Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possibly infected need help


  • This topic is locked This topic is locked
4 replies to this topic

#1 dgladstone

dgladstone

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 August 2014 - 07:55 PM

wanting to remove all malware and unwanted stuff in windows 7 64bit professional needs a good clean  thanks

heres dds log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by user at 12:50:52 on 2014-08-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.64.1033.18.3958.1944 [GMT 12:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\system32\taskhost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC} : NameServer = 122.56.237.1,210.55.111.1
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC}\05340234C696E69636 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC}\44C494E4B4 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC}\44C494E4B4 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC}\4656661657C647 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{ADFAF186-76DA-4463-A9C4-CD70D212CAFC}\E4544574541425 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E7595FEC-D36B-44AC-8579-E3562258F748} : NameServer = 122.56.237.1,210.55.111.1
TCP: Interfaces\{E7595FEC-D36B-44AC-8579-E3562258F748} : DHCPNameServer = 10.1.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6oakchf5.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6oakchf5.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-2 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-2 224896]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2013-2-24 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-11-7 427360]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-4-22 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-2-24 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2013-12-18 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-28 50344]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2011-12-10 279616]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-8-11 56344]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-2-26 22600]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-8-10 35008]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-4-26 1225832]
S0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-8-11 482384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --> C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe --> C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [?]
S3 EasyAntiCheat;EasyAntiCheat;C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2013-12-30 89944]
S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-27 151936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-8-11 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-8-11 291328]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-6 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-8-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-8-11 202752]
S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-29 251760]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-6 137560]
.
=============== Created Last 30 ================
.
2014-08-26 23:47:35    122584    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-26 23:47:25    91352    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-08-26 23:47:25    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-08-26 23:47:25    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-08-26 23:47:25    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-23 17:03:41    2620928    ----a-w-    C:\windows\System32\wucltux.dll
2014-08-23 17:02:03    33792    ----a-w-    C:\windows\SysWow64\wuapp.exe
2014-08-23 17:02:03    198600    ----a-w-    C:\windows\System32\wuwebv.dll
2014-08-23 17:02:03    179656    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2014-08-23 17:02:02    36864    ----a-w-    C:\windows\System32\wuapp.exe
2014-08-09 08:00:47    --------    d-----w-    C:\windows\ShellNew
2014-08-09 01:17:21    --------    d-----w-    C:\Users\user\AppData\Local\AOL
2014-08-08 22:02:10    --------    d-----w-    C:\ProgramData\A3C7
2014-07-31 01:17:21    --------    d-----w-    C:\Users\user\dwhelper
2014-07-31 01:11:53    0    ----a-w-    C:\windows\SysWow64\FAPAFD1.tmp
2014-07-31 01:11:50    0    ----a-w-    C:\windows\SysWow64\FAPA775.tmp
2014-07-31 01:11:46    0    ----a-w-    C:\windows\SysWow64\FAP9652.tmp
2014-07-31 01:11:44    0    ----a-w-    C:\windows\SysWow64\FAP9037.tmp
2014-07-31 01:11:42    0    ----a-w-    C:\windows\SysWow64\FAP873F.tmp
2014-07-31 01:11:40    0    ----a-w-    C:\windows\SysWow64\FAP7D5D.tmp
2014-07-31 01:10:36    0    ----a-w-    C:\windows\SysWow64\FAP8630.tmp
2014-07-31 01:10:34    0    ----a-w-    C:\windows\SysWow64\FAP7B92.tmp
2014-07-31 01:10:21    0    ----a-w-    C:\windows\SysWow64\FAP4B4C.tmp
2014-07-31 01:10:18    0    ----a-w-    C:\windows\SysWow64\FAP3E8C.tmp
2014-07-31 01:10:09    0    ----a-w-    C:\windows\SysWow64\FAP197D.tmp
2014-07-31 01:10:04    0    ----a-w-    C:\windows\SysWow64\FAP6A5.tmp
2014-07-31 01:10:01    0    ----a-w-    C:\windows\SysWow64\FAPFAC0.tmp
2014-07-31 01:09:59    0    ----a-w-    C:\windows\SysWow64\FAPF541.tmp
2014-07-31 01:09:56    0    ----a-w-    C:\windows\SysWow64\FAPE8B1.tmp
2014-07-31 01:09:51    0    ----a-w-    C:\windows\SysWow64\FAPD618.tmp
2014-07-31 01:09:39    0    ----a-w-    C:\windows\SysWow64\FAPA6EA.tmp
2014-07-31 01:09:37    0    ----a-w-    C:\windows\SysWow64\FAP9F39.tmp
2014-07-31 01:09:32    0    ----a-w-    C:\windows\SysWow64\FAP8C24.tmp
2014-07-31 01:09:27    0    ----a-w-    C:\windows\SysWow64\FAP7611.tmp
2014-07-31 01:09:07    0    ----a-w-    C:\windows\SysWow64\FAP282D.tmp
2014-07-31 01:09:02    0    ----a-w-    C:\windows\SysWow64\FAP1556.tmp
2014-07-31 01:09:01    0    ----a-w-    C:\windows\SysWow64\FAP11DA.tmp
2014-07-31 01:08:54    0    ----a-w-    C:\windows\SysWow64\FAPF6C8.tmp
2014-07-31 01:08:53    0    ----a-w-    C:\windows\SysWow64\FAPF39A.tmp
2014-07-31 01:08:44    0    ----a-w-    C:\windows\SysWow64\FAPCD71.tmp
2014-07-31 01:07:05    0    ----a-w-    C:\windows\SysWow64\FAP4C3E.tmp
2014-07-31 01:07:05    0    ----a-w-    C:\windows\SysWow64\FAP4B70.tmp
2014-07-31 01:07:03    0    ----a-w-    C:\windows\SysWow64\FAP464F.tmp
2014-07-31 01:07:03    0    ----a-w-    C:\windows\SysWow64\FAP438E.tmp
2014-07-31 01:07:02    0    ----a-w-    C:\windows\SysWow64\FAP4198.tmp
2014-07-31 01:07:01    0    ----a-w-    C:\windows\SysWow64\FAP3AE1.tmp
2014-07-31 01:07:00    0    ----a-w-    C:\windows\SysWow64\FAP38AC.tmp
2014-07-31 01:07:00    0    ----a-w-    C:\windows\SysWow64\FAP37DE.tmp
2014-07-31 01:05:55    0    ----a-w-    C:\windows\SysWow64\FAP3BE3.tmp
2014-07-31 01:05:41    0    ----a-w-    C:\windows\SysWow64\FAP585.tmp
2014-07-31 01:05:41    0    ----a-w-    C:\windows\SysWow64\FAP4F5.tmp
2014-07-31 01:05:38    0    ----a-w-    C:\windows\SysWow64\FAPF845.tmp
2014-07-31 01:05:38    0    ----a-w-    C:\windows\SysWow64\FAPF7A6.tmp
2014-07-31 01:05:37    0    ----a-w-    C:\windows\SysWow64\FAPF350.tmp
2014-07-31 01:05:25    0    ----a-w-    C:\windows\SysWow64\FAPC6F0.tmp
2014-07-31 01:05:01    0    ----a-w-    C:\windows\SysWow64\FAP679E.tmp
2014-07-31 01:03:46    0    ----a-w-    C:\windows\SysWow64\FAP40BB.tmp
2014-07-31 01:03:45    0    ----a-w-    C:\windows\SysWow64\FAP3D6E.tmp
2014-07-31 01:03:43    0    ----a-w-    C:\windows\SysWow64\FAP35DC.tmp
2014-07-31 00:52:58    --------    d-----w-    C:\Users\user\AppData\Local\Skype
.
==================== Find3M  ====================
.
2014-08-23 17:47:34    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-23 17:47:34    699568    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-31 01:04:30    0    ----a-w-    C:\windows\SysWow64\FAPEFCD.tmp
2014-06-28 05:56:36    92008    ----a-w-    C:\windows\System32\drivers\aswstm.sys
2014-06-28 05:56:36    224896    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2014-06-28 05:56:36    1041168    ----a-w-    C:\windows\System32\drivers\aswsnx.sys
2014-06-28 05:56:35    93568    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2014-06-28 05:56:35    79184    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2014-06-28 05:56:35    65776    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2014-06-28 05:56:35    29208    ----a-w-    C:\windows\System32\drivers\aswHwid.sys
2014-06-28 05:56:34    43152    ----a-w-    C:\windows\avastSS.scr
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
.
============= FINISH: 12:51:52.48 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 dgladstone

dgladstone
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 August 2014 - 08:25 PM

just looking to remove all badware etc off computer thx



#3 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:04 PM

Posted 28 August 2014 - 03:10 AM

:welcome:

Hello dgladstone,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:04 PM

Posted 31 August 2014 - 01:06 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:04 PM

Posted 03 September 2014 - 12:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users