Yahar 0 Posted May 3, 2011 Report Share Posted May 3, 2011 Ccleaner tells me to close Chrome when I run it, but if hit ctrl+alt+dlt there is no chrome process running. It says the same thing if I try to uninstall Chrome. I even rebooted and tried and it still tells me Chrome is open. I have included my OTL and Extra texts. I already have emsisoft antimalware free installed so I wasn't sure which log I should post. I ran a full scan the other day and it detected a trojan and quarantined it. The emergency kit scan doesn't detect anything. Link to post Share on other sites
Kevin Zoll 309 Posted May 3, 2011 Report Share Posted May 3, 2011 Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTL O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\PsychoLauncher.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launcher.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autoplay\AutoRun.exe [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] :Commands [Purity] [EmptyTemp] [EmptyFlash] [start Explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new log produced by OTL Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! Link to post Share on other sites
Yahar 0 Posted May 3, 2011 Author Report Share Posted May 3, 2011 Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTL O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\PsychoLauncher.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launcher.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autoplay\AutoRun.exe [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] :Commands [Purity] [EmptyTemp] [EmptyFlash] [start Explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new log produced by OTL Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! I ran it but I accidently closed the new log. Where is it saved to? Also Ccleaner still reports Chrome as open after reboot. Link to post Share on other sites
Kevin Zoll 309 Posted May 3, 2011 Report Share Posted May 3, 2011 The new log should be in C:\_OTL Link to post Share on other sites
Yahar 0 Posted May 3, 2011 Author Report Share Posted May 3, 2011 Thanks. Link to post Share on other sites
Kevin Zoll 309 Posted May 3, 2011 Report Share Posted May 3, 2011 Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsSee HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. ----------------------------------------------------------- Attach logs for: ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! Link to post Share on other sites
Yahar 0 Posted May 4, 2011 Author Report Share Posted May 4, 2011 Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsSee HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. ----------------------------------------------------------- Attach logs for: ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! It deleted steam.exe but I'm pretty sure that's a false positive.. Link to post Share on other sites
Kevin Zoll 309 Posted May 4, 2011 Report Share Posted May 4, 2011 It deleted steam.exe but I'm pretty sure that's a false positive.. Yes, that is a False Positive. ComboFix should not have deleted Steam. You will have to reinstall Steam. ComboFix didn't turn up anything of interest. Download avz4.zip from here Unzip it to your desktop to a folder named avz4 Double click on AVZ.exe to run it. Run an update by clicking the Auto Update button on the Right of the Log window: Click Start to begin the update Note: If you receive an error message, chose a different source, then click Start again After the update, from the "File" menu, choose "Standard Scripts" Put a check next to item 2: Advanced System Investigation Click Execute selected scripts At the next prompt, click the OK button Let the scan run and click "OK" when the completion prompt pops up Now Close out of the Standard Scripts window, and exit AVZ Navigate to the avz4 folder and locate the folder LOG Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip Attach the Compressed file, virusinfo_syscheck.zip, to your next reply. Link to post Share on other sites
Yahar 0 Posted May 4, 2011 Author Report Share Posted May 4, 2011 Here ya go. Link to post Share on other sites
Kevin Zoll 309 Posted May 4, 2011 Report Share Posted May 4, 2011 All your scans are coming back clean. Still having problems with CCleaner saying that Chrome is running? Link to post Share on other sites
Kevin Zoll 309 Posted May 7, 2011 Report Share Posted May 7, 2011 Thread Closed Reason: Lack of Response PM either ShadowPuterDude, SpySentinel, or JeanInMontana to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread Español Tema cerrado Razón: La falta de respuesta PM o ShadowPuterDude, SpySentinel, o JeanInMontana para tener este hilo abierto de nuevo. Los procedimientos contenidos en este tema son para este usuario y este usuario solamente. Intentando seguir las instrucciones de este tema en su sistema podría resultar en daños en el sistema operativo más allá de reparación. No utilizar cualquiera de las herramientas mencionadas en este tema sin la supervisión de un especialista en eliminación de malware. Todos los carteles solicitando la asistencia de eliminación de malware están obligados a seguir todos los procedimientos en el hilo titulado Empiece aquí, y si no nos vamos a enviar de vuelta a este hilo Deutsch Thema geschlossen Grund: Fehlende Rückmeldung Solltest Du diesen Thread erneut benötigen, schicke bitte eine PM an ShadowPuterDude, SpySentinel, oder JeanInMontana. Diese Schritte sind ausschließlich für diesen Benutzer in dieser Situation erstellt worden. Wenn Du diese Schritte auf deinem System durchführst, könnte dies dein Betriebsystem irreparabel beschädigen. Verwende also keines der hier verwendeten Tools ohne Anweisung eines Malware Removal Specialist. Für alle User die Unterstützung beim Entfernen von Malware brauchen, bitte folgendes lesen. Starte Hier. Solltest Du dies nicht tun, werden wir auf dieses Thema verlinken Français Discussion fermée Motif: Corrigé Envoyez un PM soit à ShadowPuterDude, SpySentinel, ou soit à JeanInMontana pour avoir réouvert ce fil. Les procédures contenues dans ce fil sont pour cet utilisateur et ce seul utilisateur. Essayez d'utiliser les instructions de ce fil sur votre système pourrait endommager le système d'exploitation au-delà de la réparation. Ne pas utiliser l'un des outils mentionnés dans ce fil sans la supervision d'un spécialiste de suppression de programmes malveillants. Tous les messages demandant une assistance pour la suppression de Malware sont tenus de suivre toutes les procédures dans le fil intitulé DÉMARRÉ ICI, sinon nous allons nous contenter de vous renvoyer à ce fil Italiana Discussione chiusa Motivo: Mancanza di risposta PM o ShadowPuterDude, SpySentinel, o JeanInMontana di avere questo thread riaperto. Le procedure contenute in questo thread sono per questo utente e solo a questo utente. Il tentativo di utilizzare le istruzioni in questo thread sul vostro sistema potrebbe causare danni al sistema operativo al di là di riparazione. Non utilizzare uno degli strumenti citati in questo thread, senza la supervisione di un Malware Removal Specialist. Tutti i poster richiesta di rimozione malware di assistenza sono tenuti a seguire tutte le procedure nel thread intitolato START QUI, se non ci sono solo andare a mandare indietro a questo thread Nederlandse Thread Closed Reden: Gebrek aan respons PM ofwel ShadowPuterDude, SpySentinel, of JeanInMontana te hebben deze draad heropend. De procedures die in deze draad zijn voor deze gebruiker en deze gebruiker. Proberen om de instructies te gebruiken in deze thread op uw systeem zou kunnen leiden tot beschadiging van het besturingssysteem niet meer te repareren. Geen gebruik maken van een van de instrumenten genoemd in deze draad, zonder toezicht van een Malware Removal Specialist. Alle posters verzoekende Malware Removal bijstand nodig zijn om alle procedures in de thread met de titel START HIER volgen, als je niet we zijn gewoon aan u terug te sturen naar deze draad Polska Wątek zamknięty Powód: Brak odpowiedzi PM albo ShadowPuterDude, SpySentinel, of JeanInMontana mieć tego wątku ponownie. Procedury zawarte w tym wątku są dla tego użytkownika i to użytkownika. Próba użycia instrukcji w tym wątku na komputerze może doprowadzić do uszkodzenia systemu operacyjnego naprawić. Nie używać żadnych narzędzi, o których mowa w tym wątku bez nadzoru Malware Removal Specialist. Wszystkie plakaty wniosek Malware Removal pomocy są zobowiązane do przestrzegania wszystkich procedur w wątku pt START HERE, jeśli nie jesteśmy po prostu się wysłać z powrotem do tego wątku Link to post Share on other sites
Recommended Posts