1. First, please register with the Gladiator Security Forum if you are not currently a member (it is free). You will need to use a valid email address, and follow the instructions to validate your membership. Then you can post. This will help us find your post much easier to distinguish it from anonymous guests. (Click here to reach the registration page: Register)

2. Second, if you ran AntiVirus programs, AntiSpyware programs, or online scans, please let us know which ones you ran, and wherever possible, please post the logs from these programs and scans. The more information you give us, the better we can diagnose your problem(s) and the quicker and more effectively we can begin the cleaning process ans reach a final resolution to your issues.

3. Third, install and run the program(s) as specified in the following post(s).


Last, once you have posted here, do not install or run any antivirus, antispyware, or other cleaning program unless instructed by your helper. Also, please do not install or remove any other software unless instructed by the helpers here.


** Be sure to post all requested logs. Not posting all the logs will delay fixing **






Modified: 2009.06.02 - LPP: Removed all reference to HJT
Modified: 2009.06.10 - LPP: Revised OTListIt instructions. New name and link

*** UPDATED June 10, 2009 ***

Please read and complete the following steps before posting your logs in the Malware Help Forum:

Special Note if Spybot is installed: Before proceeding, disable Spybot Tea Timer and leave it disabled until we're done here. See http://aumha.net/viewtopic.php?t=32409 for information on disabling Tea Timer.

Note: If you don't fully understand what Tea Timer does and how it does it, best to leave it permanently disabled.

Special Note for Vista: In all that follows, and subsequent sessions, you need to run these utilties "As Administrator" in most cases. Right click the program executable and choose "Run as Administrator". If you do not do this, some of these utilities will fail to work, or fail to work properly. If you have any problems with any of the utilities you are asked to run, check that you ran the application as an Administrator. Some of these utilties will not give you a UAC prompt, they will simply exit without doing anything at all or showing an error message.

You may want to print the rest of these instructions for offline reference.

1. Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2. Please download ATF Cleaner by Atribune, saving it to your desktop: http://www.atribune.org/ccount/click.php?id=1
(Mirror site: http://www.majorgeeks.com/ATF_Cleaner_d4949.html)

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
• If you use Firefox browser (and some Mozilla-based browsers):
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

3. Enable Show Hidden Files and Folders
If using Windows XP:

• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

If using Windows Vista or Windows 7:

• Close all programs so that you are at your desktop.
• Open the Control Panel menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

[Online tutorial covering both of the above: http://www.bleepingcomputer.com/tutorials/tutorial62.html]

4. Important! Open Notepad; Click on Format; Uncheck Word wrap, if checked.

5. Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
• In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
• Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
• Do not TOUCH your keyboard until the scan completes!
• It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
• Exit OTL by clicking the X at top right.

6. Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.
• A Notepad document named checkup.txt should then open automatically; close Notepad, saving the file to your desktop. We will need this log, too.

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

7. After Registering, begin your own new thread. Briefly state your problem(s) and tell us what you've done so far to resolve them. Then copy/paste the following into your post (in order):

• the contents of the MBAM log (Step 1)
• the contents of OTL.txt (Step 5)
• the contents of Extras.txt (Step 5)
• the contents of checkup.txt (Step 6)

Please do NOT use the Attachment feature, despite what you might see in any of the above TXT files!

If you follow the above steps, it will accomplish three things:

1. Your computer will be cleaner and in better shape before we even get to your log!
2. It will save the volunteers on this site many hours of work and add to the accuracy of the information they are able to give you - it's easier to see individual trees in a thinned forrest.
3. You won't delay the process of getting up & running again by having to answer a lot of questions.

Please provide us the information we need in order to help you efficiently and effectively. Without this information you will only delay the cleaning process.