Re: help with search.nu issue

CahaNs · ‎07-29-2012

yeah I have one.

Quads · ‎07-21-2008

Read Slowly and all of it.

Please download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.

Transfer it on to the Flash Drive.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. restart the system and load Windows Please attach the log in your reply.

Quads

CahaNs · ‎07-29-2012

this is the log Quads

Thanks Alot

Quads · ‎07-21-2008

It looks like you have a permissions problem for files and registry, and I can see some of the browser hooking.

Trying to think of the way to attack this. It was like another user after or during the infection and couldn't get programs to run.

Quads

CahaNs · ‎07-29-2012

ok thanks a lot Quads

Quads · ‎07-21-2008

Was any account passwords or accounts created or changed foe Windows on or before the 11th of July.

Quads

CahaNs · ‎07-29-2012

no nothing has been changed.

Quads · ‎07-21-2008

This will start to set things back, but maybe not the permissions yet

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe or frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply (attach).