1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Drive C is always full

Discussion in 'Malware and Virus Removal Archive' started by georgedanao, 2010/10/20.

Thread Status:
Not open for further replies.
  1. 2010/10/20
    georgedanao

    georgedanao Inactive Thread Starter

    Joined:
    2010/10/20
    Messages:
    1
    Likes Received:
    0
    [Inactive] Drive C is always full

    Hey good day.

    I don't know what to do with my computer, even though i'm not installing anything on it, my Local Drive C is always full. Every time I scan it, the free space becomes higher but a few days after it becomes smaller again.

    I have installed the free avast anti-virus, can it block the viruses that may harm my computer because everyday i am using internet.

    Here's the log:

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by user at 14:47:40.45 on Wed 10/20/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.625 [GMT -7:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\spoolsv.exe
    C:\windows\RTHDCPL.EXE
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FAMTAIP.EXE
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FARNAIP.EXE
    C:\Documents and Settings\user\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mystart.incredimail.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: mysidesearch search enhancer: {4545e8ef-6b4d-fdbc-5d5a-f16d432e431b} - c:\windows\system32\xslvdbbflh.dll
    BHO: dcads: {733716e1-76d2-4003-ac39-845281c0ef85} - c:\windows\system32\nsm1B5.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    EB: Search panel: {95b55cb7-130f-3992-e6cf-bb40be700023} - c:\windows\system32\xslvdbbflh.dll
    uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
    uRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\windows\temp\E_SCA.tmp" /EF "HKCU "
    uRun: [EPSON Stylus Photo R230 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\windows\temp\E_SCD.tmp" /EF "HKCU "
    uRun: [Auto EPSON Stylus Photo R230 Series on LANIE] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\windows\temp\E_S91.tmp" /EF "HKCU "
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [api32] c:\docume~1\user\locals~1\temp\apiqq.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [\\MITCH\EPSON Stylus C45 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i3t1.exe /p31 "\\mitch\EPSON Stylus C45 Series" /O6 "USB002" /M "Stylus C45 "
    mRun: [Auto EPSON Stylus C45 Series on CHOY] c:\windows\system32\spool\drivers\w32x86\3\e_s4i3t1.exe /p36 "auto epson stylus c45 series on choy" /o15 "\\choy\EPSONSty" /M "Stylus C45 "
    mRun: [NWEReboot]
    mRun: [EPSON Stylus C45 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45 "
    mRun: [EPSON Stylus C45 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB001" /M "Stylus C45 "
    mRun: [winlogon] c:\windows\winlogon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Waiting1690] c:\windows\stid1690.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    dPolicies-explorer: NofolderOptions = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: {81FF8FA7-49C2-4155-BAED-3A4A87D0EDD6} = 202.78.97.41,210.4.2.61
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\5qxf69bg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
    FF - component: c:\program files\mozilla firefox\components\xslvdbbflh.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    FF - user.js: keyword.enabled - true
    FF - user.js: google.toolbar.linkdoctor.enabled - false

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-15 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-15 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 40384]
    R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2008-4-10 177280]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-15 136176]
    S4 Netma0;Netma0;c:\windows\system32\drivers\netbt.sys [2004-8-12 162816]

    =============== Created Last 30 ================

    2010-10-20 15:19:43 163328 -csh--r- C:\jofk1wf.exe
    2010-10-19 15:41:16 162816 -csh--r- C:\o1o.exe
    2010-10-19 01:25:24 175104 -csh--r- C:\wq.exe

    ==================== Find3M ====================

    2010-09-07 15:12:17 38848 -c--a-w- c:\windows\avastSS.scr
    2010-08-10 16:31:01 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-08-10 16:31:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-08-10 16:30:58 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

    ============= FINISH: 14:48:21.29 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/9/2008 12:47:05 PM
    System Uptime: 10/20/2010 9:28:30 AM (5 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7360
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU 1 | 2671/333mhz
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU 1 | 2671/333mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 49 GiB total, 25.342 GiB free.
    D: is FIXED (NTFS) - 184 GiB total, 103.033 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP696: 7/23/2010 11:21:43 AM - Installed Connect Service
    RP697: 7/24/2010 12:33:19 PM - System Checkpoint
    RP698: 7/26/2010 12:31:01 PM - System Checkpoint
    RP699: 7/27/2010 12:59:09 PM - System Checkpoint
    RP700: 7/29/2010 12:43:11 PM - System Checkpoint
    RP701: 7/30/2010 6:20:50 PM - System Checkpoint
    RP702: 8/2/2010 12:33:03 PM - System Checkpoint
    RP703: 8/4/2010 12:33:34 PM - System Checkpoint
    RP704: 8/6/2010 12:30:12 PM - System Checkpoint
    RP705: 8/7/2010 12:37:30 PM - System Checkpoint
    RP706: 8/9/2010 9:38:14 AM - System Checkpoint
    RP707: 8/10/2010 9:31:57 AM - Installed Windows Installer KB893803v2.
    RP708: 8/10/2010 2:16:36 PM - Removed Wave MP3 Editor v15.2 - Fully Functional Evaluation Version
    RP709: 8/11/2010 6:23:11 PM - System Checkpoint
    RP710: 8/12/2010 9:10:51 PM - System Checkpoint
    RP711: 8/14/2010 12:43:45 PM - System Checkpoint
    RP712: 8/16/2010 12:38:24 PM - System Checkpoint
    RP713: 8/19/2010 10:41:58 AM - Installed JPEG Camera v1.1.3.4.
    RP714: 8/23/2010 10:09:38 AM - System Checkpoint
    RP715: 8/24/2010 11:27:24 AM - System Checkpoint
    RP716: 8/25/2010 12:34:46 PM - System Checkpoint
    RP717: 8/26/2010 12:37:58 PM - System Checkpoint
    RP718: 8/27/2010 1:47:00 PM - System Checkpoint
    RP719: 8/31/2010 9:28:45 AM - System Checkpoint
    RP720: 9/1/2010 12:36:58 PM - System Checkpoint
    RP721: 9/2/2010 12:51:25 PM - System Checkpoint
    RP722: 9/3/2010 6:30:01 PM - System Checkpoint
    RP723: 9/5/2010 2:43:42 PM - System Checkpoint
    RP724: 9/7/2010 12:44:35 PM - System Checkpoint
    RP725: 9/10/2010 12:34:20 PM - System Checkpoint
    RP726: 9/13/2010 8:54:05 AM - System Checkpoint
    RP727: 9/14/2010 12:27:20 PM - System Checkpoint
    RP728: 9/15/2010 8:52:40 AM - avast! Pro Antivirus Setup
    RP729: 9/15/2010 9:54:52 AM - avast! Pro Antivirus Setup
    RP730: 9/15/2010 10:09:32 AM - avast! Free Antivirus Setup
    RP731: 9/17/2010 12:34:55 PM - System Checkpoint
    RP732: 9/18/2010 5:06:14 PM - Avira AntiVir Personal - 9/18/2010 17:06
    RP733: 9/20/2010 12:33:43 PM - System Checkpoint
    RP734: 9/21/2010 12:35:51 PM - System Checkpoint
    RP735: 9/24/2010 12:24:03 PM - System Checkpoint
    RP736: 9/25/2010 4:08:47 PM - System Checkpoint
    RP737: 9/27/2010 12:52:34 PM - System Checkpoint
    RP738: 9/29/2010 12:28:41 PM - System Checkpoint
    RP739: 10/1/2010 12:46:59 PM - System Checkpoint
    RP740: 10/4/2010 9:28:22 AM - System Checkpoint
    RP741: 10/6/2010 5:59:15 PM - System Checkpoint
    RP742: 10/8/2010 12:25:44 PM - System Checkpoint
    RP743: 10/9/2010 12:33:39 PM - System Checkpoint
    RP744: 10/11/2010 12:25:45 PM - System Checkpoint
    RP745: 10/14/2010 12:23:26 PM - System Checkpoint
    RP746: 10/15/2010 12:48:01 PM - System Checkpoint
    RP747: 10/16/2010 5:56:21 PM - System Checkpoint
    RP748: 10/18/2010 8:52:46 AM - System Checkpoint
    RP749: 10/19/2010 12:33:49 PM - System Checkpoint
    RP750: 10/20/2010 9:23:19 AM - Removed ABBYY FineReader 6.0 Professional

    ==== Installed Programs ======================

    ABBYY FineReader OCR Engine for Microtek
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop 7.0
    Adobe Photoshop CS2
    Adobe Reader 8.1.3
    Adobe Stock Photos 1.0
    ArcSoft MediaImpression
    Camera RAW Plug-In for EPSON Creativity Suite
    D2300_Help
    Digital Video
    dj_sf_software
    EPSON Attach To Email
    Epson Copy Utility 3.4
    EPSON Easy Photo Print
    Epson Event Manager
    EPSON File Manager
    EPSON PERFECTION V30_V300 PHOTO Manual
    EPSON PhotoQuicker3.5
    EPSON Print CD
    EPSON PRINT Image Framer Tool2.1
    EPSON Printer Software
    EPSON Scan
    EPSON Scan Assistant
    EPSON Web-To-Page
    ESC45 Reference Guide
    ESC45 Software Guide
    ESPR230 User's Guide
    FLV Direct Player
    Google Chrome
    Google Update Helper
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    hph_readme
    hph_software_req
    HPPhotoSmartExpress
    IncrediMail
    IncrediMail 2.0
    JPEG Camera v1.1.3.4
    LG PC Suite II
    LightScribe 1.4.124.1
    Macromedia Extension Manager
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.0.19)
    MSN
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    Nokia Connectivity Cable Driver
    Nokia PC Connectivity Solution
    Nokia PC Suite
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA WDM Drivers
    PhotoMail Maker
    PIF DESIGNER2.1
    Presto! MaxReader 4.5 LE
    Realtek High Definition Audio Driver
    RelevantKnowledge
    ScanToWeb
    ScanWizard 5
    SCN iConnect Client v3.1
    Search Assistant Dcads
    Search Assistant Mysidesearch
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB958644)
    Skype Toolbars
    Skypeâ„¢ 4.2
    Socialnetworking Helper Dcads
    Sony Picture Utility
    Sony USB Driver
    SSC Service Utility v4.30
    Toolbox
    Unload
    UnloadSupport
    Update for Windows XP (KB951072-v2)
    ViewSonic Monitor Drivers
    WebFldrs XP
    Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    Windows Media Player 11
    Windows Movie Maker 2.0
    Windows XP Hotfix - KB885884
    XVID Codec Installation
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    10/14/2010 6:00:00 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54185 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.103:123->207.46.197.32:123) is working properly.
    10/14/2010 4:58:27 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
    10/14/2010 4:58:27 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
    10/14/2010 4:54:40 PM, error: SideBySide [59] - Generate Activation Context failed for C:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL. Reference error message: The operation completed successfully. .

    ==== End Of File ===========================
     
    georgedanao,
    #1
  2. 2010/10/20
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Yup, you're infected. You're not even running XP SP3, so your system will always be vulnerable.

    DO NOT make any changes to your system now. Wait for a Malware expert to clean your system, once that's done you'll need to get SP3.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/10/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...