Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.prx infected


  • This topic is locked This topic is locked
24 replies to this topic

#1 juanjovv

juanjovv

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 09:47 AM

Hello and sorry about my English

Spy&bot detects virtumonde.prx and can not clean it

I have tryed to clean with antimalewarebytes, ad-aware and superantispyware, but they can not

I will be very thank you if some body can help me.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:07, on 05/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Automatic Update\AutoUpdate.exe
C:\WINDOWS\system32\cisvc.exe
C:\Archivos de programa\NTR global\NTRsupport Installable RC\installablerc.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\TS\DAT\Supdsrc.exe
C:\TS\DAT\SaviaUpd.exe
C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Nf054URw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe
C:\Archivos de programa\USB Disk Win98 Driver\Res.EXE
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\Archivos comunes\Logitech\KhalShared\KHALMNPR.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {bc830943-0ede-4b54-a6dc-536994f1c757} - C:\WINDOWS\system32\zebekeli.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KAV50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Archivos de programa\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [jenuboruvu] Rundll32.exe "C:\WINDOWS\system32\nonabefa.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [jenuboruvu] Rundll32.exe "C:\WINDOWS\system32\nonabefa.dll",s (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://E:\Amadeus Vista 2.2 p212\html\AutoUpdateATL24P210.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/nv/inquiero/mod/s...tivex118_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AD7E70A-77AD-4C41-85A7-F4966A54DFB6}: NameServer = 62.36.225.150,212.101.64.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AD7E70A-77AD-4C41-85A7-F4966A54DFB6}: NameServer = 62.36.225.150,212.101.64.35
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AD7E70A-77AD-4C41-85A7-F4966A54DFB6}: NameServer = 62.36.225.150,212.101.64.35
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~2\GOEC62~1.DLL c:\windows\system32\fitokera.dll c:\windows\system32\wezewugi.dll c:\windows\system32\nuhupofi.dll c:\windows\system32\gigivada.dll c:\windows\system32\gajonosu.dll c:\windows\system32\bejamuge.dll C:\WINDOWS\system32\zovujiwu.dll c:\windows\system32\
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Archivos de programa\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Archivos de programa\Automatic Update\AutoUpdate.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Archivos de programa\Citrix\GoToAssist Express Customer\136\g2ax_service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NTRsupport Installable RC (installablerc) - Net Transmit & Receive - C:\Archivos de programa\NTR global\NTRsupport Installable RC\installablerc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Servicio Kaspersky Anti-Virus (KLBLMain) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Savia Update - Unknown owner - C:\TS\DAT\Supdsrc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9355 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 January 2009 - 10:47 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 11:46 AM

hi fenzodahl

First, thank you very much

I have a new problem. I have download ComboFix and run it. It has been doing registry backup, but after that, has hang in "Preparando para comenzar..."

I'm trying to run it again, but only appears a little progress bar window, after that, a blue window with cursor flashing. I am waiting, but I think is hang again.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 January 2009 - 12:01 PM

Exit ComboFix and do this....


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 01:06 PM

RSIT log.txt

Attached Files

  • Attached File  log.txt   29.31KB   6 downloads


#6 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 01:08 PM

RSIT info.txt

Attached Files

  • Attached File  info.txt   8.47KB   11 downloads


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 January 2009 - 01:27 PM

Please uninstall these programs before proceed with the fixes..

1. Spybot S&D
2. Lavasoft Ad-Aware..



NEXT


The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\tasks\At*.job
    C:\WINDOWS\system32\zebekeli.dll
    C:\WINDOWS\system32\nonabefa.dll
    c:\windows\system32\fitokera.dll
    c:\windows\system32\wezewugi.dll
    c:\windows\system32\nuhupofi.dll
    c:\windows\system32\gigivada.dll
    c:\windows\system32\gajonosu.dll
    c:\windows\system32\bejamuge.dll
    C:\WINDOWS\system32\zovujiwu.dll
    C:\WINDOWS\system32\Nf054URw.exe
    C:\WINDOWS\Temp\4UK730CC.exe
    C:\WINDOWS\system32\Nf054URw.exe.a_a
    C:\WINDOWS\system32\Nf054URw.exe
    C:\WINDOWS\system32\uwugikap.ini
    C:\WINDOWS\system32\awetaziz.ini
    C:\WINDOWS\system32\itayuzog.ini
    C:\Documents and Settings\All Users\Datos de programa\wesokaru
    C:\Documents and Settings\All Users\Datos de programa\sitizeme
    C:\Documents and Settings\All Users\Datos de programa\lulabara
    C:\Documents and Settings\All Users\Datos de programa\viwawobi
    C:\Documents and Settings\All Users\Datos de programa\tihufivi
    C:\Documents and Settings\All Users\Datos de programa\kipiheba
    C:\WINDOWS\system32\onugumob.ini
    C:\WINDOWS\system32\zomuhiwu.dll
    C:\WINDOWS\system32\hizapego.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc830943-0ede-4b54-a6dc-536994f1c757}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "jenuboruvu"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\ARCHIV~1\Google\GOOGLE~2\GOEC62~1.DLL"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\Nf054URw.exe"=-
    "C:\WINDOWS\Temp\4UK730CC.exe"=-
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt


And don't forget, please Attach GMER log as per requested before :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 01:28 PM

Sorry... but I can not download gmer in this computer.

I have downloaded in other, and it is scaning. When finish the scan, I will post gmer log

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 January 2009 - 01:52 PM

Don't worry.. will wait for you :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 02:28 PM

gmer.txt

Thanks again

I think, my computer has something more than virtumonde. Internet explorer open multiple tabs and I have an advise dialog from some antispyware site.

Perhaps would be better drop internet connection on this pc, and read and post from another.

Attached Files

  • Attached File  gmer.txt   368.61KB   24 downloads

Edited by juanjovv, 05 January 2009 - 02:28 PM.


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 January 2009 - 02:48 PM

GMER log looks nice.. Please continue as per my previous instruction at Post #7.. Then post the requested logs here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 02:53 PM

One question before run ERUNT and OTEMoveIt3.

Spy&bot is uninstalled, but I think Ad-Ware is not present. Can I run erunt and OTMove if Ad-ware is not completly removed?

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 January 2009 - 02:55 PM

One question before run ERUNT and OTEMoveIt3.

Spy&bot is uninstalled, but I think Ad-Ware is not present. Can I run erunt and OTMove if Ad-ware is not completly removed?


Yup.. proceed with the next steps :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 03:27 PM

Registry Bakup Created.

Attached, OTMoveItlog.

A dialog like next show while OtMoveIt execution

ADVERT: The application o DLL C:\windows/system32\zomuhiwu.dll is not a valid Windows Imagen. Check this with your instalation disk.


Second RSIT log

Attached Files



#15 juanjovv

juanjovv
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 January 2009 - 03:30 PM

Ah!!! I forgot, Internet explorer crash. I can not run it. Im posting with other computer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users