Hallo, please help me, I scanned the system in safe mode with malware and avast antivirus softwares.
No use, stil my screen is blocked with federal website. I can not instal otl in safe mode as no internet connection.
Thanking you in advanced
Hallo, please help me, I scanned the system in safe mode with malware and avast antivirus softwares.
No use, stil my screen is blocked with federal website. I can not instal otl in safe mode as no internet connection.
Thanking you in advanced
if able to, follow guide and attach the requested logs http://forum.avast.com/index.php?topic=53253.0
1. AdwCleaner
2. Malwarebytes
3. OTL
4. aswMBR
removal expert is notified…
Thanks for the quick reply, as said in the post I have made all the log files, please find attached.
sorry I do not have the option of converting text file into ANSI as shown in the post.
Regards
sorry I do not have the option of converting text file into ANSI as shown in the post.they are OK....if not they would look like chinese gibbely gobbel ;D
malware removers are notified, it may take hours before they arrive, so be patient
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe File not found
[2013/06/08 22:57:45 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ej4f4.pad
:Files
C:\WINDOWS\tasks\At*.job
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I started the run fix in otl, it has been more than 3 hrs stil the screen is in freeze staute and top next to otl version stands ,not responding, should I leave it like that or reboot system and once again start otl program
Regards
Reboot the system and change the fix script to the following, MBAM is blocking OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe File not found
[2013/06/08 22:57:45 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ej4f4.pad
:Files
C:\WINDOWS\tasks\At*.job
:Commands
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
attached the OTL log file after scanning
How is the computer behaving now, any problems ?
I just booted in normal user mode and so far I have seen small pop up window with the message
[b]Error loading C:/ DOCUME~1\ALLUSE~1\APPLIC~1\4f4je.dat
the specific module could not be found[/b]
good news is that there is no window freeze,
should i worry about the pop up window message
Thanks
Could you run a quick OTL scan and ensure all users is selected, then I will remove that annoyance for you
Hallo, I ran the scan with all users selected, find attached the log file
Regards!
Hmm intriguing I cannot see where that is running from
For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
For 64bit systems, download SystemLook from here.
[*]Double-click SystemLook.exe to run it.
[*]Copy the content of the following codebox into the main textfield:
:filefind
4f4je.dat
:regfind
4f4je.dat
[*]Click the Look button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
find attached log file
Regards!
Are you still getting that popup on start ?
yes still i am getting …
I will remove the orphans now to see if that cures it. On completion could you update and run MBAM
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE - HKU\S-1-5-21-3662394670-4054440944-3676864774-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
[2013/01/17 21:42:59 | 000,093,072 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MALLEMBAKAM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4OZCIA8I.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2013/06/10 22:23:18 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/06/10 22:23:12 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2013/06/10 22:23:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
killing process is taking too long, is it normal or the MBAM is interrupting the process
Regards!
Could you temporarily uninstall MBAM please then re-run the fix, as we need to empty the temp files
Hi, I uninstalled the MBAM and ran the OTL, pls find attached the Extra text file from it
I am afraid I stil see the message when i reboot the system in user mode
Regards!