Couldn't Complete Read Me & Run

I have a Toshiba Satellite X205-S9349 laptop computer with Intel Core 2 Duo T7100 processor, running Windows Vista. I did have Norton Internet Security running and had Spybot Search & Destroy, Spyware Doctor and Ad-Aware for spyware/adware cleaning.

A few nights ago one of my kids used my laptop and when I got it back I found a few things not working properly. Namely:

Internet Explorer will not run. It will start, the window pops up with the rotating circle indicating it is looking to connect, and then the window closes.

Norton Internet Security's Scan function will not run. It still does automatic updating (I can see the time changing on the "Last Update" line), but it will not perform any scanning (full, quick, or custom). The scanning window just pops-up and the circle rotates at the top like it is trying to run, but the numbers all stay at 0 (I have let it run all night and still come back to a rotating circle and zeros) and the program has trouble cancelling or stopping when I try to halt/cancel it. Norton has given me a pop-up window a couple of times telling me there is a "Downloader.MisleadApp", but I cannot find any other details such as what file, location, or activity prompted the warning pop-up.

Spyware Doctor will still run, but will not update and does not find anything on quick or full scans.

Spybot Search & Destroy will not run. When I click it, I get the MS Windows pop-up asking me if I want to run the program, and when I click "Yes", the pop-up goes away, the system disk usage light blinks some and then goes out and the Spybot window never starts up. This is the same with Ad-Aware.

I tried to download Malwarebytes from a thumbdrive, but it will not run either.

Additionally, I have tried to run Norton, Spybot, Ad-Aware, Spyware Doctor and Malwarebytes in Safe Mode to no avail. Some will run, but they don't find anything.

Additionally, I tried to do a System Restore from an earlier setpoint, but it would not complete. When I went to the Symantec website and looked up "Downloader.MisleadApp", it told me to disable System Restore and run a full scan with Norton Internet Security, but the scan would not start (it did the same behavior as described above) and, by turning System Restore off, I lost all of my previous setpoints.

I tried to run "HiJack This" to get a log, but it will not run either. All other MS products (MS Office, Media Player, etc.) as well as my other software programs appear to run alright, I just can't seem to open the Internet or run my adware/spyware/virus scanners to get rid of whatever is on my system.

Just last night, Windows Automatic Updates downloaded and installed some software patches (including one for Windows Defender). Because of this, I assumed my laptop is getting to the Internet, but Internet Explorer is not being allowed to run. Since it got updated last night, I ran Windows Defender this morning and it gave me "0" for the results.

I have uninstalled Norton Internet Security and tried to go through the "Vista Cleaning Procedure" with the following results (since I don't have Internet access on the laptop, I had to download the files onto a USB drive and copy them to the laptop's desktop):

While installing SUPERAntiSpyware.exe from the desktop, the original installation didn't begin (a window flashed and immediately closed). I changed the filename to SAS.exe and double-clicked it. The program started to install and I got the "MS Blue Screen of Death". When the system rebooted, I recopied the file to the desktop as Super.exe and the same thing happened during installation. This time on reboot, I was asked and I had it reboot in SAFE MODE. I tried to install SAS.exe while in SAFE MODE (I didn't think it would work, but I had to try). After another reboot, I double clicked SAS.exe before all the programs had loaded and the installation completed. When I double clicked the SUPERAntiSpyware Free icon, I received a MS popup window saying that "SUPERAntiSpyware Application" had stopped working. I rebooted again and double clicked the icon again, but had the same results. No logfile generated.

Malwarebytes installed, but would not run. Received same popup saying Malwarebytes Application had stopped working. Again, no log file.

ComboFix wouldn't install until I changed the name to CF.exe and during the installation I got a Warning stating that McAfee Virus Scan and McAfee Firewall were running and needed to be disabled before ComboFix was resumed due to possible machine damage. While I can see the McAfee services in the Security portion of Control Panel, I don't have an option to turn them off and they're not listed in the Programs and Features section, so I can't uninstall them. Plus, I never installed McAfee so I don't know where they came from.

I double clicked RootRepeal to extract the zipped files from the USB drive, but the program ran. Numerous files were found with "Not visible to Windows API!" or "Locked to Windows API!" indications, but the scan halted at C:\Windows\winsxs\Manifests\ and wouldn't continue. I was unable to save a report, but a Crash Report was generated and is attached as RootRepeal-crash....

Double Clicked MGTools and a MS DOS window opened. The scan ran and the logfile is attached as MGlogs.zip.

What's next?

 

I found the sheet I used last night. When RootRepeal ran it found some of the following files:

There were 3 files starting with C:\Windows\System32\gxvxc...
And one starting with C:\Windows\System32\drivers\gxvxc...
These files had the Status of "Invisible to the Windows API!"

The remainder of the files had "Locked to the windows API!".
There were numerous files starting with C:\Windows\winsxs\Catalogs\x86_microsoft... & x86_policy...

There were some .NET files:
C:\Windows\inf\.NET CLR Data\_DATAP~1.H
C:\Windows\inf\.NET CLR Networking\_NETWO~1.H
C:\Windows\inf\.NET DATA Provider for SqlServer\_DATAP~2.H
C:\Windows\inf\.NET FRAMEWORK\CORPER~1.H

After hanging for a while at "C:\...\Manifests", the "Blue Screen of Death" came up and the machine rebooted.

Didn't know if this would help any or not.

 

Hi TimW,

Thanks for the response. Usually Haas is the only account with admin privileges. I think I might not have turned the others off after the "Read & Run Me" steps ran me through all the stuff. Secondly, I had uninstalled Spybot S&D completely from my laptop. I'm not sure why it was running from the F: drive (which was my USB jump drive that I was using to transfer files to the laptop since I couldn't get IE to run). I have taken the USB jump drive out and tried to run SAS, MBAM, and Combo Fix on the other two accounts (I didn't try on the Guest Account) with the same results of them not running, or stopping.

As for the 4 files in RootRepeal, here are the full paths:

C:\Windows\System32\gxvxccount
C:\Windows\System32\gxvxcpuqslhxtpowmwwbebbntjewqvmwcufmv.dll
C:\Windows\System32\gxvxcvioeotiftepmsywxbnusicsmjeilgewu.dll
C:\Windows\System32\drivers\gxvxcptdvcyducxrrdqyqmpcaroofdnpqorsc.sys

Do you still want me to run RootRepeal and stop it to "Wipe" these files? If Wipe doesn't work, should I use the "Force Delete" function?

Thank you,
Haas1964

 

TimW,

I was able to delete the files using RootRepeal and stopping it after it found them. I ran the "Read & Run Me First" steps and got everything but RootRepeal to run, yet again. I will be including the two files generated by RootRepeal in the second post. Right now, here are the first three logs from SAS, Malwarebytes and ComboFix.

 

TimW,

Here are the crash file and RootRepeal log along with the zip file from MGTools. What should I do next?

By the way, I can get my Internet to start up now. I've downloaded Firefox and am using it instead of Internet Explorer as my default browser.

 

TimW,

The only issues I still have are that McAfee Antivirus is still running and RootRepeal will not run without crashing (which I think is being caused by McAfee).

The thing is, I think McAfee came pre-installed on my Toshiba Satellite X205-S9349, because I didn't install it. I'd prefer to use Norton Internet Security. However, I can't find McAfee thru the Control Panel's Programs and Features (my laptop is running Vista) and it's not listed in my start menu. I also do not have a subfolder for McAfee listed anywhere on my harddrive. So, how do I uninstall McAfee? Any thoughts or helpful hints would be greatly appreciated?

Thanks for your time,
Haas1964