Windows Antivirus Pro 2009: cannot remove

You neglected to make the agreement to run HJT. Please do so then next time you are asked to run the MGTools program.

Now, we have a lot to remove.

Now download (use a different computer and transfer via cd) The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please Disable Spybot's TeaTimer

* Run Spybot and click Mode
* Select Advanced Mode.
* Then click Tools and select Resident.
* Now in the right window pane, uncheck TeaTimer.
* Also while this is open, in the left column now select IE Tweaks
* and then in the right pane make sure all the Miscellaneous locks are unchecked.
* Now quit Spybot!

Please use add/remove programs to uninstall:
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME
Viewpoint Manager (Remove Only)
J2SE Runtime Environment 5.0
PC Antispyware 2010

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
-
Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). Make sure you accept the agreement to run HJT!

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

Now see if you can get the other scans to run and attach any logs you can get.

 

I didn't ask you to run Spybot. Please just continue on with the instructions.

 

Please just do what I instructed you to do. We can deal with disabling Spybot later.

 

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now continue on with the fix.

 

Proceed with avenger.

 

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* C:\MGlogs.zip

 

I need to see where we stand so please download the latest version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one. It should start on it's own, if not run the exe. Attach the new MGLogs.zip.

 

Well, its all back.

We need to do this now.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner to clean out only temp files and nothing else!

Now see if you can run either Combo and or RootRepeal and attach the logs if you can.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

 

You need to remember that if something doesn't work, move on. Were you able to do the Avenger fix?

 

Are you able to run RootRepeal?

Choose the program you want to use to open this file: cleanup.exe --> not a valid file.

Can you attach the Avenger log please.

C:\Avenger.txt

 

Are you able now to run SAS or MBAM? If you can open SAS, then go to preferences/ repairs...and scroll down to repair broken internet connection and see if that works.

I need you to run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip

 

Download and the below file to the root folder of your Windows boot drive. Normally this would be drive C. If you do this correctly, you will then see C:\MGtools.exe and FixAVP.exe.

FixAVP

Now run the FixAVP.exe file by double clicking on it. This will attempt to automatically run Avenger (which you already have) and it should also try to reboot your PC so don't be alarmed when this happens.

After Reboot, and if all goes well, a new scan by MGtools should automatically take place because Avenger will try to run C:\MGtools\GetLogs.bat which will begin all the scans again.
When GetLogs.bat finishes running, there will be a new C:\MGlogs.zip file and now it will be time to attach it to your next message. Make sure that you allow GetLogs.bat to finish running. It will tell you when it is finished. Do not close the command prompt window on your own until it is finished.

 

Try doing both of these:

Win32KDiag - How to run

Using Inherit to correct program execution permissions issues

 

• Please save Win32kDiag file to your desktop.
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished,
  there will be a log called Win32kDiag.txt on your desktop. Please attach this log

"%userprofile%\desktop\win32kdiag.exe" -f -r

 

NOTE: DO NOT POWER DOWN or reboot your PC from now on unless requested or one of the procedures automatically reboots it.

First I have a question, do you have your Windows Boot CD?

Okay let's try some manual cleaning steps which sometimes work.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now try to delete the below files. Tell me what happens. Don't be surprised if you cannot delete some or all. Just continue on.
C:\Documents and Settings\All Users\Application Data\buqotu.dl
C:\Documents and Settings\All Users\Application Data\byqu.ban
C:\Documents and Settings\All Users\Application Data\ohifef.scr
C:\Program Files\Common Files\fuwawedob.vbs
C:\Program Files\Common Files\ugesa.dat
C:\953914188
C:\hcel.exe
C:\niawndos.exe
C:\p2hhr.bat
C:\rcvbm.exe
C:\stub.log
C:\umoikchf.exe
C:\WINDOWS\braviax.exe
C:\WINDOWS\checkip.dat
C:\WINDOWS\cru629.dat
C:\WINDOWS\ipconfig.dat
C:\WINDOWS\ppp3.dat
C:\WINDOWS\ppp4.dat
C:\WINDOWS\rumyqebu.ban
C:\WINDOWS\svchast.exe
C:\WINDOWS\uwusyqijo.dat
C:\WINDOWS\vaxomuqyw._dl
C:\WINDOWS\wipdate.log
C:\WINDOWS\ygedira.bin
C:\WINDOWS\SYSTEM32\azipcontmn.dll
C:\WINDOWS\SYSTEM32\bennuar.old
C:\WINDOWS\SYSTEM32\bincd32.dat
C:\WINDOWS\SYSTEM32\braviax.exe
C:\WINDOWS\SYSTEM32\cru629.dat
C:\WINDOWS\SYSTEM32\dddesot.dll
C:\WINDOWS\SYSTEM32\desot.exe
C:\WINDOWS\SYSTEM32\gekesupih.lib
C:\WINDOWS\SYSTEM32\hs7f3uhduhfukde.dll
C:\WINDOWS\SYSTEM32\html.iec
C:\WINDOWS\SYSTEM32\ibylyfuxu.sys
C:\WINDOWS\system32\lphcrl0j0endt.exe
C:\WINDOWS\SYSTEM32\nocuguvo.reg
C:\WINDOWS\SYSTEM32\onhelp.htm
C:\WINDOWS\SYSTEM32\sysnet.dat
C:\WINDOWS\SYSTEM32\tapi.nfo
C:\WINDOWS\SYSTEM32\wisdstr.exe
C:\WINDOWS\SYSTEM32\_scui.cpl
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys
C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS

If you were able to delete the two braviax.exe files list above then we want to create folders with that name to try to block it from coming back. So create the below folders (yes folders not files) yourself. Name them exactly as shown with the .exe extension. If you don't know how to create folders, just use Windows Explorer to navigate to first the C:\Windows folder and right click in it. Select New and then New Folder. Do the same for the system32 folder.
C:\windows\braviax.exe
C:\WINDOWS\system32\braviax.exe

Now also try to delete the below folders.
C:\Documents and Settings\All Users\Application Data\11215004

Delete all files and folders in the below folders. Don't be surprised if you cannot delete some or all. Just continue on.
C:\WINDOWS\Temp
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\Documents and Settings\Karen\Local Settings\Temp

Now copy the below file:
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

to C:\scecli.dll

To copy the file, just right click on it and select Copy. Then navigate back to the C:\ folder and right click in the window pane for the C:\ folder and select Paste. Make sure the file appears there before continuing with the below. Do not continue if you did not get this file copied. Just come back and tell us how all the above worked and what problems you had.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Note: I'm removing the occache.dll file from my fix since that was a file I was supposed to edit out of the fix.

I'm not sure that you are following the instruction properly. You are not suppose to be highlighting the text in my message to copy. You need to first navigate to the below folder on your hard disk:

C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

Then you need to locate the scecli.dll file and right click on it and select Copy.

Then you need to navigate back to the C:\ folder (the root folder) and right click in the window pane showing the root folder contents and select Paste to copy the file their.

Does that help?

 

According to your last MGlogs.zip file which contains the newfiles.txt log, the below files existed which we could chose from. The one in bold is the one I suggested copying because it is the correct version of the file. The others are various older versions.

"C:\i386\SCECLI.DLL" 174592 08/29/2002 06:00 AM
"C:\WINDOWS\$NtServicePackUninstall$\scecli.dll" 174592 08/29/2002 06:00 AM
"C:\WINDOWS\ServicePackFiles\i386\scecli.dll" 180224 08/04/2004 03:56 AM
"C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll" 181248 04/13/2008 08:12 PM


Read my comments in purple and red.

If the scecli.dll file in C:\ is 181,248 bytes in size (right click and select Properties to see this info) then it is the correct file and you can just move to the rest of the fix.

 

Okay I see what happened. Back in msg # 17, TimW had you run Avenger and did the below as part of the fix:

Files to move:
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll | C:\WINDOWS\SYSTEM32\scecli.dll

This MOVED the file out of the folder I saw in your log and into the C:\Windows\system32 folder. If this actually worked properly then the C:\Windows\system32\scecli.dll file should be 181,248 bytes in size as previously mentioned. Just tell me what you see for file size of the C:\Windows\system32\scecli.dll file.

In fact, do the below to get us a more current/up to date log since things seem to be out of sink.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below log:

• C:\MGlogs.zip

 

The you have already run the new version of MGtools and the log you posted back in msg #27 is out of date. We need to see the new MGlogs.zip file before doing anything else. Please attach the C:\MGlogs.zip file now.

 

Wait.......! I see TimW had you run FixAVP. That is why you have those files in MGtools\temp\sp3

You still need to download and run the new versio of MGtools as I requested a couple messages ago.

 

It would be in your best interest to try and stay logged in for a while when we are trying to help you. Otherwise I will have to just let you wait until your turn in the queue comes up which means every 5 days or so to get an answer to each message. I was trying to expediate things but you keep logging out.

 

Yes! I wanted to see what the real current status was since the previous log was out of date and not reflecting your current state. I'm looking at the logs now.

In the meantime, repeat the below steps.

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r

 

Yes we have made some progress.

No put your PC into normal startup mode with MSconfig as requested in the READ & RUN ME. Then continue.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software:
J2SE Runtime Environment 5.0
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now see if you can run ComboFix per the READ & RUN ME
Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!