Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD when running DDS, please help


  • This topic is locked This topic is locked
34 replies to this topic

#1 rishi.sage

rishi.sage

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 14 September 2009 - 01:59 AM

Hey all, thanks for any help
Dell Inspiron 8500 Laptop XP Home SP2 512Mb Ram
My computer has lately started crashing all the time, especially in Windows explorer. Also when I was trying to install new drivers downloaded from Dell.
It crashed during two attempts to run DDS, so there is no log pasted here (no log generated) generating a kernel mode exception not handled stop message.
AVG scan and Hijack this also cause the computer to crash, usually with the page fault in non-paged area stop message.
The funny thing is that in safe mode these programs don't cause crashes.........(didn't try DDS in safe mode yet)
I was going through the services list and noticed services for the following all located in and running from the temp file: OGI.exe, NQUGTI.exe, ETMFW.exe, CZD.exe, & ROUHREN.exe.......The temp file is now clean, but I wonder what these would be?
Here is the RootReveal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/14 00:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF16C1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C70000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF8CBF000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0D43000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF8BFC000 Size: 5248 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF8410000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ae606

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1913fc0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ae05a

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18add3c

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1914580

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1928900

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1928b10

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18af652

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1914670

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1911210

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ade46

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18adf30

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1928280

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ae8cc

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf192bf10

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf192bf90

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ae362

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf192a180

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1929f40

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf192c6f0

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf192c150

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1913be0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf192c540

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1914190

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1911440

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18adbba

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1929200

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ae814

#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf18ae494

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1912e70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1912f20

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1912fe0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1911d60

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1913250

==EOF==

Attached Files

  • Attached File  ark.txt   10.18KB   6 downloads


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 29 September 2009 - 08:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 rishi.sage

rishi.sage
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 02 October 2009 - 08:11 AM

Thanks THCBytes!
Problem is not resolved yet. Have not been able to run DDS without the computer crashing. the main symptom with my computer is that several programs when I run them, immediately incur a BSOD --- DDS, AVG Anti-spyware (now AVG AV/AS), Hijack This, and more commonly now any time I am using Microsoft Explorer, or even accessing folders on the desktop, the whole thing will just crash......
But it starts up reliably each time.
I have physically cleaned the computer, scanned , defragged (also page file), use CCleaner religiously, emptied temp folders, chkdsk, checked the memory modules, pretty much the entire pre-troubleshooting checklist that you all have provided before posting here....
I see that you have additional instructions about running DDS! I have to run to work but you can expect another response from me later in the day......
Thanks again!
Warmly,
Sage

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 02 October 2009 - 09:32 AM

:(
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:53 PM

Posted 02 October 2009 - 09:39 AM

Hi Sage,

Welcome to Bleeping Computer. Sorry for the delay; we have been very busy lastely.


Along with a DDS log, if you can get it to run,


Please download Win32kDiag.exe by AD to the desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply:
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#6 rishi.sage

rishi.sage
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 03 October 2009 - 07:07 PM

Dear SS,
Thanks so much for your help!
Ran win32Kdiag before I tried to run DDS again -- which crashed again -- Win32kdiag logfile attached.
I even downloaded the pif version of DDS, so as to see if there was a difference from the scr version -- no difference I guess...
Should I still delete these from my desktop as recommended even though I can't get them to complete?
Would it be at all worthwhile to try DDS in safe mode?
Thanks for helping me with this even though I cannot run DDS or hijackthis to help you diagnose properly............
Appreciatively,
Sage

Running from: C:\Documents and Settings\sage\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\sage\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Attached Files



#7 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:53 PM

Posted 03 October 2009 - 09:40 PM

Hi Sage,


You're welcome. :( Yes you can delete DDS from your desktop.



Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#8 rishi.sage

rishi.sage
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 04 October 2009 - 03:36 AM

Thanks SS,

Very interesting!
To begin with I disabled Spyware Guard, Zone Alarm, AVG 8.5 resident shield, and Spyware Terminator.
I then received a warning right at the beginning that Avira Anti-Virus personal was running, even though I haven't had this program on this computer for many years (I even went in to the registry to see if there were lingering files and there weren't) so I don't know where that was coming from - I indicated to proceed anyway....
Combo-Fix then went through all of the tests, deleted some files (5 or so), restarted the computer, and was in the report-writing phase, when Zone Alarm (active again after the restart) popped up a message saying that FEV-cfxx (or something close to that) wanted access to the internet. Since that looked like the program name that started in the task manager when I started Combo-Fix, I granted access. 5 seconds later the computer crashed with a BSOD. I think I should have recorded the message on the BSOD, now that I think of it, perhaps it would be useful to you. I get so many BSOD's that I have stopped recording the details of every one.....alas.
Should I try Combo-Fix again?
Any explanation come to mind about the Antivir, and about the request for access to the internet?
Anything I should do differently?
Thanks so much for your patient guidance, especially if I am perhaps making mistakes as I go.........
Appreciatively,
Sage
p.s. I looked to see if a log had been produced -- nothing on the desktop and nothing in the root folder (C:)

#9 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:53 PM

Posted 04 October 2009 - 11:05 AM

Hi sage,

Yes try running ComboFix again and let me know what happens.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#10 rishi.sage

rishi.sage
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 05 October 2009 - 10:44 AM

Thanks again SS,

Tried twice more with the same result (crash).
Again got the Avira warning before I began the scan each time.
Both times the computer did not need to restart (nor delete any files that I am aware of) but during the "log file creation" phase, would then crash into the BSOD.
I recorded the error code:
0X0000008E (0XC0000005,0X805A1FC3,0XF142E964,0x00000000)
Not sure this will help but wanted to furnish the maximum information possible.
I know you are looking for hard data from my machine -- this is sucking so far..............
Thanks for all your help, I hope there is a way through!
Appreciatively,
Sage

#11 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:53 PM

Posted 05 October 2009 - 02:17 PM

Step #1

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

@echo off
copy C:\WINDOWS\system32\dllcache\scecli.dll c:\scecli.dll
Exit


3. Save the file as "fixes.bat". Make sure to save it with the quotation marks.

4. Double click fixes.bat.




Step #2

We need to execute an Avenger2 script
Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  • Please download The Avenger2 by SwanDog46.
  • Unzip avenger.exe to your desktop.
  • Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    c:\scecli.dll | C:\WINDOWS\system32\scecli.dll
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#12 rishi.sage

rishi.sage
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 05 October 2009 - 09:08 PM

Thank you SS,

Finally a process that was completed as you had instructed!
Here is the log:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Good news?

Attached Files



#13 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:53 PM

Posted 06 October 2009 - 11:32 PM

You're welcome.

Now please try running ComboFix.

and


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#14 rishi.sage

rishi.sage
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 07 October 2009 - 06:24 PM

Thanks SS,

Making progress (sort of)....
Still not able to complete the log report of Combo-Fix before the BSOD........
MBAM successfully found a trojan.banker and others and removed them. I realize I ran a full scan and you said quick scan -- don't know if that makes a difference (sorry)....
Oddly, when I went to save the logfile to my desktop so that I could paste/ attach it here, the computer crashed (BSOD)....
I even restarted and tried again from the MBAM logs section and same thing happened (just like with Combo-Fix!)
Perhaps still more malware at work?
Here's the MBAM logfile:
Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 5.1.2600 Service Pack 2

10/7/2009 5:53:27 PM
mbam-log-2009-10-07 (17-53-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175137
Time elapsed: 51 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0155238.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP479\A0156208.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP480\A0157229.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0157351.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0157406.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0158235.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\Combo-Fix\Combo-Fix.sys (Worm.Agent) -> Not selected for removal.

Thanks so much!
Appreciatively,
Sage

#15 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:53 PM

Posted 08 October 2009 - 09:42 PM

Hi sage,

Running a Full scan is ok.



Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users