1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

remove orphanage registry entries

Discussion in 'Virus & Other Malware Removal' started by jothikumar_it, Aug 23, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. jothikumar_it

    jothikumar_it Thread Starter

    Joined:
    Aug 21, 2009
    Messages:
    27
    how to remove orphanage registry entries in registry.
    i could not remove commodo antivirus and avira registry values which i used once.
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    If they don't interfere with anything, leave them. Don't mess with the registry. You won't gain any performance or space by removing the few entries just for the sake of it.
     
  3. jothikumar_it

    jothikumar_it Thread Starter

    Joined:
    Aug 21, 2009
    Messages:
    27
    avira service remains and i could not disable its service
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    You could try the free Revo Uninstaller and look for Avira. If it doesn't find anything,

    Please click here to download and install the HijackThis installer.

    Run it and select Do a system scan and save a logfile.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    Do not fix anything
     
  5. jothikumar_it

    jothikumar_it Thread Starter

    Joined:
    Aug 21, 2009
    Messages:
    27
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:01:24 PM, on 8/24/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Spyware Doctor new\pctsTray.exe
    D:\Internet Download Manager\IDMan.exe
    D:\Diskeeper proprem\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    d:\Spyware Doctor new\pctsAuxs.exe
    d:\Spyware Doctor new\pctsSvc.exe
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\Internet Download Manager\IEMonitor.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\mmc.exe
    d:\Spyware Doctor new\pctsGui.exe
    D:\TuneUp Utilities 2009\Integrator.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\WELCOME\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    d:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsnl.co.in
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
    O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
    O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [StartupDelayer] "D:\Startup Delayer\Startup Launcher.exe"
    O4 - HKLM\..\Run: [ISTray] "d:\Spyware Doctor new\pctsTray.exe"
    O4 - HKCU\..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe /onboot
    O4 - HKLM\..\Policies\Explorer\Run: [] 
    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all links with IDM - D:\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - D:\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235311536421
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: geBqNhee - geBqNhee.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Diskeeper proprem\DkService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Spyware Doctor new\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Spyware Doctor new\pctsSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

    --
    End of file - 12594 bytes
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Your log shows traces of the Trojan.Vundo.

    For Avira, click on Start, Run and type in (or copy and paste) the following commands one by one (click OK after each command):

    sc delete AntiVirMailService

    sc delete AntiVirSchedulerService

    sc delete AntiVirService

    sc delete AntiVirWebService

    As for the infection, you'll have to click on the Report button and ask to be moved to the Malware Removal forum.
     
  7. jothikumar_it

    jothikumar_it Thread Starter

    Joined:
    Aug 21, 2009
    Messages:
    27
    i did it in cmd prompt and received,
    "The specified service does not exist as an installed service".
     
  8. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    I cannot assist you further with this issue as you have malware and errors showing in your HijackThis log.

    Wait for the Malware Removal experts to help you clean up your log.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    [​IMG] Download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
  10. jothikumar_it

    jothikumar_it Thread Starter

    Joined:
    Aug 21, 2009
    Messages:
    27
    i got the below log file and received the error message " The instruction "0x7c918af2" referenced memory at "0x01ca2618:. The memory could not be written."


    Malwarebytes' Anti-Malware 1.40
    Database version: 2697
    Windows 5.1.2600 Service Pack 2

    8/26/2009 10:16:01 AM
    mbam-log-2009-08-26 (10-16-01).txt

    Scan type: Quick Scan
    Objects scanned: 116214
    Time elapsed: 5 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\WELCOME\Application Data\Microsoft\Windows\update8123.cmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTS, allow it to run.
    3. Open the OTS folder and double-click on OTS.exe to start the program.
    4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
    5. Now click the Run Scan button on the toolbar.
    6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.

    NOTE: The only people who can see attachments in the HJT forum are: the thread starter, Admins & Mods, and HJT Helpers & Trainees.
     
  12. jothikumar_it

    jothikumar_it Thread Starter

    Joined:
    Aug 21, 2009
    Messages:
    27
    I receive a message as "OTS.exe is not a valid win32 application"
    Is there any other solution?
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from one of these locations:

    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file & save it as it's originally named.


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]

    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/854801

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice