Rorschach112

Managers
  • Content Count

    425
  • Joined

  • Last visited

Posts posted by Rorschach112

  1. hello

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".

    [*]During the download, rename Combofix to Combo-Fix as follows:

    CF_download_FF.gif

    CF_download_rename.gif

    [*]It is important you rename Combofix during the download, but not after.

    [*]Please do not rename Combofix to other names, but only to the one indicated.

    [*]Close any open browsers.

    [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

    [*]Double click on combo-Fix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

  2. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

  3. your logs are clean

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

    Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

    • Click the Pt. Restauration button and press OK to the prompts.
    • Click the Corbeille button and press OK to the prompt.
    • Click the Fichiers temp button and press OK to the prompt.
    • Click the Recherche button and let it run ( it may look like it freezes but let it continue )
    • Once it is done click the Suppression button and let it remove anything it finds.
    • Close the program

    Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :

    http://www.adobe.com/products/acrobat/readstep2.html

    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

      [*]ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

      [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

      Here

      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

      [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

      [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

      [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

      [*]Please read my guide on how to prevent malware and about safe computing here

    Thank you for your patience, and performing all of the procedures requested.

  4. if it fails do this

    Please click here to download AVP Tool by Kaspersky.

    • Save it to your desktop.
    • Reboot your computer into SafeMode.

      You can do this by restarting your computer and continually tapping the
      F8
      key until a menu appears.

      Use your up arrow key to highlight SafeMode then hit
      enter
      .


    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder.Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.


    • System Memory

    • Startup Objects

    • Disk Boot Sectors.

    • My Computer.

    • Also any other drives (Removable that you may have)

    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left unneutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.

  5. hello

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  6. hello

    Download ComboFix from one of these locations:

    Link 1

    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

  7. hello

    Download Security Check here or here and save it to your Desktop.

    • Unzip SecurityCheck.zip and a folder named Security Check should appear.
    • Open the Security Check folder and double-click Security Check.bat
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    • Download OTListIt2 to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %systemroot%\System32\antiwpa.dll
      %systemroot%\SYSTEM32\wpa.dll
      %systemroot%\setup\scripts\biestart.exe
      %systemroot%\system32\drivers\royal.sys
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  8. hello

    Run OTList2.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTLI
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
      SRV - (HauppaugeTVServer [On_Demand | Stopped]) -- File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
      [2007/12/28 16:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
      [2009/04/14 19:54:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\uTorrent
      [2008/05/15 23:09:43 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent

      :Services

      :Reg

      :Files

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  9. hello

    • Download OTListIt2 to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %systemroot%\System32\antiwpa.dll
      %systemroot%\SYSTEM32\wpa.dll
      %systemroot%\setup\scripts\biestart.exe
      %systemroot%\system32\drivers\royal.sys
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  10. hello

    Download Rooter.exe to your desktop

    • Then doubleclick it to start the tool
    • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

    • Download OTListIt2 to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %systemroot%\System32\antiwpa.dll
      %systemroot%\SYSTEM32\wpa.dll
      %systemroot%\setup\scripts\biestart.exe
      %systemroot%\system32\drivers\royal.sys
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  11. your logs are clean

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

    Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )

    • Click the Pt. Restauration button and press OK to the prompts.
    • Click the Corbeille button and press OK to the prompt.
    • Click the Fichiers temp button and press OK to the prompt.
    • Click the Recherche button and let it run ( it may look like it freezes but let it continue )
    • Once it is done click the Suppression button and let it remove anything it finds.
    • Close the program

    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

      [*]ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

      [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

      Here

      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

      [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

      [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

      [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

      [*]Please read my guide on how to prevent malware and about safe computing here

    Thank you for your patience, and performing all of the procedures requested.

  12. hello

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    If you use Firefox browser

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  13. lets see

    • Download OTListIt2 to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %systemroot%\System32\antiwpa.dll
      %systemroot%\SYSTEM32\wpa.dll
      %systemroot%\setup\scripts\biestart.exe
      %systemroot%\system32\drivers\royal.sys
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  14. Do this

    Hello

    We will have to create a small 'fix CD' to solve this problem.

    Please download RC.ISO and save it somewhere you can find it.

    Also download MagicISO and install it.

    Start MagicISO. You should see a window informing you about the full version of MagicISO.

    In the bottom right select Try It! and the program will open.

    Click on File and then on Open and navigate to the RC.ISO file you downloaded. Select it, and click Open.

    First, we'll need to add a clean version of userinit.exe to the current RC.ISO

    • In the upper right pane, double click on the i386 folder.
    • Right click in the upper right pane and select Add Files...
    • Navigate to C:\Windows\System32 and select userinit.exe
    • Then click Open to add userinit.exe to the CD image.
    • Click File and select Save As...
    • Name the file RCplus and save it somewhere you can find it.

    Next, we'll need to burn the newly created image to a disk that we can use to fix the problem.

    • Put a blank CD-R disk in your CD burner and close the tray. If an AutoPlay window opens, close it.
    • Click on Tools and select Burn CD/DVD with ISO.... A window will appear.
    • Click on the little folder to the right of CD/DVD Image File then navigate to the newly created RCplus.iso Image file and click Open.
    • In the CD/DVD Writing Speed drop-down menu choose the 8X setting.
    • Under Format make sure that Mode 1 is selected.
    • And finally, click on the Burn it! button to burn RCplus.iso to disk.

    Once the disk is burned, put it in the machine you want to fix and restart it.

    Boot to the CD just as you would with a Windows XP disk.

    At the Welcome to Setup screen, press R to enter the Recovery Console.

    Choose the installation to be repaired by number (usually 1) and press Enter.

    When you are asked for the Administrator password, enter the password or leave it blank (default) and press Enter.

    At the C:\Windows> prompt, type the following commands pressing Enter after each one. Note: Watch the spaces.

    D:

    cd i386

    copy userinit.exe c:\windows\system32

    exit

    After putting in the third command, you should receive the message 1 file copied which will indicate that the operation succeeded.

    Now take out the CD and reboot your computer to normal mode. Try to log in and it should let you back in.

  15. You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    • Backup all your documents and important items only.
    • DO NOT backup any executable files (,exe .scr .html or .htm)
    • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
    • Reformat and Reinstall as outlined HERE

    I suggest you do the following immediately:

    • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.