Jump to content


Photo
- - - - -

I have a virus that is redirecting my start page and changing my search engine


  • This topic is locked This topic is locked
11 replies to this topic

#1 NikolForAll

NikolForAll

    New Member

  • Members
  • Pip
  • 11 posts

Posted 13 January 2012 - 03:47 AM

Since several days my browser start page is changed to searchqu.com/406 and default search engine is replaced by yahoo. I've scanned with MBAM, clean restart and still haven't resolved the problem.

Attached Files



#2 jeffce

jeffce

    MBAM Super Saiyan

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 1,851 posts
  • Gender:Male
  • Location:The Hyperbolic Time Chamber
  • Interests:Malware Removal, family and hitting the weights at the gym.

Posted 13 January 2012 - 10:33 AM

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
----------

First we need to make all files and folders VISIBLE:

  • Go to Start >> Control Panel >> Folder Options >> View
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with ok
----------


GMER

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
.
----------

In your next reply please post the log created by GMER. :)
WFxJwA4.png
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation to the TNCodeAcademy. tncodeacademy.jpg paypaldonate-1.jpg

#3 NikolForAll

NikolForAll

    New Member

  • Members
  • Pip
  • 11 posts

Posted 13 January 2012 - 12:44 PM

Hi Jeff, nice to meet you and first of all thanks for the help!
I've subscribed, to the topic and did all of your instructions, but i;ll be back here on monday, so i won't be able to proceed with your instructions during the weekend.

Attached Files



#4 jeffce

jeffce

    MBAM Super Saiyan

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 1,851 posts
  • Gender:Male
  • Location:The Hyperbolic Time Chamber
  • Interests:Malware Removal, family and hitting the weights at the gym.

Posted 13 January 2012 - 01:15 PM

Hi NikolForAll,

Thanks for letting me know. :)

Did you know that your computer is set up with for use with a proxy?
----------

When you get back please do the following:


Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

In your next reply please let me know if you were aware of the proxy settings and post the log created by ComboFix. :)
WFxJwA4.png
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation to the TNCodeAcademy. tncodeacademy.jpg paypaldonate-1.jpg

#5 NikolForAll

NikolForAll

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 January 2012 - 03:01 AM

Hi again, Jeff, thanks for the patience you have with me.
I was suppose to give you more details for the computer - the proxy is necessary to connect to the company server, I know about it. I have a small problem with disabling Symantec Endpoint Protection (see in the attached file)

What should I do?

Attached Files



#6 jeffce

jeffce

    MBAM Super Saiyan

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 1,851 posts
  • Gender:Male
  • Location:The Hyperbolic Time Chamber
  • Interests:Malware Removal, family and hitting the weights at the gym.

Posted 16 January 2012 - 07:40 AM

Hi NilolForAll,

Is this a business/corporate computer? Do you have an IT department?
WFxJwA4.png
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation to the TNCodeAcademy. tncodeacademy.jpg paypaldonate-1.jpg

#7 NikolForAll

NikolForAll

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 January 2012 - 07:57 AM

Yes, it's a corporate computer, but as I'm working abroad and it's not possible to give it to the IT dept.

#8 jeffce

jeffce

    MBAM Super Saiyan

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 1,851 posts
  • Gender:Male
  • Location:The Hyperbolic Time Chamber
  • Interests:Malware Removal, family and hitting the weights at the gym.

Posted 16 January 2012 - 09:41 AM

Hi NokolForAll,

Go ahead and run ComboFix per the instructions. If you are warned that your antivirus is still running just continue. :)
WFxJwA4.png
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation to the TNCodeAcademy. tncodeacademy.jpg paypaldonate-1.jpg

#9 NikolForAll

NikolForAll

    New Member

  • Members
  • Pip
  • 11 posts

Posted 17 January 2012 - 05:11 AM

Ok, I did the ComboFix, but I received several notification that combofix cannot read files. The Recovery Console was not installed (i suppose because of the proxy, that requires also user identification in order to connect). Here bellow is the log:


ComboFix 12-01-16.01 - a439758 17/01/2012 10.43.40.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1952.1006 [GMT 1:00]
Eseguito da: c:\documents and settings\A439758\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
Overlay Annulata ... Per Piacere rieseguite ComboFix
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\A439758\Dati applicazioni\facemoods.com
C:\prefs.js
c:\programmi\facemoods.com
c:\programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\programmi\facemoods.com\sqlite3.dll
d:\documents and settings\A439758\Local Settings\Temporary Internet Files\plot.log
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDRIVER
-------\Service_WinDriver
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-17 al 2012-01-17 )))))))))))))))))))))))))))))))))))
.
.
2012-01-17 08:48 . 2012-01-17 08:48 219 ----a-w- c:\windows\rad46D31.tmp
2012-01-17 06:45 . 2012-01-17 06:45 219 ----a-w- c:\windows\rad1079E.tmp
2012-01-16 16:48 . 2012-01-16 16:48 219 ----a-w- c:\windows\rad4A3EC.tmp
2012-01-16 12:48 . 2012-01-16 12:48 219 ----a-w- c:\windows\rad211BF.tmp
2012-01-16 08:48 . 2012-01-16 08:48 219 ----a-w- c:\windows\rad122D9.tmp
2012-01-16 07:43 . 2012-01-16 07:43 219 ----a-w- c:\windows\rad26C7C.tmp
2012-01-14 16:49 . 2012-01-14 16:49 219 ----a-w- c:\windows\rad4A65F.tmp
2012-01-13 16:48 . 2012-01-13 16:48 219 ----a-w- c:\windows\rad7A588.tmp
2012-01-13 12:48 . 2012-01-13 12:48 219 ----a-w- c:\windows\rad96B7B.tmp
2012-01-13 08:48 . 2012-01-13 08:48 219 ----a-w- c:\windows\rad7F507.tmp
2012-01-13 04:48 . 2012-01-13 04:48 219 ----a-w- c:\windows\rad58630.tmp
2012-01-13 00:48 . 2012-01-13 00:48 219 ----a-w- c:\windows\radDF065.tmp
2012-01-12 20:48 . 2012-01-12 20:48 219 ----a-w- c:\windows\radEDEA6.tmp
2012-01-12 16:48 . 2012-01-12 16:48 219 ----a-w- c:\windows\rad4EF5A.tmp
2012-01-12 14:22 . 2009-11-26 16:02 803328 ----a-w- c:\windows\system32\drivers\rt2870.sys
2012-01-12 14:22 . 2009-11-26 16:02 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2012-01-12 14:22 . 2012-01-12 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
2012-01-12 14:17 . 2012-01-12 14:17 -------- d-----w- c:\programmi\Atheros
2012-01-12 14:17 . 2010-09-30 19:15 1759584 ----a-w- c:\windows\system32\athuw.sys
2012-01-12 14:16 . 2012-01-12 14:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Atheros
2012-01-12 14:16 . 2012-01-12 14:16 -------- d-----w- c:\documents and settings\A439758\Dati applicazioni\InstallShield
2012-01-12 13:58 . 2012-01-12 13:58 -------- d-----w- c:\documents and settings\A439758\Dati applicazioni\Malwarebytes
2012-01-12 13:58 . 2012-01-12 13:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-01-12 13:58 . 2012-01-12 13:58 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-01-12 13:58 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 12:48 . 2012-01-12 12:48 219 ----a-w- c:\windows\radFC865.tmp
2012-01-12 08:48 . 2012-01-12 08:48 219 ----a-w- c:\windows\rad1920E.tmp
2012-01-12 06:30 . 2012-01-12 06:30 219 ----a-w- c:\windows\rad27F6E.tmp
2012-01-11 12:48 . 2012-01-11 12:48 219 ----a-w- c:\windows\rad20F4B.tmp
2012-01-11 08:48 . 2012-01-11 08:48 219 ----a-w- c:\windows\rad1B278.tmp
2012-01-11 06:38 . 2012-01-11 06:38 219 ----a-w- c:\windows\radF4126.tmp
2012-01-10 16:48 . 2012-01-10 16:48 219 ----a-w- c:\windows\radB2D75.tmp
2012-01-10 12:48 . 2012-01-10 12:48 219 ----a-w- c:\windows\rad7C0C1.tmp
2012-01-10 09:16 . 2012-01-10 09:16 219 ----a-w- c:\windows\rad0EF1A.tmp
2012-01-08 10:13 . 2012-01-08 10:13 219 ----a-w- c:\windows\rad4C9D5.tmp
2012-01-06 15:56 . 2012-01-06 15:56 219 ----a-w- c:\windows\radB598F.tmp
2012-01-04 12:03 . 2012-01-04 12:03 219 ----a-w- c:\windows\rad684D6.tmp
2012-01-01 16:48 . 2012-01-01 16:48 219 ----a-w- c:\windows\radFB849.tmp
2012-01-01 15:53 . 2012-01-01 15:53 219 ----a-w- c:\windows\rad01FFA.tmp
2012-01-01 09:13 . 2012-01-01 09:13 -------- d-----w- c:\documents and settings\A439758\Dati applicazioni\Search Settings
2012-01-01 09:13 . 2012-01-01 09:13 -------- d-----w- c:\programmi\YouTube Downloader Toolbar
2012-01-01 09:13 . 2012-01-01 09:13 -------- d-----w- c:\programmi\Application Updater
2012-01-01 09:13 . 2012-01-01 09:13 -------- d-----w- c:\programmi\File comuni\Spigot
2012-01-01 09:09 . 2012-01-01 09:09 219 ----a-w- c:\windows\rad6608D.tmp
2011-12-31 17:32 . 2011-12-31 17:32 219 ----a-w- c:\windows\rad23A1E.tmp
2011-12-29 15:39 . 2011-12-29 15:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2011-12-29 12:48 . 2011-12-29 12:48 219 ----a-w- c:\windows\rad16926.tmp
2011-12-29 09:05 . 2011-12-29 09:05 -------- d-----w- c:\documents and settings\A439758\Dati applicazioni\searchquband
2011-12-29 09:05 . 2011-12-29 09:05 -------- d-----w- c:\documents and settings\A439758\AppData
2011-12-29 09:05 . 2011-12-29 09:06 -------- d-----w- c:\documents and settings\A439758\Impostazioni locali\Dati applicazioni\Ilivid Player
2011-12-29 09:03 . 2011-12-29 09:05 -------- d-----w- c:\documents and settings\A439758\Dati applicazioni\searchqutoolbar
2011-12-29 09:03 . 2011-12-29 09:03 -------- d-----w- c:\programmi\Windows iLivid Toolbar
2011-12-29 09:02 . 2011-12-29 09:02 -------- d-----w- c:\documents and settings\A439758\Impostazioni locali\Dati applicazioni\PackageAware
2011-12-29 08:48 . 2011-12-29 08:48 219 ----a-w- c:\windows\rad77AD6.tmp
2011-12-29 06:36 . 2011-12-29 06:36 219 ----a-w- c:\windows\rad5FBF5.tmp
2011-12-28 08:48 . 2011-12-28 08:48 219 ----a-w- c:\windows\radBC194.tmp
2011-12-28 06:38 . 2011-12-28 06:38 219 ----a-w- c:\windows\radF13E5.tmp
2011-12-27 12:48 . 2011-12-27 12:48 219 ----a-w- c:\windows\rad8B766.tmp
2011-12-27 08:48 . 2011-12-27 08:48 219 ----a-w- c:\windows\rad84D99.tmp
2011-12-27 06:40 . 2011-12-27 06:40 219 ----a-w- c:\windows\radB463E.tmp
2011-12-26 18:09 . 2011-12-26 18:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DataCardService
2011-12-26 17:58 . 2011-12-26 18:01 -------- d-----w- c:\windows\system32\NtmsData
2011-12-26 17:55 . 2011-12-26 17:55 219 ----a-w- c:\windows\radDE2DD.tmp
2011-12-23 12:48 . 2011-12-23 12:48 219 ----a-w- c:\windows\radFC2EB.tmp
2011-12-23 09:06 . 2011-12-23 09:06 219 ----a-w- c:\windows\rad7BDB6.tmp
2011-12-23 06:41 . 2011-12-23 06:41 219 ----a-w- c:\windows\rad2C197.tmp
2011-12-22 16:48 . 2011-12-22 16:48 219 ----a-w- c:\windows\radBF7C4.tmp
2011-12-22 12:48 . 2011-12-22 12:48 219 ----a-w- c:\windows\rad95F89.tmp
2011-12-22 08:57 . 2011-12-22 08:57 219 ----a-w- c:\windows\rad752E0.tmp
2011-12-21 20:59 . 2011-12-21 20:59 219 ----a-w- c:\windows\radF8347.tmp
2011-12-21 13:17 . 2011-12-21 13:17 219 ----a-w- c:\windows\rad6A3BF.tmp
2011-12-21 08:48 . 2011-12-21 08:48 219 ----a-w- c:\windows\rad2D7B3.tmp
2011-12-21 06:42 . 2011-12-21 06:42 219 ----a-w- c:\windows\rad0CBE8.tmp
2011-12-20 12:48 . 2011-12-20 12:48 219 ----a-w- c:\windows\radB1E07.tmp
2011-12-20 08:48 . 2011-12-20 08:48 219 ----a-w- c:\windows\rad02935.tmp
2011-12-20 06:51 . 2011-12-20 06:51 219 ----a-w- c:\windows\rad6D84F.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 12:48 . 2011-12-15 12:48 219 ----a-w- c:\windows\rad4F20C.tmp
2011-12-15 08:48 . 2011-12-15 08:48 219 ----a-w- c:\windows\rad1AD1A.tmp
2011-12-15 06:40 . 2011-12-15 06:40 219 ----a-w- c:\windows\radF57B6.tmp
2011-12-14 16:48 . 2011-12-14 16:48 219 ----a-w- c:\windows\rad5B283.tmp
2011-12-14 12:48 . 2011-12-14 12:48 219 ----a-w- c:\windows\rad9DF98.tmp
2011-12-14 09:23 . 2011-12-14 09:23 219 ----a-w- c:\windows\radC69C1.tmp
2011-12-13 12:48 . 2011-12-13 12:48 219 ----a-w- c:\windows\radD6F0A.tmp
2011-12-13 08:48 . 2011-12-13 08:48 219 ----a-w- c:\windows\rad7B7DF.tmp
2011-12-13 08:03 . 2011-12-13 08:03 219 ----a-w- c:\windows\radA4623.tmp
2011-12-12 11:42 . 2011-12-12 11:42 219 ----a-w- c:\windows\rad570F8.tmp
2011-12-09 12:48 . 2011-12-09 12:48 219 ----a-w- c:\windows\rad58808.tmp
2011-12-09 08:48 . 2011-12-09 08:48 219 ----a-w- c:\windows\rad699F9.tmp
2011-12-09 06:39 . 2011-12-09 06:39 219 ----a-w- c:\windows\rad26497.tmp
2011-12-08 16:48 . 2011-12-08 16:48 219 ----a-w- c:\windows\rad9912D.tmp
2011-12-08 12:48 . 2011-12-08 12:48 219 ----a-w- c:\windows\radA8662.tmp
2011-12-08 08:48 . 2011-12-08 08:48 219 ----a-w- c:\windows\rad6B925.tmp
2011-12-08 06:36 . 2011-12-08 06:36 219 ----a-w- c:\windows\radD6D93.tmp
2011-12-07 16:48 . 2011-12-07 16:48 219 ----a-w- c:\windows\rad9C09A.tmp
2011-12-07 12:48 . 2011-12-07 12:48 219 ----a-w- c:\windows\radE0DB7.tmp
2011-12-07 08:48 . 2011-12-07 08:48 219 ----a-w- c:\windows\radEAA41.tmp
2011-12-07 06:48 . 2011-12-07 06:48 219 ----a-w- c:\windows\radCCBE8.tmp
2011-12-06 12:48 . 2011-12-06 12:48 219 ----a-w- c:\windows\radEE715.tmp
2011-12-06 08:48 . 2011-12-06 08:48 219 ----a-w- c:\windows\rad87379.tmp
2011-12-06 06:55 . 2011-12-06 06:55 219 ----a-w- c:\windows\radD0A94.tmp
2011-12-05 20:19 . 2011-12-05 20:19 219 ----a-w- c:\windows\radCE8B9.tmp
2011-12-01 12:48 . 2011-12-01 12:48 219 ----a-w- c:\windows\radB10F5.tmp
2011-12-01 08:48 . 2011-12-01 08:48 219 ----a-w- c:\windows\rad4400C.tmp
2011-12-01 04:48 . 2011-12-01 04:48 219 ----a-w- c:\windows\radF8311.tmp
2011-12-01 00:48 . 2011-12-01 00:48 219 ----a-w- c:\windows\rad57F70.tmp
2011-11-30 20:48 . 2011-11-30 20:48 219 ----a-w- c:\windows\rad2E04A.tmp
2011-11-30 16:48 . 2011-11-30 16:48 219 ----a-w- c:\windows\rad67F9B.tmp
2011-11-30 12:48 . 2011-11-30 12:48 219 ----a-w- c:\windows\radE1EFD.tmp
2011-11-30 08:48 . 2011-11-30 08:48 219 ----a-w- c:\windows\rad65723.tmp
2011-11-30 04:48 . 2011-11-30 04:48 219 ----a-w- c:\windows\radE6D33.tmp
2011-11-30 00:48 . 2011-11-30 00:48 219 ----a-w- c:\windows\radFD287.tmp
2011-11-29 20:48 . 2011-11-29 20:48 219 ----a-w- c:\windows\radBE33B.tmp
2011-11-29 16:48 . 2011-11-29 16:48 219 ----a-w- c:\windows\rad79189.tmp
2011-11-29 12:48 . 2011-11-29 12:48 219 ----a-w- c:\windows\radE0851.tmp
2011-11-29 08:48 . 2011-11-29 08:48 219 ----a-w- c:\windows\radD2CC3.tmp
2011-11-29 04:48 . 2011-11-29 04:48 219 ----a-w- c:\windows\rad0F46E.tmp
2011-11-29 00:48 . 2011-11-29 00:48 219 ----a-w- c:\windows\rad2A09F.tmp
2011-11-28 20:48 . 2011-11-28 20:48 219 ----a-w- c:\windows\radF08D1.tmp
2011-11-28 16:48 . 2011-11-28 16:48 219 ----a-w- c:\windows\rad21336.tmp
2011-11-28 12:48 . 2011-11-28 12:48 219 ----a-w- c:\windows\radB14C8.tmp
2011-11-28 08:48 . 2011-11-28 08:48 219 ----a-w- c:\windows\radAD3E0.tmp
2011-11-28 04:48 . 2011-11-28 04:48 219 ----a-w- c:\windows\rad0F741.tmp
2011-11-28 00:48 . 2011-11-28 00:48 219 ----a-w- c:\windows\rad93ADE.tmp
2011-11-27 20:48 . 2011-11-27 20:48 219 ----a-w- c:\windows\rad212EC.tmp
2011-11-27 16:48 . 2011-11-27 16:48 219 ----a-w- c:\windows\radE0578.tmp
2011-11-27 12:48 . 2011-11-27 12:48 219 ----a-w- c:\windows\radBAA6A.tmp
2011-11-27 08:48 . 2011-11-27 08:48 219 ----a-w- c:\windows\rad9D68B.tmp
2011-11-27 06:54 . 2011-11-27 06:54 219 ----a-w- c:\windows\rad72863.tmp
2011-11-25 13:45 . 2011-11-25 13:45 219 ----a-w- c:\windows\rad492B6.tmp
2011-11-25 08:48 . 2011-11-25 08:48 219 ----a-w- c:\windows\radF198F.tmp
2011-11-25 06:48 . 2011-11-25 06:48 219 ----a-w- c:\windows\rad15225.tmp
2011-11-25 06:46 . 2011-11-25 06:46 219 ----a-w- c:\windows\radBDB1F.tmp
2011-11-24 16:48 . 2011-11-24 16:48 219 ----a-w- c:\windows\rad78A72.tmp
2011-11-24 14:48 . 2011-11-24 14:48 219 ----a-w- c:\windows\rad30304.tmp
2011-11-24 12:48 . 2011-11-24 12:48 219 ----a-w- c:\windows\rad863B5.tmp
2011-11-24 10:48 . 2011-11-24 10:48 219 ----a-w- c:\windows\radB297A.tmp
2011-11-24 08:48 . 2011-11-24 08:48 219 ----a-w- c:\windows\radD399A.tmp
2011-11-24 06:48 . 2011-11-24 06:48 219 ----a-w- c:\windows\rad8C560.tmp
2011-11-24 06:47 . 2011-11-24 06:47 219 ----a-w- c:\windows\radE0B15.tmp
2011-11-23 14:48 . 2011-11-23 14:48 219 ----a-w- c:\windows\rad6ED5F.tmp
2011-11-23 14:40 . 2004-08-19 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 12:48 . 2011-11-23 12:48 219 ----a-w- c:\windows\rad00FB0.tmp
2011-11-23 10:48 . 2011-11-23 10:48 219 ----a-w- c:\windows\rad6E818.tmp
2011-11-23 08:48 . 2011-11-23 08:48 219 ----a-w- c:\windows\radA24E2.tmp
2011-11-23 06:48 . 2011-11-23 06:48 219 ----a-w- c:\windows\radDCAF5.tmp
2011-11-23 06:40 . 2011-11-23 06:40 219 ----a-w- c:\windows\radFD13F.tmp
2011-11-22 14:48 . 2011-11-22 14:48 219 ----a-w- c:\windows\rad585F7.tmp
2011-11-22 12:48 . 2011-11-22 12:48 219 ----a-w- c:\windows\rad75D0A.tmp
2011-11-22 10:48 . 2011-11-22 10:48 219 ----a-w- c:\windows\rad98F0B.tmp
2011-11-22 08:48 . 2011-11-22 08:48 219 ----a-w- c:\windows\radFD6AA.tmp
2011-11-22 06:48 . 2011-11-22 06:48 219 ----a-w- c:\windows\rad690B7.tmp
2011-11-22 06:41 . 2011-11-22 06:41 219 ----a-w- c:\windows\rad77B73.tmp
2011-11-19 17:37 . 2011-11-19 17:37 219 ----a-w- c:\windows\rad8B0FD.tmp
2011-11-18 09:05 . 2011-11-18 09:05 219 ----a-w- c:\windows\rad52FDC.tmp
2011-11-17 10:13 . 2011-11-17 10:13 219 ----a-w- c:\windows\rad7FC61.tmp
2011-11-16 20:22 . 2011-11-16 20:22 219 ----a-w- c:\windows\rad593F7.tmp
2011-11-16 11:04 . 2011-11-16 11:04 219 ----a-w- c:\windows\radDE308.tmp
2011-11-16 09:28 . 2011-11-16 09:28 219 ----a-w- c:\windows\rad9ED65.tmp
2011-11-15 16:48 . 2011-11-15 16:48 219 ----a-w- c:\windows\radA6855.tmp
2011-11-15 14:48 . 2011-11-15 14:48 219 ----a-w- c:\windows\rad01D74.tmp
2011-11-15 12:48 . 2011-11-15 12:48 219 ----a-w- c:\windows\radB7F48.tmp
2011-11-15 10:48 . 2011-11-15 10:48 219 ----a-w- c:\windows\rad97973.tmp
2011-11-15 08:48 . 2011-11-15 08:48 219 ----a-w- c:\windows\rad7DAD6.tmp
2011-11-15 06:48 . 2011-11-15 06:48 219 ----a-w- c:\windows\rad06193.tmp
2011-11-15 06:37 . 2011-11-15 06:37 219 ----a-w- c:\windows\radB8A1A.tmp
2011-11-14 14:48 . 2011-11-14 14:48 219 ----a-w- c:\windows\rad3CF97.tmp
2011-11-14 12:48 . 2011-11-14 12:48 219 ----a-w- c:\windows\radDFEDE.tmp
2011-11-14 10:48 . 2011-11-14 10:48 219 ----a-w- c:\windows\rad363EE.tmp
2011-11-14 08:48 . 2011-11-14 08:48 219 ----a-w- c:\windows\rad08120.tmp
2011-11-14 07:53 . 2011-11-14 07:53 219 ----a-w- c:\windows\rad97ABC.tmp
2011-11-12 08:48 . 2011-11-12 08:48 219 ----a-w- c:\windows\radD8E60.tmp
2011-11-12 06:48 . 2011-11-12 06:48 219 ----a-w- c:\windows\rad13C9C.tmp
2011-11-12 06:32 . 2011-11-12 06:32 219 ----a-w- c:\windows\rad0A8EA.tmp
2011-11-11 16:48 . 2011-11-11 16:48 219 ----a-w- c:\windows\radFF2BD.tmp
2011-11-11 14:48 . 2011-11-11 14:48 219 ----a-w- c:\windows\radE8E1D.tmp
2011-11-11 12:48 . 2011-11-11 12:48 219 ----a-w- c:\windows\radEAC12.tmp
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="d:\programmi\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\programmi\Microsoft Office Communicator\communicator.exe" [2010-07-08 5735696]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2010-08-11 115560]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2011-03-29 2209064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]
"NUSB3MON"="c:\programmi\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AccelerometerSysTrayApplet"="c:\programmi\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe" [2011-01-19 70712]
"QLBController"="c:\programmi\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-04-15 312376]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2010-05-14 80896]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2011-04-07 219520]
"WTVAlert"="c:\programmi\Enel.it\WebTVAlert\wtvalert.exe" [2010-01-14 102400]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SearchSettings"="c:\programmi\File comuni\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2005-03-01 17:49 24672 ----a-w- c:\windows\system32\ckpNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=lanciatore.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=EnelConfigurationManager.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-2147092017-682003330-170122\Scripts\Logon\0\0]
"Script"=UserRoleAlert.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Programmi\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe"=
"c:\\Programmi\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Programmi\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Programmi\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Programmi\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Programmi\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
.
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/03/2008 16.02.35 17968]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [14/12/2011 13.13.28 748440]
R2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Dati applicazioni\DataCardService\DCService.exe [29/09/2010 2.33.40 249856]
R2 EnelConfigUtil;EnelConfigUtil;c:\windows\system32\dllhost.exe [19/08/2004 13.00.00 5120]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programmi\Hewlett-Packard\Shared\HPDrvMntSvc.exe [28/02/2011 14.08.30 92216]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programmi\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [15/04/2011 14.31.32 297528]
R2 Isecdrv;ISECDRV;c:\windows\system32\drivers\ISECDRV.sys [14/02/2008 11.44.12 20640]
R2 MarimbaEndpoint;MarimbaEndpoint;c:\programmi\marimba\tuner\Tuner.exe [19/06/2009 8.25.18 36957]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 19.09.28 11032]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [25/07/2011 10.57.47 17456]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [25/07/2011 10.57.47 670128]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [05/07/2011 18.17.58 113664]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [05/07/2011 18.18.00 174248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/11/2011 9.46.12 106104]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [25/07/2011 10.57.55 2041904]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [26/12/2011 19.23.59 72832]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [05/07/2011 18.18.00 44800]
R3 IntcDAud;Audio schermo Intel®;c:\windows\system32\drivers\IntcDAud.sys [05/07/2011 18.17.58 260864]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [05/07/2011 10.28.04 144984]
R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [05/07/2011 10.27.57 23640]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [05/07/2011 18.17.56 41088]
R3 NETwNx32;___ Driver scheda Intel® Wireless WiFi Link 5000 Series per Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [05/07/2011 18.18.00 7391104]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [10/12/2010 12.50.12 62336]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [10/12/2010 12.50.12 141440]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [05/10/2010 10.03.28 23888]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [25/07/2011 10.57.55 14924]
S3 RoxMediaDB10;RoxMediaDB10;c:\programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [23/11/2009 19.08.10 1120752]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [11/03/2008 16.02.29 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [11/03/2008 16.02.23 63024]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [11/03/2008 16.02.32 34992]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2147092017-682003330-170122Core.job
- c:\documents and settings\A439758\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-29 08:00]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2147092017-682003330-170122UA.job
- c:\documents and settings\A439758\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-29 08:00]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{09C73F97-D0E5-4652-A8E9-1897A53FDB7E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{784F98F6-369A-400A-B348-16525000791C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy-nord.risorse.enel:8080
uInternet Settings,ProxyOverride = 192.168.*;172.*;10.*;*.enel;*.wind;*.enelro;*.local;moduloimpresa.enel.it;www.acquisti.enel.it;*.enelint.global;www.fw.ipsos.com;vpngem.enel.it;sar.enel.it;emppmw103pre.endesa.es;companytv.enelit.enel;<local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: enelit.enel\deskit
Trusted Zone: risorse.enel\e20x4sw0
TCP: DhcpNameServer = 10.42.194.191 10.16.57.184
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {502C6FAD-1188-4DEF-BD68-099D53DCF3CF} - hxxp://e20x4sw0.risorse.enel/RInst.cab
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-facemoods - c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
Notify-NavLogon - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-Symantec Antvirus
AddRemove-facemoods - c:\programmi\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-WZCLINE - c:\programmi\WinZip\winzip32
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 10:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(5588)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Symantec\Symantec Endpoint Protection\Smc.exe
c:\programmi\File comuni\Symantec Shared\ccSvcHst.exe
c:\programmi\IDT\WDM\STacSV.exe
c:\programmi\LSI SoftModem\agrsmsvc.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\marimba\tuner\lib\jre\bin\java.exe
c:\programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\windows\System32\snmp.exe
c:\programmi\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\programmi\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
c:\programmi\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msdtc.exe
c:\programmi\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-01-17 11:04:45 - Il pc รจ stato riavviato
ComboFix-quarantined-files.txt 2012-01-17 10:04
.
Pre-Run: 36.702.064.640 byte disponibili
Post-Run: 37.970.804.736 byte disponibili
.
- - End Of File - - FC18BD44853050D4F1E1515B0A5FFB8A

#10 jeffce

jeffce

    MBAM Super Saiyan

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 1,851 posts
  • Gender:Male
  • Location:The Hyperbolic Time Chamber
  • Interests:Malware Removal, family and hitting the weights at the gym.

Posted 17 January 2012 - 01:08 PM

Hi,

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

WFxJwA4.png
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation to the TNCodeAcademy. tncodeacademy.jpg paypaldonate-1.jpg

#11 jeffce

jeffce

    MBAM Super Saiyan

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 1,851 posts
  • Gender:Male
  • Location:The Hyperbolic Time Chamber
  • Interests:Malware Removal, family and hitting the weights at the gym.

Posted 19 January 2012 - 04:03 PM

Hi,

Do you still need help? :)
WFxJwA4.png
 
Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.


If you are satisfied with the help that you have received, please consider a donation to the TNCodeAcademy. tncodeacademy.jpg paypaldonate-1.jpg

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 20 January 2012 - 01:17 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users