This is a dangerous tool for supervised use only.

Download ComboFix from one of the following URLs:

To download ComboFix, left-click on one of the links above and if you are using Internet Explorer, you will see a prompt similar to the figure below.

 

Download ComboFix Screenshot
Download ComboFix Prompt

 

Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. An image showing this is below.

 

Downloading ComboFix to the Desktop
Downloading ComboFix to the Desktop

 

When you have the Save as screen configured to save ComboFix.exe to the Desktop, click on the Save button. ComboFix will now start downloading to your computer. If you are on a dialup, this may take a few minutes. When ComboFix has finished downloading you will now see an icon on your desktop similar to the one below.

 

ComboFix Icon
ComboFix Icon

Do not start ComboFix

You are almost ready to start ComboFix, but before doing so, you need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Once you double-click on the icon, you may see a screen similar to the one below.

 

Windows Open File Security Warning
Windows Open File Security Warning

 

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button. You will now see the first ComboFix screen as shown below.

 

ComboFix is Preparing to Run
ComboFix is Preparing to Run

 

ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen shown below.

 

ComboFix Disclaimer
ComboFix Disclaimer

 

If you do not agree to the disclaimer, then press the number 2 key on your keyboard and then press enter to exit the program. Otherwise, to continue you should press the number 1 key and then press the enter key to continue. If you decided to continue, then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

 

ComboFix is backing up the Windows Registry
ComboFix is backing up the Windows Registry

 

Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

 

ComboFix is scanning the computer for infections
ComboFix is scanning the computer for infections

 

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

 

Stages of the ComboFix AutoScan
Stages of the ComboFix AutoScan

 

At the time of this writing there are a total of 41 stages as shown in the image below, so please be patient.

 

41st Stage of the ComboFix AutoScan
41st Stage of the ComboFix AutoScan

 

When ComboFix has finished running, you will see a screen stating that it is preparing the log report as shown below.

 

ComboFix is preparing the log report
ComboFix is preparing the log report

 

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. This can be seen in the image below.

 

ComboFix is almost done!
ComboFix is almost done!

 

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you as shown below.

 

ComboFix Log File
ComboFix Log File

Post the log back here along with a new Hijackthis log.