Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix did the job, BUT...


  • Please log in to reply
1 reply to this topic

#1 scrolllick

scrolllick

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 24 September 2009 - 12:25 AM

My Google Chrome browser has been hijacked, but not my Firefox (I use both). After browsing for help online, I ended up using ComboFix, and it did the job!

I'm just posting this now because I read somewhere (from the website or from a ComboFix instruction) that while ComboFix can solve the problem at first run, it is still suggested that I post the log to sites such as bleepingcomputer for further checking of infections. (Very helpful site, BTW, which I run to every now and then.)

My Google Chrome browser seems to be working fine now, at least for a couple of minutes that I've tried it. I'm just posting this now as instructed, seeking experts' opinion on what I can/should do next, if there's any.

I've read that I shouldn't post logs unless requested, but to save time and since I think I've already cleaned my system, I'm posting my log here just in case. Thanks for your assistance.



ComboFix 09-09-23.02 - Pilot 09/24/2009 13:00.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1510 [GMT 9:00]
Running from: c:\documents and settings\Pilot\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Sonyhcp.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-16 12:09 . 2009-09-16 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-16 12:04 . 2009-09-16 12:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-16 11:57 . 2009-09-16 11:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-16 11:56 . 2009-09-16 11:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-16 11:54 . 2009-09-16 12:03 -------- d-s---w- c:\documents and settings\Administrator
2009-09-16 11:54 . 2009-09-16 12:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-09-11 12:46 . 2009-09-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-11 12:15 . 2007-02-20 07:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-09-11 12:15 . 2007-02-20 07:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-09-11 12:09 . 2009-09-11 12:09 -------- d-----w- c:\program files\Bonjour
2009-09-11 12:05 . 2009-09-11 12:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-10 04:54 . 2009-09-10 04:54 -------- d-----w- c:\documents and settings\Pilot\Application Data\WordWeb
2009-09-09 05:14 . 2009-09-09 05:33 -------- d-----w- c:\documents and settings\Pilot\Application Data\dvdcss
2009-09-03 06:26 . 2004-04-23 05:00 7680 ----a-w- c:\windows\system32\CNMVS5y.DLL
2009-09-03 06:26 . 2004-04-23 05:00 116736 ----a-w- c:\windows\system32\CNMLM5y.DLL
2009-09-03 06:26 . 2004-03-11 16:06 86016 ----a-r- c:\windows\system32\CNMCP5y.exe
2009-09-03 06:26 . 2009-09-03 06:26 -------- d-----w- C:\BJPrinter
2009-09-03 06:21 . 2008-04-13 15:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-03 06:21 . 2008-04-13 15:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-01 06:12 . 2009-09-01 06:12 -------- d-----w- c:\documents and settings\Pilot\Local Settings\Application Data\Identities
2009-09-01 03:41 . 2005-09-01 02:03 5888 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-09-01 03:41 . 2005-09-01 02:03 127488 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-09-01 03:40 . 2001-07-09 01:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-09-01 03:38 . 2009-09-01 03:38 -------- d-----w- c:\documents and settings\Pilot\Application Data\Ahead
2009-09-01 03:37 . 2001-03-08 09:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-09-01 03:37 . 2009-09-01 03:40 -------- d-----w- c:\program files\Ahead
2009-09-01 03:37 . 2009-09-01 03:37 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-01 03:37 . 2009-09-01 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-09-01 03:37 . 2001-06-25 22:15 38912 ------w- c:\windows\system32\picn20.dll
2009-09-01 03:37 . 2000-06-26 01:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-08-31 16:01 . 2009-08-31 16:01 -------- d-----w- c:\documents and settings\Pilot\Application Data\OverDrive
2009-08-31 16:00 . 2009-08-31 16:00 -------- d-----w- c:\program files\OverDrive Media Console
2009-08-31 11:17 . 2009-08-31 11:17 -------- d-----w- c:\documents and settings\Pilot2\Application Data\DivX
2009-08-31 10:58 . 2009-08-31 10:58 -------- d-----w- c:\documents and settings\Pilot2\Local Settings\Application Data\Identities
2009-08-31 10:30 . 2009-08-31 10:32 -------- d-----w- c:\documents and settings\Pilot2\Application Data\vlc
2009-08-31 06:18 . 2009-08-31 06:18 -------- d-----w- c:\documents and settings\Pilot2\Application Data\Yahoo!
2009-08-31 05:03 . 2009-08-31 05:03 -------- d-----w- c:\documents and settings\Pilot2\Application Data\uTorrent
2009-08-31 02:57 . 2009-09-12 01:40 -------- d-----w- c:\documents and settings\Pilot\Local Settings\Application Data\Adobe
2009-08-30 10:24 . 2009-08-30 10:24 -------- d-----w- c:\documents and settings\Pilot2\Application Data\Nero
2009-08-28 07:28 . 2009-08-28 07:28 -------- d-----w- c:\program files\uTorrent
2009-08-28 07:28 . 2009-09-24 03:45 -------- d-----w- c:\documents and settings\Pilot\Application Data\uTorrent
2009-08-26 03:45 . 2001-08-17 04:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-08-26 03:45 . 2001-08-17 04:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-08-26 03:41 . 2000-10-01 15:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2009-08-26 03:41 . 1998-07-24 15:00 28160 ----a-w- c:\windows\system32\CMDLGKO.DLL
2009-08-26 03:41 . 1998-07-21 15:00 9728 ----a-w- c:\windows\system32\SYSINKO.DLL
2009-08-26 03:41 . 1998-07-21 15:00 35328 ----a-w- c:\windows\system32\FLXGDKO.DLL
2009-08-26 03:41 . 1998-07-21 15:00 25088 ----a-w- c:\windows\system32\DATGDKO.DLL
2009-08-26 03:41 . 2009-08-26 03:43 -------- d-----w- c:\program files\Abigs
2009-08-26 03:41 . 2009-08-26 03:41 65536 ----a-w- c:\windows\IFinst27.exe
2009-08-26 03:37 . 2009-08-26 03:37 -------- d-----w- c:\documents and settings\Pilot\Application Data\Sony Corporation
2009-08-26 03:34 . 2009-08-26 03:34 -------- d-----w- c:\program files\Sony
2009-08-26 03:33 . 2009-08-26 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-26 03:33 . 2009-08-26 03:33 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-08-26 03:32 . 2009-08-26 03:32 -------- d-----w- c:\program files\Jasc Software Inc
2009-08-26 03:32 . 2009-08-26 03:32 -------- d-----w- c:\documents and settings\Pilot\Application Data\Jasc Software Inc
2009-08-25 09:01 . 2009-08-25 09:01 -------- d-----w- c:\documents and settings\Pilot\Application Data\Nero
2009-08-25 07:15 . 2009-08-25 07:15 -------- d-----w- c:\documents and settings\Pilot2\Local Settings\Application Data\Mozilla
2009-08-25 07:15 . 2009-08-25 07:15 -------- d-----w- c:\documents and settings\Pilot2\Application Data\BitDefender
2009-08-25 05:18 . 2009-08-25 05:18 -------- d-----w- c:\program files\SubtitleWorkshop
2009-08-25 05:01 . 2009-08-25 05:01 -------- d-----w- c:\documents and settings\Pilot\Application Data\DivX
2009-08-25 05:01 . 2009-08-25 05:01 -------- d-----w- c:\windows\system32\custom matrices
2009-08-25 05:01 . 2009-08-25 05:01 -------- d-----w- c:\windows\system32\C2MP
2009-08-25 05:01 . 2009-08-25 05:01 -------- d-----w- c:\windows\system32\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 03:28 . 2009-08-21 05:27 -------- d-----w- c:\documents and settings\Pilot\Application Data\Orbit
2009-09-24 02:25 . 2009-08-24 08:39 -------- d-----w- c:\documents and settings\Pilot\Application Data\vlc
2009-09-24 01:37 . 2009-08-21 05:09 -------- d-----w- c:\program files\IrfanView
2009-09-23 17:13 . 2009-08-25 03:32 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-16 12:03 . 2009-08-21 05:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 12:47 . 2009-08-21 05:45 183272 ----a-w- c:\documents and settings\Pilot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 12:17 . 2009-08-20 05:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-01 03:41 . 2009-08-20 09:01 -------- d-----w- c:\program files\Nero
2009-09-01 03:36 . 2009-08-24 02:57 -------- d-----w- c:\program files\Yahoo!
2009-08-26 03:36 . 2009-08-20 03:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-26 03:33 . 2009-08-20 02:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-25 03:32 . 2009-04-15 05:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-08-25 02:57 . 2009-08-24 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-08-24 10:34 . 2009-08-24 10:34 -------- d-----w- c:\documents and settings\Pilot\Application Data\BitDefender
2009-08-24 10:34 . 2009-08-24 10:04 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-24 10:34 . 2009-08-24 10:34 -------- d-----w- c:\program files\BitDefender
2009-08-24 09:19 . 2009-08-24 09:19 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-08-24 08:29 . 2009-08-24 08:29 -------- d-----w- c:\program files\MSXML 4.0
2009-08-21 06:06 . 2009-08-21 06:06 -------- d-----w- c:\program files\QuickFix
2009-08-21 05:55 . 2009-08-21 05:55 -------- d-----w- c:\documents and settings\Pilot\Application Data\Malwarebytes
2009-08-21 05:55 . 2009-08-21 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-21 05:47 . 2009-08-21 05:47 -------- d-----w- c:\program files\Trend Micro
2009-08-21 05:45 . 2009-08-21 05:45 -------- d-----w- c:\program files\hjsplit
2009-08-21 05:42 . 2009-08-21 05:42 -------- d-----w- c:\program files\WinAce
2009-08-21 05:40 . 2009-08-21 05:40 -------- d-----w- c:\program files\AMP WinOFF
2009-08-21 05:27 . 2009-08-21 05:27 -------- d-----w- c:\program files\Orbitdownloader
2009-08-21 05:24 . 2009-08-21 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-21 05:19 . 2009-08-21 05:19 -------- d-----w- c:\program files\Jdownloader
2009-08-21 05:17 . 2009-08-21 05:17 -------- d-----w- c:\program files\WordWeb
2009-08-21 05:16 . 2009-08-21 05:16 -------- d-----w- c:\program files\NeoMem
2009-08-21 05:15 . 2009-08-21 05:15 -------- d-----w- c:\program files\VirtualDub
2009-08-21 05:11 . 2009-08-21 05:11 -------- d-----w- c:\program files\XVideoConverter
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\program files\Anatoli Klassen Software
2009-08-21 05:07 . 2009-08-21 05:07 693760 ----a-w- c:\windows\GPInstall.exe
2009-08-21 02:10 . 2009-08-21 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-08-21 02:10 . 2009-08-21 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-21 02:10 . 2009-08-21 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\tmtizwrk
2009-08-21 02:10 . 2009-08-21 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-21 02:10 . 2009-08-21 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\tchadyri
2009-08-21 02:10 . 2009-08-21 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-20 09:54 . 2009-08-20 09:54 -------- d-----w- c:\program files\VideoLAN
2009-08-20 09:49 . 2009-08-20 09:49 -------- d-----w- c:\program files\Ares
2009-08-20 09:37 . 2009-08-20 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-20 09:36 . 2009-08-20 09:36 -------- d-----w- c:\program files\Microsoft Works
2009-08-20 09:14 . 2009-08-20 09:14 -------- d-----w- c:\program files\TruDirect
2009-08-20 09:09 . 2009-08-20 09:01 -------- d-----w- c:\program files\Common Files\Nero
2009-08-20 09:01 . 2009-08-20 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-20 05:17 . 2009-08-20 05:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-20 05:17 . 2009-08-20 05:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-20 05:15 . 2009-08-20 05:15 -------- d-----w- c:\program files\Vtune
2009-08-20 05:05 . 2009-08-20 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-20 03:22 . 2009-08-20 03:21 -------- d-----w- c:\program files\VIA
2009-08-20 02:20 . 2009-08-20 02:20 -------- d-----w- c:\program files\Intel
2009-08-20 02:15 . 2009-08-20 02:15 0 ----a-w- c:\windows\nsreg.dat
2009-08-20 01:59 . 2009-08-20 01:59 -------- d-----w- c:\program files\microsoft frontpage
2009-08-20 01:57 . 2009-08-20 01:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2008-11-27 04:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:36 . 2009-08-21 05:55 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 03:36 . 2009-08-21 05:55 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 04:37 . 2008-11-27 04:45 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-11-27 04:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2008-11-27 04:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:08 . 2008-11-27 04:45 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2008-11-27 04:45 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2008-11-27 04:45 81920 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Pilot\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-08-25 782336]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/15/2009 2:13 PM 146312]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/20/2009 12:22 PM 874880]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - C125C44E
*Deregistered* - c125c44e

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-448539723-682003330-1007Core.job
- c:\documents and settings\Pilot\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-21 04:03]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-448539723-682003330-1007UA.job
- c:\documents and settings\Pilot\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-21 04:03]
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pilot\Application Data\Mozilla\Firefox\Profiles\puf3by8s.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
FF - plugin: c:\documents and settings\Pilot\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 13:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-24 13:05
ComboFix-quarantined-files.txt 2009-09-24 04:04

Pre-Run: 182,022,287,360 bytes free
Post-Run: 182,276,255,744 bytes free

219 --- E O F --- 2009-09-10 01:08

Edited by scrolllick, 24 September 2009 - 12:31 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:15 PM

Posted 10 October 2009 - 10:35 AM

Hello scrolllick

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users