Removing McAfee and bootracer Closed

Question

I have removed McAfee virus scanner and Bootracer umpteen times i.e with Revo uninstaller-windows uninstaller- from the registree  etc.
It comes back every time.
In some cases Creating a restore point failed.
Am I hit with malware? What can I do about it?
sipke

2011N2 · Accepted Answer

Hello,

Please, post the link of the report in your next answer.

Gabriel.

S ipke · Answer

Hello Ambucias,

Thank you for your speedy reply to my query. I have run the required procedure you sent me. All went smoothly. However i got only two icons on my desktop
t.w. ZHPDiag and ZHPFix. Have uploaded the text and wait for your reply.
Thanks again!
Sipke

sipke · Answer

Hello Gabriel,
Sorry , I am alittle confused. I do have the report, but I don't know how to send it to you, as I cannot attach the report to this message. Sorry again.
Sipke

sipke · Answer

Hello Ambucias,

My confusion was that i could not find a website of Gabriel.
 As I understand it now, eveything works through speedshare.
Sorry to you and Gabriel.
I have uploaded the report again.
Hopefully I have done it right this time.
Sipke

2011N2 · Answer

Hello,

You have to copy the link in your next answer, otherwise i can't access to the report... :)

Gabriel.

sipke · Answer

Hello Gabriel,

I am not sure which is the link to the report.

I found the following  links in the thread:
https://ccm.net/forum/affich-742930-removing-mcafee-and-bootracer#1

https://ccm.net/forum/affich-742930-removing-mcafee-and-bootracer#2

https://ccm.net/forum/affich-742930-removing-mcafee-and-bootracer#4

https://ccm.net/forum/affich-742930-removing-mcafee-and-bootracer#5

https://ccm.net/forum/affich-742930-removing-mcafee-and-bootracer#3

Maybe this is what you meant.

sipke

2011N2 · Answer

No.

Speedyshare, when you upload ZHPDiag's report, create a link no ? You have to copy this link in this topic in your answer.
If you don't understand, you can upload a new time the report, and when it is uploaded, you press F6 and then you do Ctrl + C. After, you return in this topic and when you write your answer, press Ctrl + V.

Do you understand ?

Gabriel.

sipke · Answer

Hello Gabriel,

The report has vanished (virus ?). 

Also some programs I have uninstalled have come back the next day.

I have gone through the whole procedure again and have now a new report.

Thank you for your patience !

sipke

2011N2 · Answer

Hello,

OK, but can you upload the report on speedyshare and copy the link in your next answer please ?
I have to look at the report to know if your computer is infected.

Thanks,

Gabriel.

sipke · Answer

Hello Gabriel,

Have uplooaded the report via speedyshare.  This went well.
On pressing F6 and then Ctrl + C 
I did not notice anything happening.
So I went back to the topic and pressed Ctrl + V.
Nothing happened. 
I took a screenshot at the upload which showed the following link:

http://speedy.sh/g7m4d/ZHPDiag.txt

Is this of any use?

Sipke

2011N2 · Answer

Hi,

Good. :)

Download the following Adwcleaner created by Xplode 
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/ 
Launch it (for Windows 7 and 8, click right to run as administrator) 
Click on delete 
Post the log C:\Adwcleaner[Sx].txt on this thread. 

Gabriel.

sipke · Answer

Hello Gabriel,

Thank you for the reply.
Have downloaded Adwcleaner- ran it as administrator.
Executed the scan
after the scan clicked report which created:
C:\Adwcleaner[R0].txt

I have uploaded this report
the link is http://speedy.sh/7yvKt/AdwCleaner-R0.txt.

sipke

2011N2 · Answer

Hello,

Okay, now run again AdwCleaner and click on Delete and post the report.

Gabriel.

sipke · Answer

Hello Gabriel,

AdwCleaner shows only the actions:

Scan - Clean - Report - Uninstall

but NO delete. 

Clicking on Other produced nothing.

What can I do?

sipke

2011N2 · Answer

Hi,

Sorry, click on Clean.

Gabriel.

Sipke · Answer

Hello Gabriel:


Clean was dimmed, so I did the scan again after which I could 

click on Clean.

Got a message that program would shut down to do its work.
So it shut down and rebooted.

But NO REPORT.

I went to work to see if I could find something useful 
taking care that the times were between shutdown 
and reboot

and this is what I found:

In c:\Users\Wil\AppData\Local\Temp\
etilqs_QomUWwQM9f6MOBN	32kb	09-03-14

In c:\Users\All Users\McAfee Security Scan\
ftstate.inii			846b	09-03-14	16:19

In c:\Users\All Users\AVAST Software\Avast\log\
aswAr.log			58k	09-03-14	16:26
GrimeFighter.log	5k	"	16:22
EventLog.log		30k	"	16:19
Resident.log		607b	"	16:18
SecureLine.log		10k	"	16:18
Streamfilter.log		52k	"	16:17
Chest.log			850b	"	16:17
Mail.log			25k	"	16:17

In c:\Users\All Users\AVAST Software\Avast\Secure\
I found:
lient.ovpn			187b	09-03-14	16:18

c:\Users\All Users\AVAST Software\Persistent Data\Avast\Logs\
Update.log		16M	09-03-14	16:17

Sipke

2011N2 · Answer

Hello,

The log is saved at C:\AdwCleaner[S0].txt

Gabriel.

sipke · Answer

Hello Gabriel,

You said:
The log is saved at C:\AdwCleaner[S0].txt

I did not understand the purpose of this message,
so I downloaded it.
What I got was:
AdwCleaner[R0].txt.EXE

Tried to run it but ACCESS DENIED

Sipke

2011N2 · Answer

Hello,

The report is saved in your drive C.
But never mind.

Download Shortcut_Module from this link :

http://www.telecharger.sosvirus.net/download/shortcut-module/

save it to your desktop, run it and click on "Clean" after it has verified if it's up to date

Attention : It'll close all the programs opened like IE, Firefox, Word, etc.

It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.

copy/paste the content of the report in your next answer.

Gabriel.

sipke · Answer

Hello Gabriel,

Have downloaded 
Download Shortcut_Module and ran the procedure.

Pressed CLEAN and got a message to remove antvirus program
which I did. (Avast)

The Shortcut_Module started and after it finished shut down
and rebooted.

But NO C:\Shortcut_Module_date_hour.txt , so I did a search
and found: 

E:\avast! sandbox\S-1-5-21-1490758984-813645090-1167344919-1000\r1019\Shortcut_Module.exe_{33bea63b-a857-

11e3-8b7e-e0cb4ed405ff}

This folder is empty

So nothiing to upload.

Sorry!

sipke

2011N2 · Answer

Hello,

Please disable Avast before running Shortcut_Module.

Gabriel.

sipke · Answer

Hello Gabriel,

A boatful of sour apples.

Did as you told. Dowmloaded the new version of AdwCleaner.
 Ran Scan which was relatively short.
Pressed Clean 
AdwCleaner darkened the screen- only showed the cursor
Waited for 20 minutes, then the cursor disappeared.
Waited for another 20 minutes.
I did a reboot.
After startup i got a message to startup again etc. 
I chose for normal startup, after which I found no report.

I ran AdwCleaner again
Scan - Clean - dark screen - shutdown - reboot
No report.

Got a message (in Ductch)

Translation:

McAfee Security Scan is not available

Your securiy status cannot be checked 
because your pc is not connected to the internet or because 
McAfee Security Scan is temporarily unavailable.
Connect to the internet and click on again or try again later.


                      Cancel                                  Again

-----------
Thank you  again for trying!

Looks like a hopeless case.

Sipke

2011N2 · Answer

Hello,

It's okay for AdwCleaner, but did you run again Shortcut_Module with your Avast disabled ?

Gabriel.

sipke · Answer

Hello Gabriel

Ran the Shortcut_Module with Avast diasabled.

But no C:\Shortcut_Module_date_hour.txt 

In C:\Windowsegistration I found
{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A4007EF2-DB3F-40D2-8170-F052AF1E0735}.crmlog 	18:37	Mar 11, 2014

In C:\Windows	emp
MpSigStub.log  		18:38	Mar 11, 2014

sipke

2011N2 · Answer

Hello,

Open Shortcut_Module and click on the small "R" : the report should open.

Gabriel.

sipke · Answer

Hello Gabriel,

Coul not find any small "R"

sipke

2011N2 · Answer

Hi,

Never mind. ^^

Run again ZHPDiag and send the report.

Gabriel.

sipke · Answer

Hello Gabriel,

The link is

http://speedy.sh/7BV8t/ZHPDiag.txt

Sipke

2011N2 · Answer

Hello,

Good. :)

1. Close all applications 

2. Select and copy all of the lines wich are in this link : https://dl.dropboxusercontent.com/u/32869654/For%20spike.txt

3. ZHPDiag created a short cut on your desktop called ZHP Fix, launch ZHPFix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not 

4. Click on the the Import button and the lines will automatically paste themselves. 

5. Click on the Go button to clean 

6. Confirm by clicking OK 

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time 

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.

sipke · Answer

Hello Gabriel,

I have done as you asked.

Everything went well, except at the end 
no link appeared on my desktop.

The link is ht t p://speedy.sh/g 7m4d/ZHPDiag.txt

I noticed that Bootracer and McAfee are still there

2011N2 · Answer

Hello,

Can you run again ZHPDiag by clicking on the magnifying glass rightmost and answering Yes to the message that appears ?

Thanks,

Gabriel.

sipke · Answer

Hello Gabriel,

Ran ZHPDiag 


The link is:

http://speedy.sh/YV52b/ZHPDiag.txt

sipke

2011N2 · Answer

Hello,

You ran as i said ?
Because the white list is activate.

Gabriel.

sipke · Answer

Hello Gabriel,

Is this the file you mean?

The link is:
http://speedy.sh/zs7QF/ZHPFix-R1.txt

Sipke

2011N2 · Answer

Hello,

No it is ZHPFix's report but in wanted it before so it's good. ^^

Please, in order to help you correctly as fast as possible, you must follow my instructions to the letter without omitting a step. If you have a question before proceeding, please ask.

Now, delete all ZHPDiag's report you have.
After :
1- Double Click on the shortcut ZHPDiag on your desktop.
2- Click on Configure button.
3- Click on the rightmost magnifying glass.
4- Answer Yes to the message that appears.
5- Wait...
6- At the end, upload the report and post the link.

Good luck.

Gabriel.

sipke · Answer

Hello Gabriel,

The link is:

http://speedy.sh/cbmys/ZHPDiag.txt

I don't have a question, but I have noticed, that
programmes I have uninstalled are back the following day.
I have used the Windows uninstaller. the Ccleanet uninstaller
and the Revo uninstaller. No luck.

The same applies to my private emails that I have deleted.
Also back the following day.

Thank you for your patience!

Sipke

2011N2 · Answer

Hello,

OK, bravo. :)

1. Close all applications 

2. Select and copy all of lines which are in this link : https://dl.dropboxusercontent.com/u/32869654/For%20spike2.txt

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not 

4. Click on the the Import button and the lines will automatically paste themselves. 

5. Click on the Go button to clean 

6. Confirm by clicking OK 

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time 

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.

sipke · Answer

Hello Gabriel,

At item 6 when I pressed OK:
instead of item 7
2 windows appeared on my screen.


First window:
	Welcome to the Toolbar Cleaner 1.1 Uninstall Wizard

	This wizard will guide you through the uninstallation of
	Toolbar Cleaner 1.1 
	Before starting the uninstallation, make sure  Toolbar 		
         Cleaner 1.1. is not running
	(I checked: not running)

	Click Uninstall to start the uninstallation.

Second window:
	Bootracer Setup giving me 3 options:
	Modify, Repair and Remove

What shall I do?

sipke

2011N2 · Answer

Hello,

First :
Click on Uninstall.

Second :
Click on Remove.

Gabriel.

sipke · Answer

Hello Gabriel,

Uploaded report.

The link is:

http://speedy.sh/E65C9/ZHPFixReport.txt

sipke

sipke · Answer

Hello Gabriel,

Sorry for the delay!

Although the report stated that McAfee and Bootracer were
deleted they are still there.

When I rebooted Bootracer was working again.

Later there were "funny" movements on the screen and I got  
-access denied- on several files, even on text files and some 
opened full screen.

Also some ini-files were corrupted.

Please do not think I blame you for this.
I have probably done some stupid things.

I think it is probably best to do a system restore
as I cannot uninstall any programmes.

sipke

2011N2 · Answer

Hello,

Strange... Run again ZHPDiag as the last time please.

Yes, it will be probably better if you can restore you system. Have you got a point before this problems ?

Gabriel.

sipke · Answer

Hello Gabriel,

Sorry for the delay!

Tried to restore 3 times but got the same message:
Message:
System Restore did not complete successfully.
Your sysem files and settings were not changed
Details:
The shadow copy provider timed out while flushing
data to the volume being shadow copied.
This is probably due to excessive activity on the
vlume. Try again later when the volume is not being
used so heavily. (0x 80042323)

I ran again ZHPDiag

The link is

http://speedy.sh/zJx5F/ZHPDiag.txt

sipke

2011N2 · Answer

Hello,

OK.

1- Download OTM on your desktop.
2- Run it.
3- In the left part, paste the lines which are in this link.
4- Click on MoveIt!
5- Post the log saved at C:\_OTM\MovedFiles\[MMJJAAAA_***].txt

Gabriel.

sipke · Answer

Hello, 

clicking on the link got me the following error:

Error (404)
We can't find the page you're looking for. Check out our Help Center and forums for help, or head back to home. 

sipke

2011N2 · Answer

Hi,

OK, so try this link : https://www.cjoint.com/14ma/DCstTkyRtXi_for_spike.txt

Gabriel.

sipke · Answer

Hello,

This worked, but....

After the right hand side was filled
I was asked to reboot which I did.

After the reboot i could not find the report.

Sipke

2011N2 · Answer

Hello,

In C:\_OTM\MovedFiles\ ?

Gabriel.

sipke · Answer

Hello,

I have looked and looked
At last I found

E:\_otm\ moved files etc.
containing sub dir 03182014_195112 :
containing sub dirs C_ProgramData , "C_Program Files" , and C_Users 

In C_ProgramData 4 subdirs
 InstallMate , "McAfee Security Scan" , McAfee , BootRacer .

In the other subdirs I found:
"Toolbar Cleaner" 
"McAfee Security Scan" 
BootRacer 

Is this useful?

sipke

2011N2 · Answer

Hello,

You don't have a .txt file ?

And, are McAfee and Boot Racer always present ?

Gabriel.

sipke · Answer

Hello Gabriel,

Apparently both program files were moved to 
C:\programfiles

Yes they are both present.

In E:\_OTM\ moved files\
ther is a log file:
03182014_195112.log     32kb

which begins with

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\McAfee.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\TelevisionFanatic\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ToolbarCleaner\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ToolbarCleaneroptions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\TelevisionFanatic\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA32667-9A8A-4E9C-902F-CA3323180003}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a42d13c-d427-4787-821b-cf6973855778}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}\ deleted successfully.

Sipke

2011N2 · Answer

Hello,

OK and you don't have more in the file ? Because it is a part of the report that i want.
Please try to post all.

Gabriel.

sipke · Answer

Hello Gabriel,

The link is 
http://speedy.sh/PuKHv/03182014-195112.log

Permit me a suggestion.

A number of times the program could not find
the report on the C-drive.
In all these cases traces of the report
were found on the E-partition.

This led me to the following thought:
Normally I receive my downloads on the E-partition.

When I start your programs from this partition
maybe part(s) of the procedure take place on this 
partition instead of on the C-drive.
 
Could this be  heart of the trouble?


sipke

2011N2 · Answer

Hello,

OK, run Delfix now please : https://ccm.net/faq/10663-delfix-removal-of-disinfection-tools
Send the report.

Then, search in your computer if McAfee and BootRacer are always here.

Gabriel.

sipke · Answer

Hello Gabriel,

# DelFix v10.6 - Logfile created 21/03/2014 at 18:50:42
# Updated 11/11/2013 by Xplode
# Username : Wil - WIL-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner[R11].txt
Deleted : HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########

Bootracer and McAfee still present.

sipke

2011N2 · Answer

Hello,

I think that Avast is blocking the deletion.

Run again ZHPDiag as the last time please.

Gabriel.

sipke · Answer

Hello Gabriel,

The link is 

http://speedy.sh/myezN/ZHPDiag.txt

sipke

2011N2 · Answer

Hello,

OK, run again OTM as the last time : https://ccm.net/forum/affich-742930-removing-mcafee-and-bootracer?page=3#51
But in safe mode with networking : https://ccm.net/faq/223-how-to-start-windows-computer-in-safe-mode#how-to-get-into-safe-mode-with-windows-xp-and-vista

Post the log.

Gabriel.

Removing McAfee and bootracer

58 responses

Similar discussions

Subscribe To Our Newsletter!