIDEOTOMP3CONVERTER_5.0.7-96507273.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/07/2016 at 20:42:03.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#5
May 7, 2016 at 10:55:39
# AdwCleaner v5.115 - Logfile created 07/05/2016 at 20:33:10
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 8.1 Pro (X64)
# Username : userpc - VIVEK
# Running from : C:\Users\userpc\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Common Files\Speedbit
Folder Found : C:\Users\userpc\AppData\Roaming\download Manager
Folder Found : C:\Users\userpc\AppData\Roaming\goforfiles
Folder Found : C:\Users\userpc\AppData\Roaming\IHlpr
Folder Found : C:\Users\userpc\AppData\Roaming\RHEng
Folder Found : C:\Users\userpc\AppData\Roaming\Systweak
Folder Found : C:\Users\userpc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

***** [ Files ] *****

File Found : C:\Windows\Reimage.ini
File Found : C:\Windows\SysNative\roboot64.exe

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1961-n-bf.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\MaxiGet
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Reimage
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\Software\GoforFiles
Key Found : HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\Software\ilivid
Key Found : HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\Software\MaxiGet
Key Found : HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\Software\systweak

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2322 bytes] - [07/05/2016 20:33:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2395 bytes] ##########


Report •

#6
May 7, 2016 at 13:03:26
I just installed Bitdefender Total Security 2016 ... But still unable to run? Kindly help

Report •

#7
May 7, 2016 at 15:09:31
"I just installed Bitdefender Total Security 2016 ... But still unable to run?"

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#8
Report •

#9
May 8, 2016 at 01:07:17
Whilst I'm going through the Farbar logs, run this.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.
Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
Create a ESET SysRescue CD or USB drive
http://www.eset.com/int/support/sys...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://support.eset.com/kb3509/?loc...
Configure ESET this way & disable your AV.
http://i.imgur.com/wZF1Ppi.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
3: Which web browsers are compatible with ESET Online Scanner?
http://support.eset.com/kb405/?loca...
Online Scanner not working
http://support.eset.com/kb403/?loca...
My ESET product detected a threat—what should I do?
http://support.eset.com/kb117/
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
http://support.eset.com/kb405/?view...
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#10
May 8, 2016 at 01:55:12
Will I have to create a rescue disk even if my laptop is booting ok and the only problem is that antivirus are not running?

Report •

#11
May 8, 2016 at 02:05:24
"booting ok and the only problem is that antivirus are not running?"
Something is blocking it.

We are going do a scan to see if we can find the cause.


Report •

#12
May 8, 2016 at 05:13:38
The scan is going on...

message edited by Vivek95


Report •

#13
May 8, 2016 at 06:29:45
Extracts from the Farbar logs.

AVG PC TuneUp (x32 Version: 16.32.5 - AVG Technologies) Hidden
I would uninstall this, you can always reinstall, if this turns out not to be the problem. Process of elimination.
Use your IObit Uninstaller.
Do a Standard Uninstall & then the Powerful Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif
http://i.imgur.com/HuWkaZo.gif

FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Uninstall, using their uninstaller.
AVG Download Center
http://www.avg.com/au-en/utilities

I don't know why these Bitdefender uninstall files are blocked, I would unblock them.
FirewallRules: [TCP Query User{1EDD9304-BA4F-4CFB-95F7-CBCCEB06C55C}C:\users\userpc\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\userpc\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [UDP Query User{5F6A0ACA-7A66-4E65-A449-109B97BC04EC}C:\users\userpc\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\userpc\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [TCP Query User{DBB2E1EC-063F-4748-AB87-1612A8F7B5AA}C:\users\userpc\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block)

Can you run your AV?


Report •

#14
May 8, 2016 at 06:31:19
How do i run AV ? What does AV mean?

Report •

#15
May 8, 2016 at 06:37:12
AV = AntiVirus.

After each step, let me know, as you have been doing, if you can run your AV ( BitDefender )


Report •

#16
May 8, 2016 at 06:50:13
I removed the avg pc tune up and also ran the avg removal tool but bitdefender is still not running

Report •

#17
May 8, 2016 at 06:51:39
And i do not know how to unblock those bitdefender files.

Report •

#18
May 8, 2016 at 06:52:16
"And i do not know how to unblock those bitdefender files"
Go into your Firewall.

message edited by Johnw


Report •

#19
May 8, 2016 at 07:02:47
I have allowed them to pass through firewall but bitdefender not yet opening.

Report •

#20
May 8, 2016 at 07:03:53
windows 8.1 firewall Add or Remove an Exception
https://www.google.com.au/webhp?hl=...
windows 8.1 firewall exceptions
https://www.google.com.au/webhp?hl=...

Report •

#21
May 8, 2016 at 07:05:58
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {3F490358-D1CE-41C8-8854-CC66A49FA97D} - \LuckyTab -> No File <==== ATTENTION
Task: {DEEDE428-C5A3-4DC6-A78C-0B9C10688B3B} - \AdvancedDriverUpdaterRunAtStartup -> No File <==== ATTENTION
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {1a64c669-cb25-11e4-8264-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {33949d39-b857-11e4-8261-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {33949d72-b857-11e4-8261-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {53874785-9dca-11e5-8285-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {53874799-9dca-11e5-8285-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {6db760b2-b862-11e4-8262-844bf53a5bbe} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {7f8035ea-8606-11e4-8250-08edb9eb3658} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {a356c86f-8929-11e4-8252-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {a356c899-8929-11e4-8252-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {a356c94b-8929-11e4-8252-28924a1aa4c3} - "D:\AutoRun.exe"
ProxyServer: [S-1-5-21-1953466134-3187054483-2567921152-1001] => http=;ftp=;https=;
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 ALSysIO; \??\C:\Users\userpc\AppData\Local\Temp\ALSysIO64.sys [X]
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]

Open FRST or FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#22
May 8, 2016 at 07:06:29
Yes i did the same way .... but still not yet opening i allowed pcsftool exceptions ticked both private and public... they were 4 of them ... but still bitdefender not opening

Report •

#23
May 8, 2016 at 07:13:21
Fix result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by userpc (2016-05-08 17:08:45) Run:1
Running from C:\Users\userpc\Desktop
Loaded Profiles: userpc (Available Profiles: userpc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {3F490358-D1CE-41C8-8854-CC66A49FA97D} - \LuckyTab -> No File <==== ATTENTION
Task: {DEEDE428-C5A3-4DC6-A78C-0B9C10688B3B} - \AdvancedDriverUpdaterRunAtStartup -> No File <==== ATTENTION
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {1a64c669-cb25-11e4-8264-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {33949d39-b857-11e4-8261-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {33949d72-b857-11e4-8261-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {53874785-9dca-11e5-8285-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {53874799-9dca-11e5-8285-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {6db760b2-b862-11e4-8262-844bf53a5bbe} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {7f8035ea-8606-11e4-8250-08edb9eb3658} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {a356c86f-8929-11e4-8252-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {a356c899-8929-11e4-8252-28924a1aa4c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\...\MountPoints2: {a356c94b-8929-11e4-8252-28924a1aa4c3} - "D:\AutoRun.exe"
ProxyServer: [S-1-5-21-1953466134-3187054483-2567921152-1001] => http=;ftp=;https=;
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 ALSysIO; \??\C:\Users\userpc\AppData\Local\Temp\ALSysIO64.sys [X]
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F490358-D1CE-41C8-8854-CC66A49FA97D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F490358-D1CE-41C8-8854-CC66A49FA97D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEEDE428-C5A3-4DC6-A78C-0B9C10688B3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEEDE428-C5A3-4DC6-A78C-0B9C10688B3B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedDriverUpdaterRunAtStartup => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a64c669-cb25-11e4-8264-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{1a64c669-cb25-11e4-8264-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33949d39-b857-11e4-8261-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{33949d39-b857-11e4-8261-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33949d72-b857-11e4-8261-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{33949d72-b857-11e4-8261-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53874785-9dca-11e5-8285-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{53874785-9dca-11e5-8285-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53874799-9dca-11e5-8285-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{53874799-9dca-11e5-8285-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6db760b2-b862-11e4-8262-844bf53a5bbe}" => key removed successfully
HKCR\CLSID\{6db760b2-b862-11e4-8262-844bf53a5bbe} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f8035ea-8606-11e4-8250-08edb9eb3658}" => key removed successfully
HKCR\CLSID\{7f8035ea-8606-11e4-8250-08edb9eb3658} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a356c86f-8929-11e4-8252-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{a356c86f-8929-11e4-8252-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a356c899-8929-11e4-8252-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{a356c899-8929-11e4-8252-28924a1aa4c3} => key not found.
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a356c94b-8929-11e4-8252-28924a1aa4c3}" => key removed successfully
HKCR\CLSID\{a356c94b-8929-11e4-8252-28924a1aa4c3} => key not found.
HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKU\S-1-5-21-1953466134-3187054483-2567921152-1001\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
ALSysIO => service removed successfully
b06bdrv => service removed successfully
massfilter => service removed successfully
MBAMSwissArmy => service removed successfully
ZTEusbnet => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:09:20 ====


Report •

#24
May 8, 2016 at 07:26:22
Antivirus still not opening!!

Report •

#25
May 8, 2016 at 07:28:47
✔ Best Answer
Remove it using their uninstaller.

I use this on many, many comps, lets see how it goes. You can only have one AV installed.

Baidu Antivirus ( includes Ad cleaner/blocker )
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Baidu-...
http://www.freewarefiles.com/screen...
http://antivirus.baidu.com/en/


Report •

#26
May 8, 2016 at 07:33:47
Can i install Kaspersky Internet Security 2015? we give it a try or?

And does Baidu Antivirus offer internet security as well?


Report •

#27
May 8, 2016 at 07:39:13
"Can i install Kaspersky Internet Security 2015? we give it a try or?"
Yep, uninstall the current AV first.

"And does Baidu Antivirus offer internet security as well?"
Yes, I would prefer you try that first, so I can go to bed.

message edited by Johnw


Report •

#28
May 8, 2016 at 08:07:51
My download speed is slow and will take time to download. Kindly go to sleep as i dont want to keep you for long.We will continue tommorow. Thank you for your help so much today ! Dont want to disturb your sleep.

Report •

#29
May 8, 2016 at 08:09:07
I am downloading Baidu and will install that first then will post. Good Night To you n thank you we will continue tomorow as am also exhausted

Report •

#30
May 9, 2016 at 06:20:26
Enable Baidu Ad Blocker
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

Now lets do some cleaning up.
Baidu PC Faster
http://www.softpedia.com/get/Securi...
http://www.freewarefiles.com/Baidu-...
http://www.freewarefiles.com/screen...
http://www.pcfaster.com/en/

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...
http://www.howtogeek.com/198622/her...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Extract from the fixlog.
"EmptyTemp: => 1.2 GB temporary data Removed"
Way, way too big, even if you are a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

Make sure ALL your Regional and Language Options settings are Ok. They will be something similar to this.
How to Change the Region Home Location of your PC in Windows 8 and 8.1
http://www.eightforums.com/tutorial...
http://i.imgur.com/7CCzbbF.gif
http://i.imgur.com/K4NlSSD.gif
http://i.imgur.com/dFcPwcd.gif


Report •

Ask Question