"The requested resource is in use" error when attempting to run AV software

[cabinetcat]

While I'm looking through these logs could you please check something for me? Did you make any changes to this computer prior to being infected? Did you download or install any new programs? Go to your installed programs and see if there are any programs that you do not recognize or did not install. If you find any that are suspicious check that date it was installed.

Please download Malwarebytes Anti-Malware from here.
Make sure you re-name this before you save it. Name it something like dave-setup.exe  Double Click dave-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

In my installed programs menu, I see a program labeled "DragonBoost", this is adware, but I am unable to uninstall it, as the uninstall and modify buttons are grayed out. I have also identified some malicious processes on my system, here they are:

this tool will let you delete the associated executables of each process, but attempting to do this with the viruses will lead to them just reappearing a few minutes later.

I tried running the re-named malwarebytes setup, but I got the error message.

[SuperDave]

Please launch Task Manager. CTRL+Alt+Delete and stop any suspicious processes you find and then try to run MBAM.

[cabinetcat]

Please launch Task Manager. CTRL+Alt+Delete and stop any suspicious processes you find and then try to run MBAM.

All I see are just normal processes, nothing that looks even slightly suspicious, yet something is still blocking MBAM and everything else. I was even able to delete all of the contents of AppData\Local\ntuserlitelist (where cpx.exe, svcvmx.exe, vmxclient.exe and dataup.exe were all located), as well as C:\Windows\System32\tprdpw64.exe

[SuperDave]

I see a program labeled "DragonBoost", this is adware, but I am unable to uninstall it, as the uninstall and modify buttons are grayed out.

Go into your C drive, Program Files and see if you can find DragonBoost. If you can find it, please delete the folder. Were you able to run MBAM with the name change?

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

[cabinetcat]

I get the "resource is in use" error when I run the ESET scan. However, I was able to download and run a program called Roguekiller in safe mode. This found several malicious registry files.

Here is the log of what it found:

[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | cpx : "C:\Users\Hunter\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup

• -> ERROR [5]

[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | svcvmx : "C:\Users\Hunter\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup

• -> ERROR [5]

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dataup (C:\Users\Hunter\AppData\Local\ntuserlitelist\dataup\dataup.exe) -> ERROR [5]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dataup (C:\Users\Hunter\AppData\Local\ntuserlitelist\dataup\dataup.exe) -> ERROR [5]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{995807ba-c37b-4698-899a-03a798fa44d2} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{995807ba-c37b-4698-899a-03a798fa44d2} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Replaced ()

Could you tell me how to fix/delete these?

[cabinetcat]

Update: I was able to fix eveything! I got MBAR to run and scanned my pc, which then allowed me to run MBAM and now all of the symptoms are fixed.

[SuperDave]

You should now try to run ESET.