No icons on Desktop & Windows Installer wont stop

Please download and save the below to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Did that help?

 

Sure. That's good! Be sure to attach the rest of the requested logs please.

 

See the instructions again!!!!! We specifically tell you the log is not in the C:\MGtools folder. It is C:\MGlogs.zip


You need to attach the log from ComboFix

 

Note: The first instructions in the READ & RUN ME tell you that you must not have more than one antivirus program installed. You have the below 3 installed:

• Microsoft Security Essentials
• Symantec AntiVirus
• Trend Micro Internet Security

Due to doing this, you now need to uninstall ALL of them. Then you need to reboot. After reboot, you need to do the below. Do not do the below until all of the above are uninstalled. If you have problems uninstalling any of them then use this to uninstall them >> Revo Uninstaller

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt that has previously been requested.
• C:\MGlogs.zip

Make sure you tell us what problems you still are having.

 

You're welcome.

The point here is not whether it is off or on. The problem is that you have more than one AV installed which is a very bad thing to do.

Your logs show TrendMicro Internet Security which is a full security suite that includes antivirus, antispyware, firewall and more. Even if you some how only have the firewall active, you have the security suite and it is not recommended to have multiple security suites trying to control Windows Security Center.

Again, it is whether it is installed at all that we are concered with and it is in your logs.

MGtools does not do this. I believe you mean ComboFix.

No this is a log from ComboFix. ComboFix and MGtools are not the same thing.

Most likely this will be something you need to work out in the Software Forum as it is an issue with Windows Installer not malware. You may have a broken or incomplete uninstall or install that is causing this problem.


I'll take a look at you logs and other messages now.

 

Not according to this MGlogs.zip file you attached. MS Essentials is still running in your logs. You should have made sure you completed the uninstall and you should have rebooted afterwards before running MGtools. You still even had Revo running. You need to attach a new log from MGtools. That is, you need to rerun C:\MGtools\GetLogs.bat and then attach the new MGlogs.zip file. But make sure that you have rebooted since uninstalling everything and do not have Revo running anymore.

 

Refer to the below link for removing Trend Micro. I'll clear up some more from the other two AV's. Plus remove a little bit of malware.

How to uninstall my Trend Micro program using the Trend Micro Diagnostic Toolkit

Java(TM) 6 Update 25 <--- uninstall outdated java.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O15 - Trusted Zone: *.picnik.com
O15 - Trusted Zone: *.wellsfargo.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

After clicking Fix exit HJT.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Driver::
SavRoam
ccEvtMgr
ccSetMgr
SNDSrvc

File::
C:\Documents and Settings\All Users\Application Data\17293092
C:\Documents and Settings\All Users\Application Data\~17293092
C:\Documents and Settings\All Users\Application Data\~17293092r      
c:\windows\system32\NavLogon.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{184F7BF4-4F64-41B6-B77C-A913B40CB036}\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

Folder::
c:\program files\Symantec AntiVirus
c:\program files\Microsoft Security Client

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A621B45A-D138-4A95-BE10-7CABA05EF94E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Will post an additional fix down below.

Possible a permissions issue within your files/folders. Try running the below and rebooting and then see what happens:

Resetting Registry and File Permissions

Yes C:\WINDOWS\system32\msiexec.exe (which is Microsoft Installer ) is showing as running in your logs and this should only be running when an install or uninstall is being performed. Hence you likely have one or more broken/incomplete installations or uninstalls. This is not necessarily a malware issue and you may need to address these and similar issue in the Software Forum. However you can try running the below to see if it picks up on anything.

Windows Installer CleanUp Utility


Now let's run one more fix with ComboFix to cleanup a few more leftovers.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.

You should post about this in the Software forum. It is much better to start a new thread. If this were moved there, many people would ignore it since there are a lot of posts in it already. You should only state the exact problems you are currently having in your new thread, but you can put in a link to the fact that you just had malware removed here.

I'm going to give you final instructions but I'm not going to have your clear System Restore by toggling it as we would normally do because you still may need to use a restore point.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!