Hijack scan log

[clpoptart]

I've been wrestling with this malware for about a week now. I've tried everything I can think of, even dban could not get rid of this. Advanced system care just keeps picking it up again. Iobit Security 360 wont get rid of it.

 

Anywho, here's the log:

 

Normal mode

 

Logfile of IObit HijackScan v0.2.0.0

Scan saved at 16:55:50, on 2011-1-11

 

Running processes:

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

Ä?

C:\Users\Chris\Desktop\IObit Security 360\a_hijackscan.exe

 

O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O23 - Service: DCOM Server Process Launcher - Unknown -

O23 - Service: Diagnostic Policy Service - Unknown -

O23 - Service: Group Policy Client - Unknown -

O23 - Service: Windows CardSpace - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: Net.Tcp Port Sharing Service - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) - Unknown -

O23 - Service: Security Accounts Manager - Unknown -

O23 - Service: Secondary Logon - Unknown - %windir%\system32\svchost.exe

O23 - Service: Distributed Link Tracking Client - Unknown -

O23 - Service: Windows Modules Installer - Unknown -

O23 - Service: Block Level Backup Engine Service - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host - Unknown -

O23 - Service: Diagnostic System Host - Unknown -

 

Safe mode

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 16:51:49, on 2011-1-11

 

Running processes:

C:\Users\Chris\Desktop\Advanced SystemCare 3\AWC.exe

C:\Users\Chris\Desktop\Advanced SystemCare 3\AWC.exe

C:\Program Files\Spybot

C:\Users\Chris\Desktop\Advanced SystemCare 3\Sus_SystemFileScan.exe

C:\Users\Chris\Desktop\Advanced SystemCare 3\Sus_SystemFileScan.exe

C:\Users\Chris\Desktop\Advanced SystemCare 3\Sus_SystemFileScan.exe

C:\Users\Chris\Desktop\IObit Security 360\a_hijackscan.exe

 

O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown -

 

 

Thanks in advance :-)

[clpoptart]

sorry, didnt notice the sticky.

Also, This malware is stopping me from updating is360 and stopping me from saving logs from it.

 

Hijack Log

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 18:37:14, on 2011-1-11

 

Running processes:

C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

C:\Users\Chris\Desktop\IObit Security 360\is360tray.exe

C:\Users\Chris\Desktop\IObit Security 360\is360tray.exe

C:\Users\Chris\Desktop\IObit Security 360\is360tray.exe

C:\Users\Chris\Desktop\IObit Security 360\is360tray.exe

D:\IObit Security 360\is360.exe

D:\IObit Security 360\is360.exe

D:\IObit Security 360\is360.exe

D:\IObit Security 360\is360.exe

D:\IObit Security 360\a_hijackscan.exe

 

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "D:\IObit Security 360\IS360tray.exe" /autostart

O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

 

 

DDS Log

 

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Chris at 18:38:43.11 on Tue 01/11/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1363 [GMT -8:00]

 

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\Chris\Desktop\IObit Security 360\is360tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

D:\IObit Security 360\is360.exe

D:\IObit Security 360\a_hijackscan.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Chris\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

mWinlogon: Userinit=userinit.exe

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

mRun: [iObit Security 360] "D:\IObit Security 360\IS360tray.exe" /autostart

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

 

============= SERVICES / DRIVERS ===============

 

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 IS360service;IS360service;C:\Users\Chris\Desktop\IObit Security 360\is360srv.exe [2011-1-11 312152]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

 

=============== Created Last 30 ================

 

2011-01-12 01:16:25 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5CED0505-F47B-4AF9-8850-140387424DF6}\mpengine.dll

2011-01-12 01:16:25 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-12 00:51:29 -------- d-----w- C:\PROGRA~3\IObit

2011-01-12 00:31:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\IObit

2011-01-12 00:28:41 -------- d-----w- C:\Program Files\Spybot - Search & Destroy

2011-01-12 00:28:41 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-01-11 23:55:19 -------- d-----w- C:\Windows\Panther

2011-01-11 23:55:05 -------- d-sh--w- C:\Boot

2011-01-11 23:36:43 -------- d-----w- C:\Windows.old

2011-01-11 22:38:23 -------- d-sh--w- C:\Recovery

 

==================== Find3M ====================

 

 

============= FINISH: 18:39:17.57 ===============

Attach.zip

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

********************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[clpoptart]

Thank you very much for replying!

 

 

 

Super Anti Spyware Log

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/16/1997 at 11:42 AM

 

Application Version : 4.48.1000

 

Core Rules Database Version : 6208

Trace Rules Database Version: 4020

 

Scan type : Complete Scan

Total Scan Time : 00:15:13

 

Memory items scanned : 514

Memory threats detected : 0

Registry items scanned : 6200

Registry threats detected : 0

File items scanned : 47697

File threats detected : 3

 

Adware.Tracking Cookie

C:\Users\Doux\AppData\Roaming\Microsoft\Windows\Cookies\doux@invitemedia[1].txt

C:\Users\Doux\AppData\Roaming\Microsoft\Windows\Cookies\doux@collective-media[2].txt

C:\Users\Doux\AppData\Roaming\Microsoft\Windows\Cookies\doux@ad.yieldmanager[2].txt

 

 

 

 

 

 

 

 

MBAM LOG

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5524

 

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

 

12/16/1997 10:44:04 AM

mbam-log-1997-12-16 (10-44-04).txt

 

Scan type: Quick scan

Objects scanned: 125163

Time elapsed: 1 minute(s), 10 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

 

 

 

Checkup

 

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

[Superdave]

Looking over your log it seems you don't have any antivirus software.

 

Before we continue download and install a free antivirus.

 

Remember to only install one antivirus!

 

1) Avast! Home Edition

2) AVG Free Edition

3) Avira AntiVir Personal

4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download

4-a) Microsoft Security Essentials for Windows XP

5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

6) PC Tools AntiVirus Free Edition

 

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

*******************************************

Download OTL to your desktop.

 

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

* When the window appears, underneath Output at the top change it to Minimal Output.

* Check the boxes beside LOP Check and Purity Check.

* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

 

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

 

Please copy and pate the contents of these files, one at a time, into your next reply.

 

Note: You may need two or more posts to fit them all in.

[clpoptart]

Extras

OTL Extras logfile created on: 12/16/1997 5:09:09 PM - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Doux\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148.95 Gb Total Space | 140.08 Gb Free Space | 94.05% Space Free | Partition Type: NTFS

 

Computer Name: DOUX-PC | User Name: Doux | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"IObit Security 360_is1" = IObit Security 360

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/16/1997 4:30:53 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:30:53 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:30:53 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:30:53 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:30:53 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:32:34 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:32:34 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:32:34 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:32:34 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 12/16/1997 4:32:34 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

[ System Events ]

Error - 12/16/1997 2:51:18 PM | Computer Name = Doux-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

 

Error - 12/16/1997 2:52:26 PM | Computer Name = Doux-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 12/16/1997 2:52:33 PM | Computer Name = Doux-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

 

Error - 12/16/1997 2:52:47 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred. Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry

contains further information.

 

Error - 12/16/1997 2:52:47 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred. Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry

contains further information.

 

Error - 12/16/1997 2:52:47 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred. Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry

contains further information.

 

Error - 12/16/1997 2:52:47 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred. Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry

contains further information.

 

Error - 12/16/1997 2:52:47 PM | Computer Name = Doux-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred. Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry

contains further information.

 

Error - 12/16/1997 9:07:44 PM | Computer Name = Doux-PC | Source = DCOM | ID = 10010

Description =

 

Error - 12/16/1997 9:07:45 PM | Computer Name = Doux-PC | Source = i8042prt | ID = 327720

Description = An error occurred while trying to acquire the device ID of the mouse

 

 

< End of report >

[clpoptart]

It was too big to copy.

OTL.zip

[Superdave]

I still see no evidence that you have installed an anti-virus program from the list I have given you. I can not help you any longer if you don't install one. After you have installed one, please run the Security Check again and post the log.

[clpoptart]

checkup

 

Results of screen317's Security Check version 0.99.8

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2011

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

[Superdave]

Ok. Let's try this one.

 

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[clpoptart]

Rooter crashes after I click the scan button, even in safe mode.

 

Here is an avg log from safe mode though...

 

Avgrep.txt

AVG 2011 Anti-Virus command line scanner

Copyright © 1992 - 2010 AVG Technologies

Program version 10.0.1191, engine 10.0.1435

Virus Database: Version 1435/3384 2011-01-16

 

C:\Documents and Settings\ Locked file. Not tested.

C:\hiberfil.sys Locked file. Not tested.

C:\pagefile.sys Locked file. Not tested.

C:\ProgramData\Desktop\ Locked file. Not tested.

C:\ProgramData\Documents\ Locked file. Not tested.

C:\ProgramData\Favorites\ Locked file. Not tested.

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\013c0091c68ceed91508442b90ce0da6_ced7404e-e342-4ff4-910f-b5b78a82aba0 Locked file. Not tested.

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2416be98de0d2ccddd49ca0c0f6979c3_ced7404e-e342-4ff4-910f-b5b78a82aba0 Locked file. Not tested.

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cec5257c5deb7ecef778c92ed548b7c_ced7404e-e342-4ff4-910f-b5b78a82aba0 Locked file. Not tested.

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ee50273719d14451fc9a3b4ed990712_ced7404e-e342-4ff4-910f-b5b78a82aba0 Locked file. Not tested.

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92917bca04be24368d42b98f1628c79b_ced7404e-e342-4ff4-910f-b5b78a82aba0 Locked file. Not tested.

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a24bdc09ee8f8ff0146bb2f21ac987eb_ced7404e-e342-4ff4-910f-b5b78a82aba0 Locked file. Not tested.

C:\ProgramData\Templates\ Locked file. Not tested.

C:\System Volume Information\ Locked file. Not tested.

C:\Users\Default\AppData\Local\History\ Locked file. Not tested.

C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.

C:\Users\Default\Cookies\ Locked file. Not tested.

C:\Users\Default\Documents\My Music\ Locked file. Not tested.

C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.

C:\Users\Default\Documents\My Videos\ Locked file. Not tested.

C:\Users\Default\NetHood\ Locked file. Not tested.

C:\Users\Default\PrintHood\ Locked file. Not tested.

C:\Users\Default\Recent\ Locked file. Not tested.

C:\Users\Default\Templates\ Locked file. Not tested.

C:\Users\Doux\AppData\Local\History\ Locked file. Not tested.

C:\Users\Doux\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.

C:\Users\Doux\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.

C:\Users\Doux\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.

C:\Users\Doux\Documents\My Music\ Locked file. Not tested.

C:\Users\Doux\Documents\My Pictures\ Locked file. Not tested.

C:\Users\Doux\Documents\My Videos\ Locked file. Not tested.

C:\Users\Doux\NetHood\ Locked file. Not tested.

C:\Users\Doux\NTUSER.DAT Locked file. Not tested.

C:\Users\Doux\ntuser.dat.LOG1 Locked file. Not tested.

C:\Users\Doux\ntuser.dat.LOG2 Locked file. Not tested.

C:\Users\Doux\PrintHood\ Locked file. Not tested.

C:\Users\Doux\Templates\ Locked file. Not tested.

C:\Users\Public\Documents\My Music\ Locked file. Not tested.

C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.

C:\Users\Public\Documents\My Videos\ Locked file. Not tested.

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.

C:\Windows\System32\catroot2\edb.log Locked file. Not tested.

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.

C:\Windows\System32\config\DEFAULT Locked file. Not tested.

C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.

C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.

C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.

C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.

C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.

C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.

C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.

C:\Windows\System32\config\SAM Locked file. Not tested.

C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.

C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.

C:\Windows\System32\config\SECURITY Locked file. Not tested.

C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.

C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.

C:\Windows\System32\config\SOFTWARE Locked file. Not tested.

C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.

C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.

C:\Windows\System32\config\SYSTEM Locked file. Not tested.

C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.

C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.

C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

 

------------------------------------------------------------

Objects scanned : 549904

Found infections : 0

Found PUPs : 0

Healed infections : 0

Healed PUPs : 0

Warnings : 0

------------------------------------------------------------

[Superdave]

Ok. Let's try this one.

 

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

 

You will need to enter your name, e-mail address and location in order to access the download page.

 

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
   
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    

  [*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

  [*]To clean up these entries click on the Clean up checked items button

  [*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

  [*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

  [*]When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

[clpoptart]

When I went to the website to download sophos AVG said the site had a security certificate error.

The directory for sophos was in the program files instead of C/SOPHTEMP

The checkbox to click running processes is grayed out, even in safe mode, I tried to run it as administrator as well. no dice :???:

[clpoptart]

I also tried to manually create a C/Sophtemp directory manually, that did not work either.

[clpoptart]

I got it to work by redownloading in safe mode, here are the errors that came up.

 

As soon as I started the scan it said:

 

Error: Failed to read raw process list by any method. Process scan may not be supported on this version of windows.

 

Warnings

 

Warning: Failed to read the complete raw process list. Process scan may not be supported on this version of Windows.

 

Invalid access to memory location.

 

 

Warning: Failed to read kernel process handle list. Process scan may not be supported on this version of Windows.

 

 

Error: Failed to read raw process list by any method. Process scan may not be supported on this version of Windows.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SAM\SAM. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SECURITY. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}\Properties. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}\Properties. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}\Properties. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Audit\PerUserAuditing\System. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PolicyAgent\Parameters\Cache. You may not have access rights to the whole registry.

 

Access is denied.

[clpoptart]

I restarted, it removed one file, heres a fresh hijack this:

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 15:45:32, on 1997-12-17

 

Running processes:

C:\Windows\System32\smss.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\Doux\Desktop\ASC\Advanced SystemCare 3\AWC.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\system32\conhost.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Users\Doux\Desktop\SAS\SUPERAntiSpyware.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sUPERAntiSpyware] C:\Users\Doux\Desktop\SAS\SUPERAntiSpyware.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O23 - Service: AVGIDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

[Superdave]

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log