Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help!!!!!!


  • Please log in to reply
10 replies to this topic

#1 devildriver32

devildriver32

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 07 June 2012 - 09:03 AM

hi guys, new to this site, looks awesome! my vista freezes after couple of mins, think i got a dodgy toolbar somewhere. if i try and delete from programs it just says 'searching' and gives the egg timer til it freezes. in Safe Mode it wont allow the deletion at all. tried system restore in normal and Safe Modes and both times it asks if i want to continue. press yes then it just doesnt do anything. Cant do it from a recovery disk and i havent the means to make one. i can go online and browse in safe mode but i use my laptop for everything and desperately miss my music! any help appreciated......

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:26 PM

Posted 07 June 2012 - 09:36 AM

Try opening your browser...and disabling all toolbars.

Louis

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 07 June 2012 - 09:44 AM

EDIT: TRy what hamluis offered first.


Hello devildriver32
I moved this from Windows Vista to the Am I Infected forum for now.
What Toolbar is it?
Reboot into Safe Mode with Networking and run tese,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Edited by boopme, 07 June 2012 - 09:45 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 devildriver32

devildriver32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 07 June 2012 - 03:32 PM

hi mate, is this what you are looking for??




MiniToolBox by Farbar Version: 04-06-2012
Ran by Rob (administrator) on 07-06-2012 at 21:28:16
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

LAN-Express AS IEEE 802.11g PCI-E Adapter = Wireless Network Connection (Connected)
Generic Marvell Yukon Chipset based Ethernet Controller = Local Area Connection (Media disconnected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 07 June 2012 - 08:06 PM

Hi, you cut the log short..
What Toolbar is it?


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 devildriver32

devildriver32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 08 June 2012 - 04:44 AM

hi buddy, following Rkill log :

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/06/2012 at 10:40:07.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 08/06/2012 at 10:40:10.

i have done a huge malware scan and it quarantined several objects, problem still persists, is it an .exe problem? can go online ok with no probs in safe mode but still freezes in normal.....

#7 devildriver32

devildriver32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 08 June 2012 - 05:04 AM

hi completed log enclosed....thank u :)

MiniToolBox by Farbar Version: 04-06-2012
Ran by Rob (administrator) on 08-06-2012 at 10:51:49
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

LAN-Express AS IEEE 802.11g PCI-E Adapter = Wireless Network Connection (Connected)
Generic Marvell Yukon Chipset based Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rob-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : LAN-Express AS IEEE 802.11g PCI-E Adapter
Physical Address. . . . . . . . . : 00-1F-3A-F4-69-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1007:ecc4:45e:4ab2%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.86(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 June 2012 08:13:31
Lease Expires . . . . . . . . . . : 09 June 2012 08:13:32
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234889018
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-13-09-2B-00-1A-80-F5-F5-C4
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Generic Marvell Yukon Chipset based Ethernet Controller
Physical Address. . . . . . . . . : 00-1A-80-F5-F5-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ED132A24-C397-46ED-9E92-2B2F14466DBC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:808::1007
173.194.41.142
173.194.41.129
173.194.41.135
173.194.41.130
173.194.41.131
173.194.41.137
173.194.41.136
173.194.41.132
173.194.41.133
173.194.41.134
173.194.41.128



Pinging google.com [173.194.41.132] with 32 bytes of data:

Reply from 173.194.41.132: bytes=32 time=361ms TTL=50

Reply from 173.194.41.132: bytes=32 time=83ms TTL=51



Ping statistics for 173.194.41.132:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 83ms, Maximum = 361ms, Average = 222ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=467ms TTL=44

Reply from 209.191.122.70: bytes=32 time=540ms TTL=45



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 467ms, Maximum = 540ms, Average = 503ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1f 3a f4 69 35 ...... LAN-Express AS IEEE 802.11g PCI-E Adapter
8 ...00 1a 80 f5 f5 c4 ...... Generic Marvell Yukon Chipset based Ethernet Controller
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 isatap.{ED132A24-C397-46ED-9E92-2B2F14466DBC}
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.86 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.86 281
192.168.1.86 255.255.255.255 On-link 192.168.1.86 281
192.168.1.255 255.255.255.255 On-link 192.168.1.86 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.86 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.86 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::1007:ecc4:45e:4ab2/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2012 10:40:15 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/08/2012 08:13:57 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/08/2012 00:06:31 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/07/2012 11:59:35 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/07/2012 11:54:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/07/2012 11:54:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/07/2012 11:42:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/07/2012 11:42:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/07/2012 11:28:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (06/07/2012 11:28:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


System errors:
=============
Error: (06/08/2012 08:23:41 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1325.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/08/2012 08:23:41 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/08/2012 08:15:47 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/08/2012 08:14:30 AM) (Source: Service Control Manager) (User: )
Description: MpFilter
spldr
Wanarpv6

Error: (06/08/2012 08:14:30 AM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/08/2012 08:14:11 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/08/2012 08:14:01 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/08/2012 08:13:57 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/08/2012 08:13:48 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/08/2012 08:13:14 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 06:00:37 on 08/06/2012 was unexpected.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
888casino
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Ant.com IE add-on (Version: 2.2.1.75)
µTorrent (Version: 2.2.1)
AVG Security Toolbar (Version: 11.1.0.7)
Battlefield 2™
Battlefield Vietnam™
BBC iPlayer Desktop (Version: 3.2.14)
BrowserCompanion
Casino-On-Net
CCleaner (Version: 3.12)
Conduit Engine (Version: )
Cossacks - Back To War
D3DX10 (Version: 15.4.2368.0902)
DDD Pool Free Trial
DivX Setup (Version: 2.6.1.5)
Empire Earth
Far Cry (Version: 1.00.0000)
Feedback Tool (Version: 1.2.0)
File Type Assistant
Football Manager 2007
Google Chrome (Version: 19.0.1084.52)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Governor of Poker 2 (Version: 1.0)
iLivid (Version: 1.92)
InstallIQ Updater (Version: 1.4.3.0)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.0.0 (Full) (Version: 8.0.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.180.46)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Connectivity Solution (Version: 11.5.22.0)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PunkBuster for Battlefield Vietnam
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Searchqu Toolbar (Version: 3.0.0.122375)
Segoe UI (Version: 15.4.2271.0615)
Skype™ 5.8 (Version: 5.8.158)
Sudden Strike 2 (Version: 1.0)
swMSM (Version: 12.0.0.1)
Trust Webcam Live (Version: 1.0.4.6)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Disk Win98 Driver
uTorrentBar Toolbar (Version: 6.2.7.3)
VAIO Update (Version: 5.4.1.04200)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Wajam (Version: 1.42)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zoosk Messenger (Version: 4.128.3)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 2037.69 MB
Available physical RAM: 1242.39 MB
Total Pagefile: 4312.63 MB
Available Pagefile: 3703.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:225.87 GB) (Free:19.42 GB) NTFS

========================= Users: ========================================

User accounts for \\ROB-PC

Administrator Guest Rob


**** End of log ****

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 08 June 2012 - 01:40 PM

Have you disabled or removed ALL toolbars?

For the connection try....

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 devildriver32

devildriver32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 09 June 2012 - 03:14 PM

ok, ran the TDDS file, but couldnt print log, found 44 threats and deleted , mostly forged antimalware files, sorry i cant give you anymore detail, will run the other programs now and get back to you.

#10 devildriver32

devildriver32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 09 June 2012 - 03:50 PM

hi log from Super Anti Spyware.....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2012 at 09:29 PM

Application Version : 5.0.1150

Core Rules Database Version : 8710
Trace Rules Database Version: 6522

Scan type : Quick Scan
Total Scan Time : 00:11:08

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 388
Memory threats detected : 0
Registry items scanned : 28395
Registry threats detected : 2
File items scanned : 12570
File threats detected : 48

PUP.MyWebSearch/FunWebProducts
HKU\S-1-5-21-828864712-2766350880-3707631527-1000\SOFTWARE\FunWebProducts
HKU\S-1-5-21-828864712-2766350880-3707631527-1000\SOFTWARE\MyWebSearch

Adware.Tracking Cookie
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\0Y4HPRUX.txt [ /virginmedia.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\QJ2Y93LA.txt [ /casalemedia.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\Q5UH7NSL.txt [ /apmebf.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\D7NTW9JG.txt [ /at.atwola.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\FN4MJKFI.txt [ /ad.360yield.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\27IPSH0T.txt [ /advertising.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\ZU5V6BAJ.txt [ /doubleclick.net ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\WVHJTJ1K.txt [ /adbrite.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\CO66CL6H.txt [ /2o7.net ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\90XYT1H6.txt [ /ru4.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\RPKOTL2X.txt [ /atdmt.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\TX2U6BPG.txt [ /media6degrees.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\JO26RX8T.txt [ /invitemedia.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\CQ72M32V.txt [ /ad.yieldmanager.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\4WSXRWVQ.txt [ /ads.pubmatic.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\JC3UHSVE.txt [ /mediaplex.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\9JULJT9Q.txt [ /serving-sys.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\9P61NKFP.txt [ /theadulthub.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\ITFEFX0N.txt [ /bs.serving-sys.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\BI8S4NRW.txt [ /h.atdmt.com ]
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\J30R7N0H.txt [ /revsci.net ]
C:\USERS\DEFAULT\AppData\Roaming\Microsoft\Windows\Cookies\rob-pc$@clkads[1].txt [ Cookie:rob-pc$@clkads.com/adServe/ ]
C:\USERS\DEFAULT\Cookies\rob-pc$@clkads[1].txt [ Cookie:rob-pc$@clkads.com/adServe/ ]
C:\USERS\ROB\Cookies\QJ2Y93LA.txt [ Cookie:rob@casalemedia.com/ ]
C:\USERS\ROB\Cookies\27IPSH0T.txt [ Cookie:rob@advertising.com/ ]
C:\USERS\ROB\Cookies\ZU5V6BAJ.txt [ Cookie:rob@doubleclick.net/ ]
C:\USERS\ROB\Cookies\WVHJTJ1K.txt [ Cookie:rob@adbrite.com/ ]
C:\USERS\ROB\Cookies\CO66CL6H.txt [ Cookie:rob@2o7.net/ ]
C:\USERS\ROB\Cookies\90XYT1H6.txt [ Cookie:rob@ru4.com/ ]
C:\USERS\ROB\Cookies\RPKOTL2X.txt [ Cookie:rob@atdmt.com/ ]
C:\USERS\ROB\Cookies\JO26RX8T.txt [ Cookie:rob@invitemedia.com/ ]
C:\USERS\ROB\Cookies\CQ72M32V.txt [ Cookie:rob@ad.yieldmanager.com/ ]
C:\USERS\ROB\Cookies\JC3UHSVE.txt [ Cookie:rob@mediaplex.com/ ]
C:\USERS\ROB\Cookies\9JULJT9Q.txt [ Cookie:rob@serving-sys.com/ ]
C:\USERS\ROB\Cookies\ITFEFX0N.txt [ Cookie:rob@bs.serving-sys.com/ ]
C:\USERS\ROB\Cookies\J30R7N0H.txt [ Cookie:rob@revsci.net/ ]
.divx.112.2o7.net [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.finalmediaplayer.com [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.finalmediaplayer.com [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.finalmediaplayer.com [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAM FILES\CASINOONNET\BIN\CASINO.EXE
C:\USERS\ROB\DESKTOP\888CASINO.LNK
C:\PROGRAM FILES\CASINO-ON-NET\BIN\CASINO.EXE
C:\USERS\ROB\DESKTOP\CASINO-ON-NET.LNK
C:\Windows\Prefetch\CASINO.EXE-2A811E4D.pf

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:26 PM

Posted 09 June 2012 - 07:05 PM

Hi, OK did you reboot the PC after the TDSS scan?

If you are connected now..
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users