How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Brandon M. Your Own Question

Brandon M.
Brandon M., Information Systems Manager
Category: Computer
Satisfied Customers: 6976
Experience:  Currently an IT Manager for law firm. Work with Exchange, Blackberries, MS Office daily
12024030
Type Your Computer Question Here...
Brandon M. is online now
A new question is answered every 9 seconds

My computer wont download any antivirus programs. Ive already

Resolved Question:

My computer won't download any antivirus programs. I've already tried the main ones. The download starts, then stops towards the end & won't finish. I'm pretty sure there's some sort of virus on it, but have no idea what to do to get rid of it. I've done clean up and tune up, increased the memory, but the antivirus is the problem. Help!
Submitted: 5 years ago.
Category: Computer
Expert:  Jerry Hannell replied 5 years ago.
hi sir,

what are you trying to download sir?
what program? can you tell me the url ?
Customer: replied 5 years ago.
I've tried windows one care, where the cleanup and tuneup worked, but not the antivirus. Then I tried AVG, which started to download, then stopped, and the same thing happened with other 4 antivirus programs I tried to download. Other downloads are working fine, just the antivirus ones won't work.
Expert:  Brandon M. replied 5 years ago.

Hello,

 

Depending on what kind of infection you have would determine the steps. We're going to start with combofix, as it hunts down and clears out most infections to date. Please follow tehse instructions carefully!

 

Please download combofix from here http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use and save it to your desktop.

 

Download
View Full Image

Download ComboFix Prompt

Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop. An image showing this is below.

Downloading
View Full Image

Downloading ComboFix to the Desktop

When you have the Save as screen configured to save ComboFix.exe to the Desktop, click on the Save button. ComboFix will now start downloading to your computer. If you are on a dialup, this may take a few minutes. When ComboFix has finished downloading you will now see an icon on your desktop similar to the one below.

ComboFix
View Full Image

ComboFix Icon

We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Once you double-click on the icon, you may see a screen similar to the one below.

 

Windows
View Full Image

Windows Open File Security Warning

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.

You will now see the first ComboFix screen as shown below.

ComboFix
View Full Image

ComboFix is Preparing to Run

ComboFix is now preparing to run and when it has finished you will see a screen showing the authorized locations to download Combofix. This screen, press the OK button and you will now see the Disclaimer screen shown below.

ComboFix
View Full Image

ComboFix Disclaimer

If you do not agree to the disclaimer, then click on the No button to exit the program. Otherwise, to continue you should press the Yes button to continue. If you decided to continue, then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

ComboFix
View Full Image

ComboFix is backing up the Windows Registry

Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

ComboFix
View Full Image

ComboFix Recovery Console

At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console. Once it has finished installing, you will be presented with the screen shown below.

ComboFix
View Full Image

ComboFix Recovery Console Finished

 

You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. When it is done, and a log has been created, you can then perform the manual install of the Recovery Console using the steps found in the Manually installing the Windows Recovery Console section.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

ComboFix
View Full Image

ComboFix is scanning the computer for infections

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

Stages
View Full Image

Stages of the ComboFix AutoScan

At the time of this writing there are a total of 50 stages as shown in the image below, so please be patient. The amount of stages will go up as time goes on, so if the amount of stages is different when you run it, please do not be concerned.

41st
View Full Image

41st Stage of the ComboFix AutoScan

When ComboFix has finished running, you will see a screen stating that it is preparing the log report as shown below.

ComboFix
View Full Image

ComboFix is preparing the log report

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. This can be seen in the image below.

ComboFix
View Full Image

ComboFix is almost done!

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you as shown below.

ComboFix
View Full Image

ComboFix Log File

You should now post this log as a reply to the topic where you were asked to run combofix. Your helper will now analyze this log and let you know what they would like you to do nex

Best Regards,

Brandon

Brandon M., Information Systems Manager
Category: Computer
Satisfied Customers: 6976
Experience: Currently an IT Manager for law firm. Work with Exchange, Blackberries, MS Office daily
Brandon M. and 13 other Computer Specialists are ready to help you
Customer: replied 5 years ago.
ComboFix 09-08-09.04 - Janet 08/10/2009 13:19.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.144 [GMT -4:00]
Running from: c:\documents and settings\Janet\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\EXTRACT.EXE
C:\MSCDEX.EXE
C:\uniq
c:\windows\inet20019
c:\windows\inet20019\1.txt
c:\windows\inet20019\mm.pid
c:\windows\inet20019\tmp.req
c:\windows\system32\drivers\etc\hosts.tim
c:\windows\system32\imas3r
c:\windows\system32\svcp.csv
c:\windows\system32\winsub.xml
c:\windows\system32\zlbw.dll

.
(((((((((((((((((((((((((   Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 14:14 . 2009-08-10 14:14     --------     d-----w-     c:\windows\LastGood
2009-08-10 13:49 . 2009-08-10 13:49     --------     d-sh--w-     c:\documents and settings\Janet\IECompatCache
2009-08-09 22:40 . 2009-08-09 22:40     --------     d-sh--w-     c:\documents and settings\Janet\PrivacIE
2009-08-09 22:39 . 2009-08-09 22:39     --------     d-----w-     c:\documents and settings\Janet\Application Data\4200Series
2009-08-09 21:17 . 2009-08-09 21:17     --------     d-----w-     c:\documents and settings\Roger\Application Data\AVG8
2009-08-09 20:58 . 2009-08-09 20:58     580565     ----a-w-     C:\Master_setupFeb2005.zip
2009-08-09 20:57 . 2009-08-09 20:58     9867052     ----a-w-     C:\Mach2.zip
2009-08-09 20:57 . 2009-08-09 20:57     54225     ----a-w-     C:\G-Code.zip
2009-08-03 20:12 . 2006-05-23 22:04     110592     ----a-w-     c:\documents and settings\Roger\Application Data\U3\temp\cleanup.exe
2009-08-03 20:04 . 2009-08-03 20:04     --------     d-----w-     c:\documents and settings\Roger\Application Data\U3
2009-08-03 14:56 . 2009-08-03 14:56     --------     d-sh--w-     c:\documents and settings\Roger\IECompatCache
2009-08-03 14:54 . 2009-08-03 14:54     --------     d-sh--w-     c:\documents and settings\Roger\PrivacIE
2009-08-03 14:25 . 2009-08-03 14:25     --------     d-----w-     c:\windows\system32\scripting
2009-08-03 14:25 . 2009-08-03 14:25     --------     d-----w-     c:\windows\l2schemas
2009-08-03 14:25 . 2009-08-03 14:25     --------     d-----w-     c:\windows\system32\en
2009-08-03 13:54 . 2009-08-03 13:54     --------     d-sh--w-     c:\documents and settings\NetworkService\IETldCache
2009-08-03 13:53 . 2009-08-03 13:53     --------     d-sh--w-     c:\documents and settings\Roger\IETldCache
2009-08-03 13:47 . 2009-07-03 17:09     594432     ------w-     c:\windows\system32\dllcache\msfeeds.dll
2009-08-03 13:47 . 2009-07-03 17:09     55296     ------w-     c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-03 13:47 . 2009-07-03 17:09     12800     ------w-     c:\windows\system32\dllcache\xpshims.dll
2009-08-03 13:47 . 2009-07-03 17:09     246272     ------w-     c:\windows\system32\dllcache\ieproxy.dll
2009-08-03 13:46 . 2009-07-03 17:09     1985536     ------w-     c:\windows\system32\dllcache\iertutil.dll
2009-08-03 13:46 . 2009-07-19 22:48     11067392     ------w-     c:\windows\system32\dllcache\ieframe.dll
2009-08-03 13:46 . 2009-08-03 13:46     --------     d-----w-     c:\windows\ie8updates
2009-08-03 13:46 . 2009-07-01 07:08     101376     ------w-     c:\windows\system32\dllcache\iecompat.dll
2009-08-03 13:44 . 2009-08-03 13:44     --------     d--h--w-     c:\windows\ie8
2009-08-02 20:11 . 2001-08-17 17:48     12160     ----a-w-     c:\windows\system32\drivers\mouhid.sys
2009-08-02 20:11 . 2001-08-17 17:48     12160     ----a-w-     c:\windows\system32\dllcache\mouhid.sys
2009-08-02 17:35 . 2009-08-02 17:35     --------     d-----w-     c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 22:39 . 2009-08-09 22:38     17920     ----a-w-     c:\documents and settings\Janet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:31 . 2005-02-17 13:37     76487     ----a-w-     c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-07-03 17:09 . 2004-01-08 19:23     915456     ----a-w-     c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2001-08-23 16:00     81920     ----a-w-     c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 16:00     119808     ----a-w-     c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2001-08-23 16:00     1291264     ----a-w-     c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"lxbmmon.exe"="c:\program files\Lexmark 4200 Series\lxbmmon.exe" [2007-01-30 230320]
"Lexmark 4200 Series Fax Server"="c:\program files\Lexmark 4200 Series\fm3032.exe" [2007-01-30 160688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\lxbmcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=

R2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe -service --> c:\windows\system32\lxbmcoms.exe -service [?]
R3 Mach2;Mach2 Pulseing Service;c:\windows\system32\drivers\Mach2.sys [2/24/2005 8:34 PM 99168]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSMONLOG

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{805F2046-CDF7-4670-81AC-34DCB82BF27D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 13:24
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-1343024091-2133730867-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8C7A23C-85B9-F2A7-61B2-CDAA72CD6820}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaikcpnpnligcljigopegfhbkmijjd"=hex:61,69,67,64,69,68,6a,68,70,67,6d,66,62,66,
   67,6f,69,6d,62,6c,64,70,67,6b,6b,68,6e,66,67,61,6d,66,6a,63,65,69,6e,61,6e,\
"iafkkiefkbahghdloa"=hex:6a,61,62,64,62,6d,6d,6a,6a,6f,65,63,66,6e,62,64,66,70,
   6f,65,00,00
"halmaohjlgfhikhb"=hex:69,61,69,64,63,63,69,64,6d,6a,6f,69,68,6a,6f,66,63,64,
   00,00

[HKEY_USERS\S-1-5-21-220523388-1343024091-2133730867-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-08-10 13:25
ComboFix-quarantined-files.txt 2009-08-10 17:25

Pre-Run: 12,489,588,736 bytes free
Post-Run: 12,741,033,984 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
C:\ = "Microsoft Windows"

131     --- E O F ---     2009-08-04 07:01
Expert:  Brandon M. replied 5 years ago.

Thanks for the log information. Are you able to goto http://us.mcafee.com/root/landingpages/afflandpage.asp?affid=605&lpname=11865&aco=0&cid=32819 and download the 90 day trial? If you're seccessfully able to download McAfee antivirus, it will clean the rest of your infections.

 

Let me know,

Brandon

Customer: replied 5 years ago.
tried to- got 98% done, then stopped. pop-up box said IE cannot download DMSetup.exe from download.mcafee.com.
Expert:  Brandon M. replied 5 years ago.

Interesting that it let you download combofix. Your PC is definitely infected. I can continue to troubleshoot it with you but I want to ask this first. It is usually hard to get rid of a virus and other trojans especially when they won't let you download anything. The easiest way would be to format and reinstall Windows XP. If you have nothing important on this PC, I would recommend doing this as it would be the least headache causing way. Otherwise, we can continue.

 

Let me know,

Brandon

Customer: replied 5 years ago.
I can try the reinstall. Thanks!
Customer: replied 5 years ago.
I can't find the accept button. Where should it be?
Expert:  Brandon M. replied 5 years ago.

Okay. Let me know if you need any help in doing so, I will be glad to assist. You should be able to accept now.

 

-Brandon

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
< Last | Next >
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
  • I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you! RP Austin, TX
  • Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill Bill M. Schenectady, New York
  • The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you! Frank Canada
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
 
 
 

Meet The Experts:

 
 
 
  • Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
< Last | Next >
  • http://ww2.justanswer.com/uploads/EN/Engineer1010/2012-6-9_132423_jaj12a.64x64.jpg Andy's Avatar

    Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
  • http://ww2.justanswer.com/uploads/BA/barrenrock/2011-10-19_215925_JamesJAFinal.64x64.jpg James's Avatar

    James

    Sr. Computer Support Expert

    Satisfied Customers:

    8376
    20 years of experience building, fixing and servicing PCs and operating systems.
  • http://ww2.justanswer.com/uploads/zeyank/2009-09-26_154244_P8110079.png Ryan H.'s Avatar

    Ryan H.

    Computer Support Specialist

    Satisfied Customers:

    1741
    A+ Certified Technician - 10 Years experience working with all types of computer systems.
  • http://ww2.justanswer.com/uploads/JA/jadedangel57/2011-11-8_193134_janenewsm.64x64.jpg Jane Lefler's Avatar

    Jane Lefler

    Sr Prog Analyst / Technician

    Satisfied Customers:

    0
    Computer Programmer / Technician/ Consultant 16+ years
  • http://ww2.justanswer.com/uploads/RO/robmpreston/2013-9-23_233814_mijiFZm.64x64.jpg RPI Solutions's Avatar

    RPI Solutions

    Support Specialist

    Satisfied Customers:

    3476
    5+ Years in IT, BS in Computer Science
  • http://ww2.justanswer.com/uploads/BA/barunrath/2012-7-5_201954_Profilepic2.64x64.jpg B. Rath's Avatar

    B. Rath

    Computer Support Specialist

    Satisfied Customers:

    8671
    Certified Computer/Networking Support Specialist.
  • http://ww2.justanswer.com/uploads/FS/fszcze/2012-6-18_181848_500test.64x64.jpg Frederick S.'s Avatar

    Frederick S.

    Computer Specialist

    Satisfied Customers:

    7240
    Computer technician and founder of a home PC repair company.
 
 
 
Chat Now With A Tech Support Specialist
Brandon M.
Brandon M.
System Administrator
1290 Satisfied Customers
Currently an IT Manager for law firm. Work with Exchange, Blackberries, MS Office daily