Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Vista antivirus 2012 removal help

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
bozozob1
Junior Member


Joined: 09 Jun 2011
Last Visit: 27 Dec 2011
Posts: 16
PostPosted: Mon Dec 26, 2011 2:31 pm    Post subject: Vista antivirus 2012 removal help Reply with quote
Hi there,

I got this Vista antivirus 2012 took over my PC and i need help to remove it please.

Thanks in advance for the help!

Here the DDS files:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_27
Run by Nozoko at 17:01:36 on 2011-12-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1904 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mStart Page = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjQwOTcyMTU2LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkyKzItRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTEwQisxLUZMMTArMS1MSUMrMi1UVUcrMw"&"prod=90"&"ver=10.0.1382
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{799CB555-4F30-4052-9585-F375DE63C2C9} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C4FA6A3D-5E1B-4B48-8F8F-88F959D3C17D} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nozoko\appdata\roaming\mozilla\firefox\profiles\qctxwjv3.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\nozoko\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\nozoko\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nozoko\appdata\roaming\mozilla\firefox\profiles\qctxwjv3.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\users\nozoko\appdata\roaming\mozilla\firefox\profiles\qctxwjv3.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-6-9 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-9 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-9 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-9 428200]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-9 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-25 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-6-19 94880]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-8-10 245760]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-5-11 64544]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-6-3 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-7-17 269760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
.
=============== File Associations ===============
.
.exe=i1
.
=============== Created Last 30 ================
.
2072-07-31 21:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll
2011-12-26 15:57:28 340480 ----a-w- c:\users\nozoko\appdata\local\hxa.exe
2011-12-15 19:09:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 19:09:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 19:09:06 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:09:05 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 19:09:02 2043904 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 17:03:02.77 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2008 6:05:12 AM
System Uptime: 12/26/2011 4:33:22 PM (1 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Turion Dual-Core RM-70 | Socket A | 1000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 116.383 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.723 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Atheros Driver Installation Program
Avira AntiVir Premium
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Coupon Printer for Windows
Diablo II
EPSON CX9400 User's Guide
EPSON Printer Software
EPSON Stylus CX9400Fax Series Scanner Driver Update
ERUNT 1.1j
ESET Online Scanner v3
ESU for Microsoft Vista
GameSpy Arcade
Google Chrome
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPNetworkAssistant
HPTCSSetup
Integrated Webcam Driver (1.00.03.0720)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 27
Logitech QuickCam Driver Package
LogMeIn
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Halo
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
QuickBooks Pro 99
Quicken 2004
QuickPlay SlingPlayer 0.4.6
Realtek USB 2.0 Card Reader
Runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.0
SpywareBlaster 4.4
Synaptics Pointing Device Driver
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
12/26/2011 4:36:30 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/26/2011 4:36:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/26/2011 4:36:30 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/26/2011 4:36:30 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/26/2011 4:36:30 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
12/20/2011 8:00:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Tue Dec 27, 2011 7:07 am    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Spyware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi bozozob1 and welcome to Spyware Warrior Forum :

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

Create a System Restore Point (Vista)
  • Right-click on Computer ... select Properties.
  • In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select System Protection ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.

Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Fri Dec 30, 2011 9:05 am    Post subject: Reply with quote
Hi bozozob1 :

I saw you are using: QuickBooks Pro 99 and Quicken 2004.
Please tell me, is this computer used for business or connected to a business network?
If no, please continue... otherwise <STOP> ... post back and let me know.
Note: Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use.
These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.


Before we continue, I want you to backup the registry again.
1. Create a System Restore Point (Vista)
  • Right-click on Computer ... select Properties.
  • In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select System Protection ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.

Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.



This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.
2. Download and run FixNCR.reg:
Please download FixNCR.reg and save to your Desktop:
  • Right-click on FixNCR.reg And select "Merge" to run it.
If prompted by UAC, please allow it.
You should now be able to run your normal executable programs and can proceed to the next step.


To stop the rogue antivirus from running, we need to run rKill.
3. Download and run Rkill:
Please download rkill/ iExplore.exe and save to your Desktop:
  • Right-click on iExplore.exe And select " Run as administrator " to run it.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.


There have been reports of this infection being bundled with the TDSS rootkit infection. To be safe you should also run a program that can be used to scan for this infection.
4. TDSSKiller
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "Run As Administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\

  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk CSmile.
  • Copy and paste the contents of that file in your next reply.





Checklist
Please post:

  • Answer about Business Use computer
  • Rkill log
  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • An update on your problems


Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
PostPosted: Tue Jan 03, 2012 2:37 am    Post subject: Reply with quote
Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group