Rogue Antivirus

[Quintus]

Disable System Restore. After the steps below, perform a full scan with Avira and choose a firewall.

• Step 30
  
  Please download the OldTimer's Move-It (OTM) from 'here'.
  • Save it to your desktop.
    
  • Please double-click OTM.exe to run it.
    
  • Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    
    
    Code:

    :Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

• • Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
    
  • Click the red MoveIt! button.
    
  • Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    
  • Paste it in your next reply.
    
  • Close OTM.
  
  
  Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest log file present. Copy and paste the contents of that document back here in your next post.

• Step 31
  
  Please download GooredFix from one of the locations below and save it to your desktop.
  
  'Link 1'
  'Link 2'
  

• • Ensure all Firefox windows are closed.
    
  • To run the tool, double-click it (Windows XP), or right-click and select Run As Administrator (Windows Vista & Windows 7).
    
  • Select Yes when prompted.
    
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

• Step 32
  
  Download TDSSKiller from 'here' and save it to your desktop.

• • Make sure all other windows are closed and to let it run uninterrupted.
    
  • Run the file. Windows Vista and Windows 7 users should run it as an administrator.
    
  • Then select Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
      
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
      
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Once done, simply click Close.
    
  • Click the Report button and copy and paste the contents of the log into your next reply. A log file will be created in the C:\ directory as well.

• Step 33
  
  Run OTL.exe.
  • Copy and paste the following text written inside of the code box into the Custom Scans & Fixes box located at the bottom of OTL.
    
    
    Code:

    :OTL
PRC - C:\Windows\Temp\Lbd.exe ()
DRV - (catchme) -- C:\Users\Tyler\AppData\Local\Temp\catchme.sys File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\xnf.exe" -a "%1" %* File not found
O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\xnf.exe" -a "%1" %* File not found
MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe File not found
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
[2011/04/23 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\{80B887DD-089F-4648-A2CC-ACD1A32615E1}
[2011/04/23 23:18:02 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 23:18:02 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 21:48:16 | 000,000,120 | ---- | M] () -- C:\Users\Tyler\AppData\Local\Txorakezako.dat
[2011/04/23 21:48:16 | 000,000,000 | ---- | M] () -- C:\Users\Tyler\AppData\Local\Amava.bin
[1 C:\Users\Tyler\Desktop\*.tmp files -> C:\Users\Tyler\Desktop\*.tmp -> ]
[2011/04/23 23:08:22 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/23 23:13:42 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

:Files
C:\Windows\Temp\Lbd.exe
C:\Windows\system32\config\systemprofile\AppData\Local\xnf.exe
C:\Users\Tyler\AppData\Local\{80B887DD-089F-4648-A2CC-ACD1A32615E1}
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

:Commands
[purity]
[emptytemp]

• • Then click the Run Fix button at the top.
    
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
    
  • You will need to post two logs:
    • The log that you will see upon rebooting your system.
      
    • A new OTL log (don't check the boxes beside LOP Check or Purity this time).

• In your next post, please provide the following:
  • Doesn't Do Squat (DDS) Logs
    • DDS.txt
      
    • Attach.txt
  • GooredFix Log
    
  • OTL Log
    
  • OTM Log
    
  • TDSSKiller Log

• Format of Response
  
  
  Code:

  [b]Step # [/b]
[b]Problems Encountered: [/b]

[b]Step # [/b]
[b]Problems Encountered: [/b]

[b]Step # [/b]
[b]Problems Encountered: [/b]

[b]Step # [/b]
[b]Problems Encountered: [/b]

[b]Link To Requested Logs: [/b]