Jump to content

Whitesmoke Infection


cvas828
 Share

Recommended Posts

Download TFC to your desktop

http://oldtimer.geekstogo.com/TFC.exe

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

Download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • After the automatic "quick" scan is finished (a few seconds)save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARKQ.txt and post it in your next reply.
  • Leave your antivirus and any antimalware programs you disabled OFF until you complete the next DDS.scr step.

Download DDS and save it to your desktop from here

dds_scr.gif

Disable any script blocking programs you may have installed (such as Norton script blocking), and then double-click dss.scr to run the tool.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

    [*]Save both reports to your desktop

    [*]Please copy and paste dds.txt into your next reply (do NOT attach and hold on to attach.txt for now)

Download OTL and save it on your desktop:

http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the OTL icon (for Vista or Win 7, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
  • Do NOT touch your keyboard until the scan is done!!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
  • Copy/Paste OTL.txt and attach Extras.txt into your next reply,
  • Exit OTL by clicking the X at top right.

Please copy/paste ALL requested logs into your next reply. Do NOT attach them!!!

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/7/2006 12:37:12 PM

System Uptime: 1/12/2011 3:39:46 PM (0 hours ago)

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 1053/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 35.728 GiB free.

D: is FIXED (NTFS) - 27 GiB total, 9.115 GiB free.

E: is CDROM ()

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit quick scan 2011-01-12 15:55:22

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120821AS rev.8.03

Running: f0kn7u6l.exe; Driver: C:\DOCUME~1\Robert\LOCALS~1\Temp\uxddypoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA2B4B9C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA2B49C0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA2B4AFA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 1/12/2011 4:01:55 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Robert\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 79.18 Gb Total Space | 35.73 Gb Free Space | 45.12% Space Free | Partition Type: NTFS

Drive D: | 26.51 Gb Total Space | 9.12 Gb Free Space | 34.38% Space Free | Partition Type: NTFS

Computer Name: MADSKY2 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/12 16:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/06/20 21:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/06/20 21:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2006/04/06 13:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2006/04/06 13:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2006/03/24 15:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/12/28 11:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2005/12/28 10:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2005/12/28 10:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2005/12/28 10:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005/12/28 10:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005/12/28 10:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/04/13 03:48:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

PRC - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

PRC - [2003/10/29 01:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2003/06/02 12:50:58 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

PRC - [2003/06/02 12:25:24 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

========== Modules (SafeList) ==========

MOD - [2011/01/12 16:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe

MOD - [2008/04/13 18:12:08 | 000,233,472 | ---- | M] () -- C:\WINDOWS\ifudoyat.dll

MOD - [2008/04/13 18:11:51 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll

MOD - [2008/04/13 18:11:51 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/04/06 13:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2005/12/28 11:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2005/12/28 10:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2005/12/28 10:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2005/12/28 10:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/09/26 14:29:08 | 000,166,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2006/09/14 16:45:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2006/09/14 16:45:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2006/09/14 16:45:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)

DRV - [2006/08/02 14:52:41 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/03/08 10:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2005/12/28 12:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2005/12/04 08:55:30 | 001,428,096 | ---- | M] (Intel

Extras.Txt

Link to post
Share on other sites

Go to the Control Panel / Add Remove Programs and Remove:

Whitesmoke Translator

Viewpoint

Bonjour

J2SE Runtime Environment 5.0 Update 3

Java 2 Runtime Environment, SE v1.4.2_03

Close the Control Panel

We'll install a current version of Java soon (but sooner if you're having any problems viewing websites)

Important Question: Did You install this program?:

Tarma Installer

I want to see why your an important file called boot.ini changed.

Please make files and folders visible:

Click Start > Control Panel > Folder Options.

Select the View Tab.

Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

To view Boot.ini file so You can post its contents, follow these steps:

1. Click Start, point to Settings, and then click Control Panel.

2. In Control Panel, double-click System.

3. Click the Advanced tab, and then click Settings under Startup and Recovery.

4. Under System startup, click Edit.

5. A file named boot.ini will open in Notepad

Copy and paste the contents of this file into your next reply

Note: Boot.ini is essential to the operation of your computer, so be careful not to alter it in any way (do not save it, so you can discard any changes you inadvertently made)

We're going to rerun OTL with a script that fixes the infected load points and files on your system as follows:

Note: If the directory C:\asdasdf is something you created or you want to retain then let me know before running OTL,so I can modify the OTL fix (in the code box below, as it call for removal of that directory!!

  • Disable the active protection component of your antivirus by following the directions that apply here:
    http://www.bleepingcomputer.com/forums/topic114351.html
  • Close all open windows on the Task Bar. Click the OTL icon (for Vista or Win 7, right click the icon and Run as Administrator) to restart the OTL program.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Services
    pnscodq
    :OTL
    4 - HKLM..\Run: [Craboqihojise] C:\WINDOWS\ifudoyat.DLL ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [Ytihalu] C:\WINDOWS\ntpiheti.DLL File not found
    2011/01/12 15:51:00 | 000,000,000 | ---D | C] -- C:\asdasdf
    2011/01/10 22:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\{61E2F11F-6B3B-41BF-8293-1CD18A9AA6D5}
    [2011/01/12 00:00:59 | 000,003,017 | ---- | M] () -- C:\WINDOWS\irafirujiqig.dll
    [2011/01/11 23:37:18 | 000,003,017 | ---- | M] () -- C:\WINDOWS\ufayiqopaca.dll
    [2011/01/11 23:22:48 | 000,003,017 | ---- | M] () -- C:\WINDOWS\ehosuxidigibavuk.dll
    [2011/01/11 00:09:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/11 00:00:43 | 000,003,017 | ---- | M] () -- C:\WINDOWS\ugibocuk.dll
    [2011/01/10 23:04:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\pnscodq.sys
    [2011/01/10 22:30:23 | 000,003,017 | ---- | M] () -- C:\WINDOWS\Wkakoqusiwoji.dat
    [2011/01/10 22:27:57 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
    uRun: [Ytihalu] rundll32.exe "c:\windows\ntpiheti.dll",Startup
    mRun: [Craboqihojise] rundll32.exe "c:\windows\ifudoyat.dll",Startup
    FF - HKLM\software\mozilla\Firefox\Extensions\\{61E2F11F-6B3B-41BF-8293-1CD18A9AA6D5}: C:\Documents and Settings\Robert\Local Settings\Application Data\{61E2F11F-6B3B-41BF-8293-1CD18A9AA6D5} [2011/01/10 22:30:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{9DD02B8B-5F73-4D4A-9EF6-D1366C4FA6A0}: C:\Documents and Settings\Stacie\Local Settings\Application Data\{9DD02B8B-5F73-4D4A-9EF6-D1366C4FA6A0}\ [2011/01/12 14:25:27 | 000,000,000 | ---D | M]
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Now click Run Fix and let the program run uninterrupted.
  • Let the program run unhindered, and reboot the PC when it is done (it should do that automatically)
  • Copy/Paste OTL Log in your next reply

Disable the proxy settings in Internet Explorer:

1) Open Internet Explorer - Under

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.