[JSntgRvr]

Use the Removal tool (MCPR) to remove any remnant of McAfee in your computer. It should produce a report, save the file to your Desktop. Name the file MCPR_date.txt (for example, MCPR_Jan10_12.txt). Post its contents in a reply.

Are you familiar with the following program?

C:\Users\Danilo\Downloads\A Jornada\jornada.exe

Attach the MBRDUMP.txt to a reply.

[Advertisements]

You are using Explorer++.exe. That will give you a different shell. Rather than using Explorer++.exe, use C:\Windows\Explorer.exe. Does that makes a difference.?

[JSntgRvr]

You are using Explorer++.exe. That will give you a different shell. Rather than using Explorer++.exe, use C:\Windows\Explorer.exe. Does that makes a difference.?

[Habelaumus]

Use the Removal tool (MCPR) to remove any remnant of McAfee in your computer. It should produce a report, save the file to your Desktop. Name the file MCPR_date.txt (for example, MCPR_Jan10_12.txt). Post its contents in a reply.

MCPR didn't produce a log. According to the link you provided I believe the logs are only available if the cleaning is unsuccesful. By the way, thank you very much, I've always wondered how to get rid of all that McAfee stuff.

Are you familiar with the following program?

C:\Users\Danilo\Downloads\A Jornada\jornada.exe

Yes, it's a 15 years-old game that runs in DOS. I have no idea what all the tasks are for.

You are using Explorer++.exe. That will give you a different shell. Rather than using Explorer++.exe, use C:\Windows\Explorer.exe. Does that makes a difference.?

Unfortunatelly it doesn't, when I try to run it the Taskbar appears and then disappears after 1 second, making me unable to use the Taskbar and browse folders. That's why I downloaded Explorer++.

Attach the MBRDUMP.txt to a reply.

Was able to upload it by typing the full path to the file at the field reserved for its name.

Attached Files

•  MBRDUMP.txt   512bytes   219 downloads

Edited by Habelaumus, 25 February 2014 - 10:45 PM.

[JSntgRvr]

Press CTRL+Esc, right click on the start menu and select Properties. Make sure the "Auto-hide the taskbar is not checked."

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

[Habelaumus]

CTRL+Esc does nothing but I'm pretty sure it isn't set to auto-hide. RogueKiller had no option to press 1, so I just clicked the Scan button.

RKreport[0]_S_02262014_164411.txt:

RogueKiller V8.8.9 [Feb 24 2014] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Site : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : Danilo [Privilegios de Admnistrador]
Modo : Verificar -- Data : 02/26/2014 16:44:11
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 0 ¤¤¤

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] 3ad9e93c23657a38903a83292ccd550c
[BSP] 5a1ed2c44a1b5fc8617de4298f537fc7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 260242 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533388288 | Size: 29693 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594199552 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_S_02262014_164411.txt >>

[JSntgRvr]

You must have your registry truncated due to the use of Registry cleaners, as I see no sign of malware in the system.

There is a System Restore point, Restore point made on: 2014-02-13 01:10:47. Attempt to Restore the computer to that point and let me know the outcome. You can reach the System Restore by typing the following at an administrator command prompt:

rstrui.exe

Let me know the outcome.

[Habelaumus]

Thank you very much. Everything seems back to normal. Should I stop fixing the registry? Do you have any suggestions for an antivirus?

And what about the other computer, AV found a virus just after I used it and then it started freezing? And what about Combofix and DDS not working, is this the result of low specs?

[JSntgRvr]

I am glad all is back to normal. The issues, I believe were all related.

Run OTL and click on the Cleanup button. That will remove most of the tools we used during this session. Manually remove all other tool left.

I would recommend AVAST as an antivirus. Stay away from registry cleaners.

Be safe.

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.