Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

can not access internet due to virus or malware

Started by forest5678 , Apr 14 2011 06:29 PM

  • This topic is locked This topic is locked
144 replies to this topic

#121 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 28 June 2011 - 09:46 AM

Hi forest5678,

Let's see if this will resolve it.

On the clean machine

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"ServicePackSourcePath"="C:\WINDOWS\ServicePackFiles"

  • Ensure there is no space above the REGEDIT4.
  • ensure the text matches including the space between lines
  • in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to DESKTOP
  • in the FILE NAME box type (including the " " marks), "sps.reg"
Click save.

This will create a fix.reg file on your desktop Posted Image

Transfer this file to the infected computer's desktop.

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Try SFC now.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove

#122 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 28 June 2011 - 01:12 PM

I get the same error message, and am asked to put the disk in and then it says it is the wrong disk. It will run if I skip the file. Thanks!!!!!

#123 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 28 June 2011 - 04:38 PM

Hi forest4567,

Let's see if that last reg fix worked.

Copy and paste the following bold text into a notepad, transfer the notepad to the infected computer. Then copy and paste the text into SystemLook. Don't miss the : at the beginning.


:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

Please post the results.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#124 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 28 June 2011 - 04:56 PM

SystemLook 04.09.10 by jpshortstuff Log created at 17:55 on 28/06/2011 by DJ Dash Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] "DriverCachePath"="%SystemRoot%\Driver Cache" "BootDir"="C:\" "PrivateHash"=46 f9 22 56 c2 97 d1 44 27 2d e6 ad 22 fd 39 8f (REG_BINARY) "Installation Sources"="E: E:\ C:\DOCUMENTS AND SETTINGS\DJ DASH\MY DOCUMENTS\DOWNLOADS\MONITOR_ACER_1.0_VISTAX86_H233H\MONITOR_ACER_1.0_VISTAX86_H233H F:\I386 C:\DOCUMENTS AND SETTINGS\DJ DASH\DESKTOP O:\SVR_2003\I386 C:\DOCUMENTS AND SETTINGS\DJ DASH\MY DOCUMENTS\SNIFFER\NDISXP C:\VIEWSONIC E:\DRIVERS\DOT4\WIN2000" "SourcePath"="C:\" "ServicePackSourcePath"="E:\" "CDInstall"= 0x0000000001 (1) "LogLevel"= 0x0000000101 (257) "ServicePackCachePath"="c:\windows\ServicePackFiles\ServicePackCache" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures] -= EOF =- thanks!!!!!!!

#125 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 28 June 2011 - 08:33 PM

Hi forest5678,

The regfix didn't work. Let's try it this way as this method seemed to have worked.

On the working computer:

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad.
Do Not copy the word CODE

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" /v ServicePackSourcePath /d C:\WINDOWS\ServicePackFiles /f

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "fix.bat"
  • Click save

You will have a new file on your desktop called fix.bat with an icon that looks like this

Transfer this file to the infected computer's desktop.

Double click the file to run it. You may see a black window while the files are being copied.

Next run SystemLook. Use this part of the script you ran before

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

Once the log is produced have a look at the entry shown in red. The log should also show the blue text exactly as shown below. If does then try SFC again.

If it doesn't please post the SystemLook log.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"DriverCachePath"="%SystemRoot%\Driver Cache"
"BootDir"="C:\"
"PrivateHash"=46 f9 22 56 c2 97 d1 44 27 2d e6 ad 22 fd 39 8f (REG_BINARY)
"Installation Sources"="E: E:\ C:\DOCUMENTS AND SETTINGS\DJ DASH\MY DOCUMENTS\DOWNLOADS\MONITOR_ACER_1.0_VISTAX86_H233H\MONITOR_ACER_1.0_VISTAX86_H233H F:\I386 C:\DOCUMENTS AND SETTINGS\DJ DASH\DESKTOP O:\SVR_2003\I386 C:\DOCUMENTS AND SETTINGS\DJ DASH\MY DOCUMENTS\SNIFFER\NDISXP C:\VIEWSONIC E:\DRIVERS\DOT4\WIN2000"
"SourcePath"="C:\"
"ServicePackSourcePath"="C:\WINDOWS\ServicePackFiles"
"CDInstall"= 0x0000000001 (1)
"LogLevel"= 0x0000000101 (257)
"ServicePackCachePath"="c:\windows\ServicePackFiles\ServicePackCache"


Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#126 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 30 June 2011 - 03:58 AM

ok I did all that and received this error while running SFC: Files that are required for windows to run properly must be copied to the DLL cache. Thanks!!!!

#127 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 30 June 2011 - 09:30 AM

Hi forest5678, What brand of computer is this? What happens when you skip this error? Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#128 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 30 June 2011 - 09:32 AM

It is a computer that my friend built and when I skip the error each time it normally just finishes. Thanks!!!

#129 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 30 June 2011 - 09:47 AM

Hi forest5678, Ok, just checking. Some computer such as eMachines are known to have that problem as they install some of their own files which Windows can't find. It those cases it's not a problem. Have you tried connecting since SFC did manage to finish? Run DDS again and post just the Attach log. Might be some information in the Event log section that may point to the files. Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#130 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 07 July 2011 - 12:34 AM

what is DDS? sorry i forgot... thks!!!

    Advertisements

Register to Remove

#131 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 07 July 2011 - 01:43 AM

Hi forest5678,

No problem. It's scan tool we used earlier. It should be on your desktop named DDS.scr. If it not there you can get another copy from
http://download.blee...om/sUBs/dds.scr

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#132 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 12 July 2011 - 02:12 PM

. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by DJ Dash at 14:34:04 on 2011-07-12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2324 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe C:\Program Files\Volumouse\volumouse.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Start Menu 7\StartMenu7.exe C:\Program Files\DisplayFusion\DisplayFusion.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe C:\Program Files\Bravura\Yahoo IMAP Connector\YahooImap.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.xfxsupportb.co.uk/nvidia_system_tools.zip uInternet Settings,ProxyOverride = *.local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: CGreenPrintPDF Object: {df96ba30-57f6-4700-8065-910ec3be9e3b} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg uRun: [TaskSwitchXP.exe] "c:\program files\taskswitchxp\TaskSwitchXP.exe" uRun: [StartMenu7] "c:\program files\start menu 7\StartMenu7.exe" uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe" uRun: [NetBalancer] c:\program files\netbalancer\SeriousBit.NetBalancer.Tray.exe uRun: [YahooImapConnector] "c:\program files\bravura\yahoo imap connector\YahooImap.exe" /runtray mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [MacDrive application] "c:\program files\mediafour\macdrive 7\MacDrive.exe" mRun: [Getting started with MacDrive] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\djdash~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) uPolicies-explorer: NoSecurityTab = 1 (0x1) IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {DF96BA30-57F6-4700-8065-910EC3BE9E3B} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {554099FE-3856-4d93-86B5-0024AEF63BC7} - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab DPF: {5002CD38-BBF1-4A43-A01E-52C663D13539} - hxxp://www.sloud.com/install/SLoudQBH.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243209793265 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {88650482-3892-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} - hxxp://h30155.www3.hp.com/ediags/hpna/66/install/gtdownhp.cab?1,0,0,94 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - c:\program files\mediaman\CoMProt.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~1\greatis\regrun~1\RRShell.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: keyword.URL - FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll FF - component: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\doudehou@gmail.com\components\statusbarEx.dll FF - component: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\refractor@developer.mozilla.org\components\prism.dll FF - component: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll FF - plugin: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: c:\documents and settings\dj dash\application data\mozilla\firefox\profiles\gbp2jw9f.dj dash\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\dj dash\application data\mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\dj dash\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\dj dash\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\realplayer10\netscape6\nppl3260.dll FF - plugin: c:\program files\realplayer10\netscape6\nprjplug.dll FF - plugin: c:\program files\realplayer10\netscape6\nprpjplug.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: CheckPlaces: checkplaces@andyhalford.com - %profile%\extensions\checkplaces@andyhalford.com FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang FF - Ext: Organize Search Engines: organize-search-engines@maltekraus.de - %profile%\extensions\organize-search-engines@maltekraus.de FF - Ext: Add-on Collector: sharing@addons.mozilla.org - %profile%\extensions\sharing@addons.mozilla.org FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} FF - Ext: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D} FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} FF - Ext: MozXP: {ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1} - %profile%\extensions\{ADA51547-FEF6-4b2c-8E96-EE45BDF53DE1} FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318} FF - Ext: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - %profile%\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66} FF - Ext: AvantGarde Nightlife: {3fb63340-652a-11dd-ad8b-0800200c9a66} - %profile%\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66} FF - Ext: AvantGarde Skylight: {d62e0de0-401b-11dd-ae16-0800200c9a66} - %profile%\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66} FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} FF - Ext: Vacuum Places Improved: VacuumPlacesImproved@lultimouomo-gmail.com - %profile%\extensions\VacuumPlacesImproved@lultimouomo-gmail.com FF - Ext: TooManyTabs: TooManyTabs@visibotech.com - %profile%\extensions\TooManyTabs@visibotech.com FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} FF - Ext: Extension List Dumper: extensionlistdumper@sogame.cat - %profile%\extensions\extensionlistdumper@sogame.cat FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - %profile%\extensions\{95f24680-9e31-11da-a746-0800200c9a66} FF - Ext: Greasefire: greasefire@skrul.com - %profile%\extensions\greasefire@skrul.com FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648} FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com FF - Ext: StatusbarEx: doudehou@gmail.com - %profile%\extensions\doudehou@gmail.com FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com FF - Ext: Automatic Save Folder: asf@mangaheart.org - %profile%\extensions\asf@mangaheart.org FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com FF - Ext: EmailOracle: {18aec871-6264-4b10-91cb-ee1fb68eda7c} - %profile%\extensions\{18aec871-6264-4b10-91cb-ee1fb68eda7c} FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa . ---- FIREFOX POLICIES ---- FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: ui.submenuDelay - 65000 FF - user.js: dom.disable_window_open_feature.scrollbars - true FF - user.js: dom.disable_window_open_feature.minimizable - true FF - user.js: dom.disable_window_open_feature.resizable - true FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.ssl - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-7-2 40464] R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-3-9 284416] R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2009-2-4 19456] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2011-2-8 22312] R1 Ndisprot;RawPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2007-1-17 22016] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-12-11 143248] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-12-11 41936] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-24 20072] R2 hzrDriver;Hazard Shield driver;c:\program files\hazard shield\hzrDriver.sys [2010-10-26 10496] R2 kqemu;kqemu driver;c:\windows\system32\drivers\kqemu.sys [2010-8-23 123939] R2 MacDriveService;MacDrive service;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2008-11-26 150528] R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2010-6-23 10752] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896] R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2010-6-23 28776] R3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys [2010-9-2 24192] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-12-1 100560] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-12-1 111504] S0 ntcdrdrv;ntcdrdrv; [x] S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-12 179144] S2 DeltaCopyService;DeltaCopy Server; [x] S2 ISWKL;ZoneAlarm ForceField ISWKL;\??\c:\program files\checkpoint\zaforcefield\iswkl.sys --> c:\program files\checkpoint\zaforcefield\ISWKL.sys [?] S2 IswSvc;ZoneAlarm ForceField IswSvc;"c:\program files\checkpoint\zaforcefield\iswsvc.exe" --> c:\program files\checkpoint\zaforcefield\IswSvc.exe [?] S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\lbeepke.sys --> c:\windows\system32\drivers\LBeepKE.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-20 1691480] S3 CEDRIVER55;CEDRIVER55;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?] S3 CtClsFlt;Creative Camera Class Upper Filter Driver; [x] S3 FRIdrv;FRIdrv;c:\windows\system32\drivers\FRIdrv.sys [2009-7-30 3968] S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1e5.tmp --> c:\windows\system32\1E5.tmp [?] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-2-25 18432] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-9-7 35816] S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2010-12-6 30272] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-28 36928] S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-10-17 20480] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-9-7 24416] S3 sbuschk;sbuschk;\??\c:\windows\system32\sbuschk.sys --> c:\windows\system32\sbuschk.sys [?] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-9-8 23096] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-11-13 23552] S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\dj dash\desktop\sysinternalssuite\realtemp_3.00\winring0.sys --> c:\documents and settings\dj dash\desktop\sysinternalssuite\realtemp_3.00\WinRing0.sys [?] S4 BootlogService;BootlogService;c:\program files\greatis\regrunsuite\BootLogService.exe [2010-9-7 65304] S4 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-2 53248] S4 GPClientService;GreenPrint Client Report Service;c:\program files\greenprint technologies\greenprint world\GPClientService.exe [2009-4-27 126976] S4 gupdate1c9e48af8e87b18;Google Update Service (gupdate1c9e48af8e87b18);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104] S4 Media Center 15 Service;Media Center 15 Service; [x] S4 MSSQL$NR2007;SQL Server (NR2007); [x] S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336] S4 Oracleftk2TNSListener;Oracleftk2TNSListener;c:\oracle\ftk2\bin\tnslsnr --> c:\oracle\ftk2\bin\TNSLSNR [?] S4 OracleJobSchedulerFTK2;OracleJobSchedulerFTK2;c:\oracle\ftk2\bin\extjob.exe ftk2 --> c:\oracle\ftk2\bin\extjob.exe FTK2 [?] S4 OracleServiceFTK2;OracleServiceFTK2;c:\oracle\ftk2\bin\oracle.exe ftk2 --> c:\oracle\ftk2\bin\ORACLE.EXE FTK2 [?] S4 PenCommService;Livescribe Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-7-28 444928] S4 Rsync;Rsync;c:\cygwin\bin\cygrunsrv.exe [2009-6-11 68096] S4 rsyncd;rsyncd;c:\cygwin\bin\cygrunsrv.exe [2009-6-11 68096] S4 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-2 338464] S4 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2009-6-11 68096] S4 STSService;STSService; [x] S4 Synergy Server;Synergy Server;c:\program files\synergy\synergys.exe [2006-4-2 733184] S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760] S4 WinAutomation Service;WinAutomation Service;c:\program files\winautomation\WinAutomation.ServiceAgent.exe [2010-7-9 147128] S4 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-12-7 55016] . =============== Created Last 30 ================ . 2011-06-30 04:26:14 -------- d-----w- c:\documents and settings\dj dash\local settings\application data\Remove_Empty_Directories 2011-06-30 04:26:12 -------- d-----w- c:\windows\system32\wbem\mof\good 2011-06-30 04:26:12 -------- d-----w- c:\windows\system32\wbem\mof\bad 2011-06-30 04:26:12 -------- d-----w- c:\windows\system32\wbem\mof 2011-06-29 19:17:05 -------- d-----w- c:\program files\Remove Empty Directories 2011-06-28 04:15:58 -------- d-----w- C:\i386 2011-06-24 10:42:23 -------- d-----w- C:\e43c8e1874bc0e3107d5fa07b3 2011-06-24 10:23:55 -------- d-----w- c:\program files\AutoStreamer . ==================== Find3M ==================== . 2009-11-03 09:05:16 4987136 ----a-w- c:\program files\common files\lpuninstall.exe 2009-06-09 09:06:36 1589760 -c--a-w- c:\program files\Abander_TagControl.exe . ============= FINISH: 14:35:31.25 =============== thanks!

Attached Files


#133 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 12 July 2011 - 05:37 PM

Hi forest5678, When you ran DDS did you happen to have Internet Explorer open? Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#134 forest5678

forest5678

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 12 July 2011 - 08:28 PM

no I did not......thanks!!!

#135 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 12 July 2011 - 08:41 PM

Hi

I could see that it was running in the DDS log. Might be nothing but lt's have a look.

Download aswMBR.exe ( 511KB ) to whatever you have been using to ransfer things between the computers. Transfer it to the infected computer's desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·