Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
- Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes
) - Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Download OTL hxxp://oldtimer.geekstogo.com/OTL.exe (change the hxxp to http) save it to your Desktop.
Double click on OTL.exe to run it. Right click OTL.exe and select run as administator for Vista and Win 7.
Disable Norton for say 30 minutes
Start OTL,
Click the Scan All Users checkbox.
Change file age to 60 days
under 
Copy and paste what is below between the lines
msconfig
activex
drivers32
netsvcs
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
mswsock.dll
wininit.exe
services.exe
svchost.exe
tdx.sys
afd.sys
cdrom.sys
i8042prt.sys
netbt.sys
redbook.sys
mrxsmb.sys
/md5stop
HKEY_CURRENT_USER\Software\Classes\CLSID\{64135f0b-49a7-7b9c-302c-e16326399828} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64135f0b-49a7-7b9c-302c-e16326399828} /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
Press the 
An OTL.txt will be created.
Quads
By the way if you are online and wonder if there is a reply to your thread, because the the forum does not auto refresh, you can just press F5 on the keyboard to reload the page.
Remove the Flash Drive from the PC.
Disable Norton for say 30 minutes
Start OTL, under Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom) and run the script. (Red Run Fix Button)
The output log, should be placed in the C:\ _OTL folder after.
Quads
- �1995 - 2013 Symantec Corporation Legal Notice License Agreement Privacy Policy Cookies Site Map RSS
