Can't complete 8 steps

[misterzacho]

every time i try to install MBAM or superantispyware i think something is blocking it from installing.

i can download the installers but they wont work.

and the thing is. only the antispyware/antivirus kind of programs wont work. other things can install just fine.

 

[touch]

Hello misterzacho

Ok, let´s try combofix then ->

Rightclick on the link to download combofix here -> https://www.techspot.com/downloads/5587-combofix.html << Save as.

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

 

[misterzacho]

i tried to save it as you said but this pops up

123.exe could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

 

[touch]

Ok. try again without renaming it -

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Please connect all your external hard drive/flash drive before running Combofix, if you have any


Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

 

[misterzacho]

im getting the same message.

i actually renamed MBAM to "123" and the installer worked. but the program still wont run. hah.

 

[touch]

Try combofix and MBAM (123) from safe mode, and see if any of them will run ?

 

[misterzacho]

thanks for all the help touch. actually all i had to do was rename some stuff and i was able to get all the programs working. here are the logs.

edit: added a combofix log also.

 

[touch]

Great

You have two Antivirus programs installed - AVG8 and McAfee
"Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
Not more"

I´ll therefore recommend you remove AVG8 from add/remove programs in controlpanel.

Reboot.

BTW. Have you paid for McAfee ?

Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:
http://www.bleepingcomputer.com/files/lspfix.php
Once the file is downloaded navigate to where you saved the file and double-click on it to start the application
Click on -> I know what I'm doing – move - 3724890.dll to rigth pane using >>> then – Finish – button

Reboot

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
C:\WINDOWS\system32\kdmoji.dll
c:\windows\system32\3724890.dll
C:\WINDOWS\system32\borazufu.dll
C:\WINDOWS\system32\vefudeje.dll
c:\windows\system32\buzozati.dll
C:\WINDOWS\system32\kdkib.exe

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please attach it to your next post


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[misterzacho]

avg wont let me uninstall. it gives me this message:

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

3724890.dll isnt in the the list in LSPfix

there is mdnsNSP.dll, MSWsock.dll, winrnr.dll, and rsvpsp.dll

 

[touch]

Ok. We deal with AVG later, and don´t remove - mdnsNSP.dll, MSWsock.dll, winrnr.dll, and rsvpsp.dll. close LSP Fix

Continue with combofix

 

[misterzacho]

Ok. here ya go.

oh, and I uninstalled AVG.

 

[touch]

There are still remnants from AVG

You have viewpoint running on your computer ->

Viewpoint is considered foistware and is not needed on your computer.


Download and unzip to own folder on Desktop - http://bellsouthpwp.net/p/r/prprogramsstudios/viewpointkiller.zip

Run ViewpointKiller.exe

Reboot.

ViewpointKiller 1.2 FinalViewpointKiller does exactly what it's name says: Kills Viewpoint Media Player. Viewpoint Media Player is an adware that displays bandwith eating popup ads in IE and on your desktop. It comes silently with an install of AIM and will be reinstalled by AIM if uninstalled.ViewpointKiller fixes all of that. It takes off Viewpoint Media Player once and for all.


Open notepad and copy/paste the text in the quotebox below into it:

Killall:

Snapshot::

File::
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\drivers\avgtdix.sys
c:\windows\system32\0B88B7B325.sys
c:\windows\system32\8C8721C1F0.sys
c:\windows\system32\bamonipo.dll.tmp
c:\windows\system32\diteriga.dll.tmp
c:\windows\system32\fodijege.dll.tmp
c:\windows\system32\fuvatozi.dll.tmp
c:\windows\system32\gebojele.dll.tmp
c:\windows\system32\hinilezo.dll.tmp
c:\windows\system32\jimofiji.dll.tmp
c:\windows\system32\kirasahi.dll.tmp
c:\windows\system32\kogetagi.dll.tmp
c:\windows\system32\mehoguhi.dll.tmp
c:\windows\system32\mizukobe.dll.tmp
c:\windows\system32\mopiseje.dll.tmp
c:\windows\system32\pugohawu.dll.tmp
c:\windows\system32\rigiwoti.dll.tmp
c:\windows\system32\sikafemu.dll.tmp
c:\windows\system32\sizesare.dll.tmp
c:\windows\system32\soyeviwa.dll.tmp
c:\windows\system32\tohazite.dll.tmp
c:\windows\system32\toruyuhu.dll.tmp
c:\windows\system32\tupuzeme.dll.tmp
c:\windows\system32\vafubamu.dll.tmp
c:\windows\system32\vomomipa.dll.tmp
c:\windows\system32\yahuyigu.dll.tmp
c:\windows\system32\yidopamo.dll.tmp
c:\windows\system32\yokagumo.dll.tmp

Folder::
c:\program files\AVG

Save this as:
CFScript

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.

 

[misterzacho]

im feeling fat and sassy.

 

[touch]

Why are you feeling fat and sassy ?


Please attach a whole combofix log, as the log you have sent, is a bit short

 

[misterzacho]

hahah. how did that happen

 

[touch]

Dunno

Open notepad and copy/paste the text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
c:\windows\system32\sgccwnj0ev4t.dll
c:\windows\\system32\\buzozati.dll
c:\WINDOWS\\system32\\ddayx.dll
g:\resycled
Folder::
g:\resycled
Filelook::
c:\documents and settings\zach cross\pdq.exe

Dirlook::
c:\program files\12345

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BearShare"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4190eb-4e03-11dc-b0a1-001320c08592}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c780d4-c92b-11db-b01f-000f66efd05b}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddayx]
"DllName"=-
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUmMEUk]

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[misterzacho]

tuesday's coming. did you bring your coat?

 

[touch]

How are things running now ?

 

[misterzacho]

very very very very beautifully.

thank you very much, my friend.

i love you. (no homo)

lol :grinthumb

 

[touch]

Great, and I was glad to help

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.


Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place

Keep safe :wave: