Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ran Hitman Pro now Windows wont restart!


  • This topic is locked This topic is locked

#1
nesguys

nesguys

    Member

  • Member
  • PipPip
  • 12 posts
Hi, I had the google redirect virus and ran hitman pro. It detected a rootkit, I restarted and now windows won't reload and I am unable to restore. Any help would be greatly appreciated. Thanks!
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
:welcome:

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh by noahdfear to your USB drive
  • Also Download Query.exe by noahdfear to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Once this process is completed, download Dumpit by noahdfear to the USB drive.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Confirm that you see the file dumpit in your USB drive and double click on it.
  • After it has finished a report will be located in your USB drive named mbr.zip
  • Plug the USB back into the clean computer post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.zip file must be attached to your reply.

  • 0

#3
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you for the reply! I have attempted to run the xPUD cd but it just hangs and goes black after i select English. I re-burned and tried again but no luck. Is there a way to run it off the USB drive?
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
No need to select the language. Just press Enter. English will be selected.

Here are the instructions for a USB drive:

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download driver.sh to your USB
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Once this process is completed, download Dumpit by noahdfear to the USB drive.
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • The computer must be set to boot from the USB drive
  • In some computers you need to tap F12 and choose to boot from the USB, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Close Open Terminal.
  • Confirm that you see the file dumpit in your USB drive and double click on it.
  • After it has finished a report will be located in your USB drive named mbr.zip
  • Plug the USB back into the clean computer post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.zip file must be attached to your reply.

Please note - all text entries are case sensitive
  • 0

#5
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Tried this off the USB and it gets to the point where it says loading.........Ready then some quick txt across the screen and goes black. Can't seem to get this to work.
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
What is the Operating System?
  • 0

#7
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Windows 7
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Are you able to reach the Advanced Menu by Tapping F8 at startup, where a "Repair My Computer" option is available, or as an alternate, a Windows 7 install DVD. If you do, follow these steps:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

  • 0

#9
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
As soon as I get to repair options the USB drive no longer lights up and is not accessable.
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Is it visible when Notepad is ran?
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Try other ports also.
  • 0

#12
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No Just the CD drive and the Hard drive partitions it looks like.
  • 0

#13
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Found one that works!
  • 0

#14
nesguys

nesguys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 22-03-2012 18:06:31
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6539880 2010-11-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2010-12-23] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-02] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-09-30] (McAfee, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM\...\RunOnce: [EDocs] C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe /s [1499648 2010-04-28] (Dell Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 13.36.0.1 13.36.0.2
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Notification Packages] scecli
FAPassSync

==================== Services (Whitelisted) ======

2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-06-30] (Intel Corporation)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
3 qicflt; C:\Windows\System32\Drivers\qicflt.sys [29288 2010-07-12] (Quanta Computer)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [39832 2010-06-18] (Intel Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-22 18:06 - 2012-03-22 18:06 - 0000000 ____D C:\FRST
2012-03-21 18:13 - 2012-03-21 19:40 - 0000000 ____D C:\Emergency
2012-03-21 17:55 - 2012-03-21 19:39 - 0000000 ____D C:\Windows\SMINST

============ 3 Months Modified Files and Folders =============

2012-03-22 18:06 - 2012-03-22 18:06 - 0000000 ____D C:\FRST
2012-03-21 19:40 - 2012-03-21 18:13 - 0000000 ____D C:\Emergency
2012-03-21 19:40 - 2011-06-27 11:03 - 0000000 ____D C:\dell
2012-03-21 19:40 - 2011-06-27 10:44 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-21 19:40 - 2011-06-27 09:43 - 0000000 ____D C:\Program Files (x86)\Bing Bar Installer
2012-03-21 19:40 - 2011-06-27 09:41 - 0000000 ____D C:\Program Files\mcafee
2012-03-21 19:40 - 2011-06-27 09:41 - 0000000 ____D C:\Program Files\Dell Support Center
2012-03-21 19:40 - 2011-06-27 09:41 - 0000000 ____D C:\Program Files\Common Files\mcafee
2012-03-21 19:40 - 2011-06-27 09:41 - 0000000 ____D C:\Program Files (x86)\mcafee.com
2012-03-21 19:40 - 2011-06-27 09:41 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-03-21 19:40 - 2011-06-27 09:38 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-21 19:40 - 2011-06-27 09:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-21 19:40 - 2011-06-27 09:32 - 0000000 ____D C:\Program Files (x86)\Creative Live! Cam
2012-03-21 19:40 - 2011-06-27 09:32 - 0000000 ____D C:\Program Files (x86)\Creative
2012-03-21 19:40 - 2011-06-27 09:29 - 0000000 ____D C:\Program Files (x86)\Dell
2012-03-21 19:40 - 2011-06-27 09:28 - 0000000 ____D C:\Program Files (x86)\eBay
2012-03-21 19:40 - 2011-06-27 09:27 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-21 19:40 - 2011-06-27 09:27 - 0000000 ____D C:\Program Files (x86)\Cozi Express
2012-03-21 19:40 - 2011-06-27 09:25 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-21 19:40 - 2011-06-27 09:24 - 0000000 ____D C:\Program Files (x86)\Citrix
2012-03-21 19:40 - 2011-06-27 09:19 - 0000000 ____D C:\Program Files (x86)\JMicron
2012-03-21 19:40 - 2011-06-27 09:17 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-21 19:40 - 2011-06-27 09:13 - 0000000 ____D C:\Program Files\Intel
2012-03-21 19:40 - 2011-06-27 09:12 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-03-21 19:40 - 2011-06-27 09:10 - 0000000 ____D C:\Program Files\Dell Inc
2012-03-21 19:40 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-03-21 19:40 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-21 19:40 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-03-21 19:40 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-21 19:40 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-21 19:40 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-21 19:40 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-21 19:40 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Services
2012-03-21 19:40 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-21 19:40 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-21 19:39 - 2012-03-21 17:55 - 0000000 ____D C:\Windows\SMINST
2012-03-21 19:39 - 2011-06-27 11:33 - 0000000 ____D C:\Program Files\STMicroelectronics
2012-03-21 19:39 - 2011-06-27 11:32 - 0000000 ____D C:\Program Files\Synaptics
2012-03-21 19:39 - 2011-06-27 10:45 - 0000000 ____D C:\Program Files\Realtek
2012-03-21 19:39 - 2011-06-27 10:44 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-03-21 19:39 - 2011-06-27 10:44 - 0000000 ____D C:\Users\All Users\Application Data\NVIDIA
2012-03-21 19:39 - 2011-06-27 10:44 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-21 19:39 - 2011-06-27 10:44 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-21 19:39 - 2011-06-27 10:06 - 0000000 ____D C:\Users\Administrator\Application Data\Creative
2012-03-21 19:39 - 2011-06-27 10:06 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2012-03-21 19:39 - 2011-06-27 09:48 - 0000000 ____D C:\Program Files\Roxio
2012-03-21 19:39 - 2011-06-27 09:39 - 0000000 ____D C:\Windows\en
2012-03-21 19:39 - 2011-06-27 09:38 - 0000000 ____D C:\Program Files\Windows Live
2012-03-21 19:39 - 2011-06-27 09:07 - 0000000 ____D C:\users\UpdatusUser
2012-03-21 19:39 - 2009-07-14 02:45 - 0000000 ____D C:\Windows\ShellNew
2012-03-21 19:39 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-03-21 19:39 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\Offline Web Pages
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\addins
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\MSBuild
2012-03-21 19:39 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-03-21 19:39 - 2009-07-14 00:08 - 0000000 ____D C:\users\Administrator
2012-03-21 19:39 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\Setup
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 __RSD C:\Windows\Media
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\IME
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\ias
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Dism
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\com
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System³2\ar-SA
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-03-21 19:39 - 2009-07-13 22:22 / 0000000 ____D C:\Windows\Speech
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\schemas
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Resources
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PLA
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\L2Schemas
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\IME
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Help
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Globalization
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Cursors
2012-03-21 1¹:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Branding
2012-03-21 19:39 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-21 19:39 - 2009-07-±3 22:20 - 0000000 ____D C:\users\Public
2012-03-21 19:39 - 2009-07-13 "2:20 - 0000000 ____D C:\Program Files\Windows NT
2012-03-21 19:38 - 2011-06-27 10:46 - 0000000 ____D C:\Windows\System32\SRSLabs
2012-03-21 19:38 - 2011-06-27 10:45 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-03-21 19:38 - 2011-0¶-27`09:19 - 0000000 ____D C:\Windows\SysWOW64\SDA
2012-03-21 19:38 - 2011-06-27 09:10 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-21 19:38 - 2011-06-27 09:03 - 0000000 ____D C:\Windows\SysWOW64\NV
2012-03-21 19:38 - 2011-06-27 09:03 - 0000000 ____D C:\Windows\System32\NV
2012-03-21 19:38 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-21 19:38 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-21 19:38 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-21 19:38 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\System32\winrm
2012-03-21 19:38 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-03-21 19:38 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-03-21 19:38 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-03-21 19:38 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-03-21 19:38 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\restore
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\TAPI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\ras
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sppui
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\spp
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\spool
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Speech
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\SMI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Setup
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\ras
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\oobe
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\MUI
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-03-21 19:38 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-21 19:34 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3828.3 MB
Available physical RAM: 3277.89 MB
Total Pagefile: 3826.45 MB
Available Pagefile: 3261.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:441.31 GB) (Free:409.26 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:24.41 GB) (Free:16.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1901 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 24 GB 40 MB
Partition 3 Primary 441 GB 24 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 24 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 441 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1900 MB 768 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1900 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2011-06-27 10:42

======================= End Of Log ==========================
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Download the enclosed file. Attached File  fixlist.txt   35bytes   91 downloads

Save it next to FRST in the USB drive. Run FSRT as you did before. This time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, boot in Normal Mode.

If able to, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP