Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removal instructions for Windows Guard Tools


  • This topic is locked This topic is locked
No replies to this topic

#1 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 June 2012 - 07:14 AM

Removal instructions for Windows Guard Tools



Posted Image


SPYWARE / MALWARE / VIRUS REMOVAL



INSTRUCTIONS - Please read this BEFORE posting for malware removal assistance.

Disclaimer: WhatTheTech, does not take responsibility for any outcome from following these directions. Every computer is different, so we cannot guarantee the results.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ONLY REGISTERED MEMBERS MAY RECEIVE ASSISTANCE


PLEASE TAKE A MOMENT TO REGISTER HERE FIRST


REGISTERING IS EASY AND FREE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



CAUTION - Please DO NOT USE any SPECIALIZED MALWARE REMOVAL TOOLS, without supervision.

Be advised that running specialized tools on your own, is done solely at your own risk. Doing so could make your pc inoperable and could require a full reinstall of your OS, losing all your programs and data.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PREPARING TO POST
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step 1. Please tell us what issues you're having with your computer.
Step 2. Download one of the three tools listed below and post the scan results using Copy / Paste.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Tool #1:
~~~~
DDS
~~~~

Please download DDS from LINK 1 or LINK 2
and save it to your desktop.
  • Double click dds.scr to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
Please include the contents of the following in your reply using Copy / Paste:
DDS.txt


Tool #2:
~~~~
HijackThis
~~~~

Download HijackThis .
  • Save HijackThis.exe to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Tool #3:
~~~~
OTL
~~~~

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

The next step is to start your topic.
Click the Start Button below and post the information from Steps 1 and 2



Start a Posted Image in Spyware / Malware / Virus Removal Forum

How to create a new topic


Do not reply to your own topic - Helpers look for topics with 0 replies.

If you do not receive a reply to your initial post after three days please post a reminder for us HERE


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malware and Spyware Removal Forum Rules:
  • Combofix should NEVER be run unless requested. While it's a powerful tool useful for removing a number of infections, things can, and do go wrong. Sometimes systems even refuse to boot. There are safeguards built into Combofix, but only someone trained in its use will be able to help you recover. The logs generated can also be very difficult to interpret properly.
  • Please stay with your original topic when posting follow ups.Use the ADD REPLY button, do not "QUOTE" the previous post.
  • The "Topic Title" should contain the name of the infection that you are having a problem with e.g. WinTools, http://...sp.html etc. Use the "Topic Description" to include more details. This will help you get faster responses as some people are more familiar with certain infections.
  • Tell us if you're having any problems, and please be specific. Let us know what you've already done to fix it (if anything).
  • If you do not understand a step, do not panic, simply ask for direction and information. We will offer any advice necessary to help you.
  • Please only post your topic once. Duplicate posts will be closed, it just creates additional work for the staff members trying to help you.
  • Do not create posts at multiple forums. Logs take time to diagnose, and doing this will waste multiple helpers time which is already over-stretched. If you do this your topic will be closed.
  • Do not attach logs unless directed to do so, as it is harder to read that way. Post them instead
  • If you are being helped and you haven't replied within 3 days your topic will be closed as inactive.
    If that is the case, please start a new topic when you have the time needed to finish all the instructions.

If you would like to know who is helping you here at WhatTheTech Forums please read The Different Groups Here At WhattheTech.


If you would like to learn more about how free, community based tech support works CLICK HERE.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users