[kevo1243]

So I'm having major problems with my computer. I think I have some kind of virus because none of the anti-virus scanners I have/had will run. I followed the pinned topic on what to do and I had some success but now I am stuck. Currently I have ran the Microsoft Malware remover, Super Anti-Spyware, and Vipre Rescue. They all found malware and said them removed it but I still can open any anti-virus programs or scanners. I have McAfee which won't open or uninstall at all. I had Spybot SD and that works but won't run the system scanner so I uninstalled it. I also have downloaded (several times with several different methods) MBAM but it won't run after it's download to my computer. The past few tries safe mode hasn't work either. I'm not sure what to do from here. Any help will be greatly appreciated. Thanks.

[Advertisements]

Hi there, first thing to do is have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi there, first thing to do is have a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[kevo1243]

Done. Here are the logs.

Attached Files

•  Addition.txt   48.65KB   629 downloads
•  FRST.txt   71.59KB   608 downloads

[Essexboy]

Could you let me know if the AV's run after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

CreateRestorePoint:
HKU\S-1-5-21-891251935-3120285653-2804985873-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
HKU\S-1-5-21-891251935-3120285653-2804985873-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Doris\AppData\Roaming\Microsoft\Protect\e4b853e8e5c36aab61ef.rs"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {39AD0726-986D-40F9-972B-E3BFA24B7745} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxp://websearch.goodforsearch.info/?pid=24388&r=2015/04/28&hid=16055180246164775777&lg=EN&cc=US&unqvl=86&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: No Name - C:\Users\Doris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2015-01-16] [not signed]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-07] [not signed]
S2 763bdca1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemMuscle\SystemMuscle.dll",serv
S4 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [X]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [66576 2010-02-07] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [135696 2010-02-07] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [56336 2010-02-07] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [100368 2009-11-23] (Trend Micro Inc.)
S3 BS844634783; \??\C:\Users\Doris\AppData\Local\Temp\NTFS.sys [X]
2015-11-09 19:25 - 2015-11-09 19:25 - 00002982 _____ C:\Windows\System32\Tasks\{981DCB0E-CA7D-461D-9849-771EED5634FC}
2015-11-08 08:16 - 2015-11-08 08:18 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-06 05:34 - 2015-11-06 06:06 - 00090112 _____ C:\ProgramData\7B571D05.EX
2015-11-06 04:30 - 2015-11-06 04:30 - 00004096 _____ C:\ProgramData\RegSvcs_32.exe
2015-11-06 04:29 - 2015-11-06 04:29 - 00004096 _____ C:\ProgramData\igfxEM_32.dll
2015-11-03 09:34 - 2015-11-03 09:34 - 00004096 _____ C:\ProgramData\igfxext.dll
2015-11-02 11:32 - 2015-11-02 11:32 - 00004096 _____ C:\ProgramData\TabTip32.exe
2015-11-02 11:32 - 2015-11-02 11:32 - 00004096 _____ C:\ProgramData\RdpSaProxy.dll
2015-10-30 11:47 - 2015-11-09 10:57 - 03471692 _____ C:\Windows\system32\CFG844634783
2015-10-30 11:33 - 2015-11-10 20:43 - 00000000 ____D C:\Users\Doris\AppData\LocalLow\{9B9E384B-DCAD-4947-9C85-0398126A8F74}
2015-10-30 11:33 - 2015-10-30 11:35 - 00000000 ____D C:\Users\Doris\AppData\LocalLow\{5680D453-3077-4CEB-BF4C-C225BDDED71F}
2015-10-30 11:33 - 2015-10-30 11:34 - 00000000 ____D C:\Users\Doris\AppData\LocalLow\{EAD0D77F-C8C2-4664-B5ED-B96A684CCAD7}
2015-10-30 11:24 - 2015-10-30 11:24 - 00000000 ____D C:\Users\Doris\AppData\OICE_15_974FA576_32C1D314_29F8
CustomCLSID: HKU\S-1-5-21-891251935-3120285653-2804985873-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\actxprxy.dll () <==== ATTENTION
Task: {F278912E-2671-42DF-B66B-48116DF441AC} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\Doris\AppData\Roaming\Microsoft\Protect
C:\Users\Doris\AppData\Local\Temp\NTFS.sys
c:\Program Files (x86)\SystemMuscle
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[kevo1243]

Here are the logs. No success with the AV.

Attached Files

•  AdwCleanerC1.txt   5.13KB   654 downloads
•  AdwCleanerS1.txt   4.8KB   605 downloads
•  Fixlog_13-11-2015_14-51-05.txt   11.61KB   681 downloads

[Essexboy]

OK one folder did not want to go .. Time for a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  http://img.photobuck...claimer_ENG.png

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.
• Notes:
  1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  
  
  Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[kevo1243]

I had already downloaded and ran ComboFix a few days ago. Should I run it again? Would the log be ComboFix.txt?

[Essexboy]

Yes run it again please

[kevo1243]

Here is the ComboFix log.

Attached Files

•  ComboFix.txt   26.95KB   612 downloads

[Essexboy]

OK once this next fix has run could you repair McAfee as per this page https://kc.mcafee.co...tent&id=KB56087

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
c:\programdata\VusSumx
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[kevo1243]

Here's the log. I'm still trying to figure out how to fix McAfee from the cmd screen.

Attached Files

•  Fixlog_17-11-2015_13-57-49.txt   1.95KB   613 downloads

[Essexboy]

GO for an uninstall/re-install

[kevo1243]

I just can't get the <path> part to work. I have several McAfee folders and when I tried to plug the file location in most of them say Cannot find the file specified. The one I thought might be correct said Access denied.

Edited by kevo1243, 18 November 2015 - 04:24 PM.

[Essexboy]

OK download the McAfee removal tool from here http://www.majorgeek...moval_tool.htmland run it

Once done download a fresh copy of McAfee and install it please

[kevo1243]

Sorry been busy past few days. I'm not able to get that to run. Not many things I download will run but the computer is a lot fast. I think the way to go is manually uninstall through the cmd prompt but I need to figure out how.