Partially disabled by malware. Can't follow your instructions

[reeder2]

RogueKiller V8.4.4 [Feb  1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Lynn [Admin rights]
Mode : Scan -- Date : 02/02/2013 13:01:03
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS547550A9E384 +++++
--- User ---
[MBR] 34bccfa01a4a818e15c4a1beaf27ce8c

[reeder2]

Unable to run Security Check because RICHED20.dll and WINBRAND.dll are missing from my computer. As you recall, my initial problems started because malware deleted files from my computer.

[reeder2]

Also, discovered a workaround to get on the Internet so I don't have to transfer software on a thumbdrive. However, I still could not get ComboFix to complete a scan.

[SuperDave]

Ok. Delete your current version of ComboFix from your computer and run this one. It's the same but must be re-named before saving it on your desktop

Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to your download folder, you will need to copy it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  
  You will see the following image:
  
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[reeder2]

When I loaded ComboFix and tried to save it as PCHelpForum.exe, I forgot to get back into Norton Antivirus and turn everything off. I did manage to download PCHelpForum.exe but still got the blank disclaimer screen. It still failed to do a complete scan. I got out of safe mode, back into Windows, and disabled everything on Norton. Went back to Safe Mode with Networking and tried to run PCHelpForum.exe (ComboFix), but now have a black screen with Safe Mode in the corners and Microsoft (R) Windows (R) (Build 7601: Service Pack 1) at the top.

[SuperDave]

Can you boot in Normal Mode?

[reeder2]

Since I last contacted you I hit control-alt-delete and regained the Safe Mode with Networking Screen. When I download ComboFix I got a blank disclaimer screen. I accepted, then saved ComboFix under the name you gave me. Got a few warnings because PCHelpForum.exe is unknown. When I clicked on the icon it ran through the first few screens but then terminated. I think some files are missing from my computer, preventing certain software from running.

[SuperDave]

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[reeder2]

448 objects. No threats found. Report blank. I will log off and check again to make sure  I scanned the right things.

[reeder2]

Yes I scanned the right things. What about the logs from the previous scans from other malware removal programs? I never actually removed anything that was found.

[SuperDave]

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

[reeder2]

Scannow found some corrupt files and was not able to repair them all. I was denied access to log. Ran System Restore twice (in normal Windows Mode). The second restore point seems to have worked. I will check more thoroughly tomorrow and get back to you. Thank-you

[reeder2]

I turned on computer and started Quicken. Got message in lower right that Windows needed to install an update. Told me to save all work, and that computer would shut down in 10 minutes. How can I tell if that message is legitimate?

[SuperDave]

Go to Microsoft Windows Update and get all critical updates.

[reeder2]

Once I am updated, should I run ComboFix or any of the other scans? ComboFix did not work previously because necessary files were missing or corrupted.