MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 01-08-13, 13:01
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Something sinister?

Hello. I've recently asked a couple questions from the members here, and they've have been really great with their responses, so here I am again. Only this time with something that may be a bit more ominous.

In the past couple of days I had started to notice some strange files showing up in some of my system folders. Things like NTUSER.DAT, ntuser notepad's, the desktop.ini and .recently-used.xbel. Now these were showing up in my Administrator folders, User folders, Documents folder, Pictures, Video .. etc.

Now knowing that I had made no changes whatsover to my system, I became somewhat intrigued/paranoid. I ran my anti-virus program, malware scan and TDSSkiller. I was only able to locate 2 low-level malware infections from a couple of years ago (which I removed).

I then turned back on hidden files and folders and hide protected files (why they were off, I have no clue) and looked to see if the exposed files above were still showing. They were. I went through regedit and made sure that the hide key #'s were correct. They were, and the files above were still showing. So only then by right-clicking and switching them to read-only and hidden, did they go hidden again.

The .recently-used.xbel had been modified a couple of days ago, but not by me. And, again, I did not switch my hidden settings off to expose the above files. They were set to keep all files hidden.

Does this sound like it could be a possible keylogger?

Any help appreciated.

I do have a Hijack This report log, if someone would like to see it.

Last edited by buzzkilt; 01-08-13 at 13:11..
Reply With Quote
Sponsored links
  #2  
Old 01-08-13, 20:11
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

None of those files you mentioned are malware and it doesn't "smell" of malware at all but if you would like for me to rule that out you will need to follow the below instructions.

READ & RUN ME FIRST. Malware Removal Guide
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-09-13)
  #3  
Old 01-09-13, 02:02
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Okay, here are my logs and thank you for your help.
Attached Files
File Type: txt RKreport[1]_S_01082013_02d2138.txt (3.4 KB, 3 views)
File Type: txt mbam-log-2013-01-08 (21-55-16).txt (1.8 KB, 3 views)
File Type: txt TDSSKiller.2.8.15.0_09.01.2013_01.55.53_log.txt (4.2 KB, 3 views)
File Type: log HitmanPro_20130109_0128.log (2.7 KB, 3 views)
File Type: zip MGlogs.zip (224.3 KB, 2 views)
Reply With Quote
  #4  
Old 01-09-13, 10:18
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 8 detections:
  • [RUN][SUSP PATH] HKLM\[...]\Run : DvhhCCFbLujqW.exe (C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : Windows Resurections (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
  • [RUN][ROGUE ST] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : Diagnostic Manager (C:\WINDOWS1\TEMP\15057346.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : reader_s (C:\Documents and Settings\User\reader_s.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : Windows Resurections (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
  • [RUN][ROGUE ST] [ON_E:User]HKCU[...]\Run : Diagnostic Manager (C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe) -> FOUND
Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
  • R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
  • O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
  • O4 - HKLM\..\Run: [DvhhCCFbLujqW.exe] C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe

After clicking Fix exit HJT.


Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.
  • Right-click OTM.exe And select " Run as administrator " to run it.
  • Paste the following code under the area. Do not include the word Code.

Code:
:Files
C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe
C:\WINDOWS1\TEMP\hkhwpxs.exe
C:\WINDOWS1\TEMP\15057346.exe
C:\Documents and Settings\User\reader_s.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe
C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe
C:\Documents and Settings\User\Local Settings\Application Data\couponamazing
C:\Program Files\Common Files\Spigot
C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe
C:\Documents and Settings\All Users\Application Data\blekko toolbars
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SearchSettings"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}]

:Commands
[emptytemp]
[Reboot]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



Now give Hitman a rerun and have it delete Malware Remnants and Potential Unwanted Programs.

Please give Ccleaner a run, not the registry scanner, just the cleaner itself, to be rid of many temp files.

Go to this MGTools and download the new version of MGtools.exe. Overwrite your previous MGtools.exe file with this one.

Run the new MGTools.exe and attach the new MGlogs.zip

Re run RogueKiller once more, just a scan and attach log please.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-09-13)
  #5  
Old 01-09-13, 13:21
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Before I go any further, during the process of running OTM it moved 6 processes under the title of "Processes Killed". Then the program just sat there. There was no prompt to reboot or any indication that it was done, other than the hour glass timer turned into an I type slash. I gave it an hour to see if something else would happen, but it did not. So I had to reboot the pc by switching off the power. Everything then started up fine, but there was no .log file to be found in the _OTM heirarchy of folders. I did manage, however, to jot everything down by hand before I manually restarted the computer.

Should I proceed to the next step?

Last edited by buzzkilt; 01-09-13 at 13:28..
Reply With Quote
Sponsored links
  #6  
Old 01-09-13, 16:39
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Quote:
Should I proceed to the next step?
Please..
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-09-13)
  #7  
Old 01-09-13, 18:56
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Problems incurred -

- during the run of MG Tools, I could not locate O4 - HKLM\..\Run: [DvhhCCFbLujqW.exe] C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe to fix it. It wasn't listed.

- OTM created no data log in the C:\_OTM\MovedFiles folder hierarchy (attached is a txt of what I jotted down before restarting the pc)

- Hitman Pro showed 5 remnants (one I believe was my anti-virus definitions list, even though it is disabled), but wouldn't allow me to delete anything. It said I had to register & purchase.

Improvements are that the speed of the pc is quick and responsive again. I no longer see two quick black boxes in the upper left of the desktop screen upon start-up. They would briefly flash when the pc was first initializing. They were titled C\Windows\32cmd.exe or something to that effect. I would have listed this problem from the beginning, but it just started yesterday, after my initial post.

I'm not sure if I missed something with regards to HitmanPro. I dl'ed it from this site, and from the listing in the Malware Guide.
Attached Files
File Type: txt RKreport[2]_S_01092013_02d1114.txt (4.5 KB, 1 views)
File Type: txt OTM.txt (1.2 KB, 1 views)
File Type: log HitmanPro_20130109_1816.log (4.9 KB, 1 views)
File Type: zip MGlogs.zip (225.2 KB, 1 views)
File Type: txt RKreport[4]_S_01092013_02d1835.txt (3.2 KB, 1 views)
Reply With Quote
  #8  
Old 01-10-13, 08:40
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Seems like you did not run Ccleaner as I requested. Please do so. And some of our last fix failed, let's try again.


Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 5 detections:
  • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
  • [RUN][PREVRUN] [ON_E:User]HKCU[...]\Run : reader_s (C:\Documents and Settings\User\reader_s.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
  • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : Windows Resurections (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
  • [RUN][ROGUE ST] [ON_E:User]HKCU[...]\Run : Diagnostic Manager (C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe) -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Download The Avenger by Swandog469, and save it to your Desktop.
  • Extract avenger.exe from the Zip file and save it to your desktop
  • Run avenger.exe by double-clicking on it.
  • Do not change any check box options!!
  • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
Quote:
Files to delete:
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS1\TEMP\hkhwpxs.exe
C:\Documents and Settings\User\reader_s.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe
C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe


Folders to delete:
C:\Documents and Settings\User\Local Settings\Application Data\couponamazing
  • Now click the Execute button.
  • Click Yes to the prompt to confirm you want to execute.
  • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
  • Your PC should reboot, if not, reboot it yourself.
  • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.



Re run Hitman and have it delete Malware remnants please.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-11-13)
  #9  
Old 01-10-13, 09:50
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Thank you for your continued patience with me.

Alas, I found the HitmanPro trial license agreement and was able to have it delete the found remnants. I've attached the log from after the HitmanPro deletion process.
Attached Files
File Type: txt RKreport[2]_D_01102013_02d0906.txt (3.3 KB, 2 views)
File Type: txt avenger.txt (3.2 KB, 3 views)
File Type: log HitmanPro_20130110_0932.log (2.3 KB, 2 views)
File Type: zip MGlogs.zip (222.3 KB, 4 views)
Reply With Quote
  #10  
Old 01-10-13, 16:23
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Re run RogueKiller again, just a scan please, and attach the log.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-11-13)
Sponsored links
  #11  
Old 01-10-13, 18:03
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

When I ran this before, not this time (as I only scanned), I noticed that two of the entries became listed as error when deleting.
Attached Files
File Type: txt RKreport[3]_S_01102013_02d1756.txt (3.2 KB, 2 views)
Reply With Quote
  #12  
Old 01-10-13, 18:17
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

The last attached RKReport was done with my files set back to hidden.

This is the report with the windows files not hidden. Sorry about that.
Attached Files
File Type: txt RKreport[4]_S_01102013_02d1811.txt (3.2 KB, 3 views)
Reply With Quote
  #13  
Old 01-10-13, 20:48
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Please download Combofix to your desktop. Please refer to these instructions prior to running.

Attach log once done.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-11-13)
  #14  
Old 01-10-13, 22:03
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

ComboFix log.
Attached Files
File Type: txt log.txt (14.3 KB, 5 views)
Reply With Quote
  #15  
Old 01-11-13, 10:21
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Now we need to use ComboFix by sUBs
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
  • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
Code:
KILLALL::

Driver::
BFYQA

File::
c:\docume~1\User\LOCALS~1\Temp\BFYQA.exe
C:\WINDOWS1\TEMP\hkhwpxs.exe
C:\Documents and Settings\User\reader_s.exe
C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe
C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe



  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.


Now rerun RogueKiller and attach that log too.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-11-13)
Sponsored links
  #16  
Old 01-11-13, 11:13
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Logs -
Attached Files
File Type: txt log.txt (13.2 KB, 3 views)
File Type: txt RKreport[1]_S_01112013_02d1106.txt (3.0 KB, 1 views)
Reply With Quote
  #17  
Old 01-11-13, 11:23
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Dammit. Run Ccleaner (not the reg scanner just the cleaner itself) and then rerun RogueKiller again after reboot and attach the new log please.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following User Says Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-13-13)
  #18  
Old 01-11-13, 11:39
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Edit. I didn't reboot. I'll be right back.
Attached Files
File Type: txt RKreport[1]_S_01112013_02d1136.txt (3.0 KB, 2 views)
Reply With Quote
  #19  
Old 01-11-13, 11:52
buzzkilt buzzkilt is offline
Private First Class
 
Join Date: Jan 2009
Posts: 32
Thanks: 24
Thanked 0 Times in 0 Posts
Default Re: Something sinister?

Okay, redid the process. Ccleaner > reboot > RKiller > log

Just tell me where & when to run Ccleaner.
Attached Files
File Type: txt RKreport[2]_S_01112013_02d1149.txt (3.0 KB, 4 views)
Reply With Quote
  #20  
Old 01-11-13, 18:16
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,447
Thanks: 919
Thanked 3,615 Times in 3,524 Posts
Default Re: Something sinister?

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

Also...


Run this and attach the results.

Using ESET's Online Scanner
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
The Following 2 Users Say Thank You to Kestrel13! For This Useful Post:
buzzkilt (01-13-13), Fillibuster (01-11-13)
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:54.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger