vrbisftav.exe Office & Excel wont load. Windows Installer etc problems

[abbyyy]

Avast4.8 scan found virus vrbisftav.exe and quarantined it. It's original location was C:\Docs&Settings\[me]\Local Settings\Application Data\uyommy. This folder is still there but shows as empty. Now Excel 2002 wont load. I click AllProgs>Excel> get "Windows Installer>preparing to install ... then the message "the feature you are trying to use is on a network resource that is unavailable...enter alt path to folder containing instln package FP5AUTLff.MSP. OK". I can see Excel opened behind this message but, when i click on the OK, Excel closes. I cannot open Excel from C:\ProgFiles\MSOffice\Office10>ExcelApplnFile nor in Safe Mode - always the same message. I am not on a network; i'm a private sole user.
I'm also getting some messages saying Excel is not installed for the current user, but it is - its there in C:\ProgFiles\MSOffice\Office10.
Scans with MWB and SuperAntiSpyware show clean.

All Restore Points before 19April have gone! I had a CLEAN one created 26/03/2010 after last help from essexboy.

My administrator permissions are being denied so cannot access some things nor reinstall programs.

Start-up is getting slower and slower.

Wondering if my laptop has been hijacked??
Can you assist me, please?

[abbyyy]

Restore Points before 19April have gone! I had a CLEAN one created 26/03/2010 after last help from essexboy.

[Pondus]

Have sendt Essexboy a PM

[essexboy]

Hi Abbyyy where had you been to get re-infected ?

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[abbyyy]

Hi.  I've attached the OTL.Txt.  OTL didnt generate an Extras.txt

[essexboy]

Ok lets see if this resolves most of the problems - we will look at office next

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
O2 - BHO: (no name) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Installation Support)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found

:Services
mcupdmgr.exe
McTskshd.exe
McDetect.exe

:Files
C:\Documents and Settings\John GrayLocal Settings\Application Data\uyommy

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[abbyyy]

All done ok. Here are the OTL QuickScan and ComboFix logs.

[essexboy]

Are you still getting the office popups ?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

.
THEN

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

[abbyyy]

Yes - still getting the popup when i try to start Excel. It still won't load.

OTL QuickScan log is attached.

There was no tick in the Proxy Server Box in LAN Settings of Internet Options.

For Firefox, i am using XP not Vista (which the instructions appear to be aimed at). The Access the Internet setting was No Proxy. I assume that the rest of the article does not apply to me- is that correct?

[essexboy]

Aye it was the basic instructions for the proxy settings

Have you just had an update for Office ?

Can you use excell once the popup has gone ?

[abbyyy]

Re. Have you just had an update for Office ?  No.

Re. Can you use excell once the popup has gone ? I still get the popup when i click on Start>All Programs>Excel.

[essexboy]

The best way around this problem would be to re-install office over the top or try a repair

Instructions for a repair are here http://support.microsoft.com/kb/263958

[abbyyy]

No success.

Tried the kb/263958 Repair Method 2 - same message, plus "The installation source for this product is not available. Verify that the source exists and that you can access it. OK."

Then i tried Control Panel>Add New Programs. The Wizard launches, i put the original MS Office Pro cd in ... it begins ... and fails with the message "The installation source for this product is not available. Verify that the source exists and that you can access it. OK."

[essexboy]

It looks as though the only way to repair this would be to backup your documents and re-install

[abbyyy]

That's a scary suggestion.
Ok, i can back-up My Docs to a separate external drive. As to reinstall - what should i reinstall? And please note following -

So far, all attempts to load, reload, or install programs have not succeeded. Each time i get that message  "Windows Installer ... preparing to install ... feature you are trying to install is on a network resource that is unavailable.  Enter an alt path to the folder containing instln package FP5AUTLff.MSP in the box below." It seems to indicate that i'm still under the control of a network, even though i'm a sole user.

I have MSOffice Pro installed. The following can/cannot be opened via Start>All Progs>MSOffice> :-
     MS Access                   No    i get the msg above
     MS Excel                      No    i get the msg above
     MS FrontPage                -     i get the msg, then it opens and is usable
     MS Ppoint Viewer 2007    ok   can use
     MS Ppoint                     ok   can use
     MS Publisher                  ok   can use
     MS Word                       ok   can use

Through MS Office Tools -
      Activate Product                      No   i get the msg above, it will not open
      MS Access Snapshot Viewer       No   i get the msg above, it will not open
      MS Clip Organiser                      Yes  it opens ok and i can use
      MS Office Appln Recovery           No   i get the msg above, it will not open
      MS Office Doc Imaging               No   i get the msg above, it will not open
      MS Doc Scanning                      No   i get the msg above, it will not open
      MS Office XP Language Settings   No   i get the msg above, it will not open
      Save My Settings Wizard            Yes  it opens ok and i can use

There doesn't seem to be any logic in the above, ie its not just Excel that's affected. WIN INST opens some progs and not others ... ?

Hope you guys will hang on in there for me ... .... i have no idea where to go from here