Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

New (used computer), infected [Closed]


  • This topic is locked This topic is locked
44 replies to this topic

#16 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 13 December 2014 - 10:21 PM

ISP is Mediacom Cable. 


    Advertisements

Register to Remove


#17 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 13 December 2014 - 10:33 PM

Okay, thank you. 
 
Please do the following. 
Let me know how the computer is performing afterwards. 
 
STEP 1
mlEX1wH.png RogueKiller Fix

  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png
  • Upon completion, do the following:
     
  • Click 5UKuIKl.png and place a checkmark next to the following items. Ensure any other items are unchecked.
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
    • [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
  • Click QEIRkTE.png.
     
  • Click phPvmc6.png.
  • Copy the contents of the log and paste in your next reply.
     

STEP 2
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • RKreport.txt
  • Emsisoft log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#18 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 13 December 2014 - 11:14 PM

There is more to these registry entries than RogueKiller is showing in the program where i can click the ticker boxes.  Nowhere does it say [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found.  Should I continue and click those, anyway? This is very confusing because the registry keys are so long, I am having to scroll back and forth and back and forth, trying to discern which is which.  i sure don't want to delete the wrong ones!



#19 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 13 December 2014 - 11:18 PM

Hi Kittie, 
 
Look for the lines that have the following numbers: 97.64.183.164        97.64.209.37
Ensure these lines have a checkmark next to them. 
 
The other lines should not have a checkmark.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#20 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 13 December 2014 - 11:20 PM

OK!



#21 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 14 December 2014 - 01:15 AM

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice 
 
Software
Website : 
 
 
Operating System : Windows 7 (6.1.7601 Service Pack 
 
1) 64 bits version
Started in : Normal mode
User : Chris Blaze [Administrator]
Mode : Delete -- Date : 12/13/2014  23:24:26
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 23 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software
 
\Microsoft\Internet Explorer\Main | Start Page : 
 
 
prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software
 
\Microsoft\Internet Explorer\Main | Start Page : 
 
 
prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software
 
\Microsoft\Internet Explorer\Main | Start Page : 
 
 
prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software
 
\Microsoft\Internet Explorer\Main | Start Page : 
 
 
prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT
 
\Software\Microsoft\Internet Explorer\Main | Search 
 
 
prd=ie&ar=iesearch  -> Replaced 
 
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT
 
\Software\Microsoft\Internet Explorer\Main | Search 
 
 
prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-
 
1437231282-1839955917-1510631889-1000\Software
 
\Microsoft\Internet Explorer\Main | Search Page : 
 
 
prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-
 
1437231282-1839955917-1510631889-1000\Software
 
\Microsoft\Internet Explorer\Main | Search Page : 
 
 
prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-
 
18\Software\Microsoft\Internet Explorer\Main | 
 
Search Page : 
 
 
prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-
 
18\Software\Microsoft\Internet Explorer\Main | 
 
Search Page : 
 
 
prd=ie&ar=iesearch  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\CurrentControlSet\Services\Tcpip\Parameters | 
 
DhcpNameServer : 97.64.183.164 97.64.209.37 
 
[(Unknown Country?) (XX)][(Unknown Country?) (XX)]  
 
-> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\ControlSet001\Services\Tcpip\Parameters | 
 
DhcpNameServer : 97.64.183.164 97.64.209.37 
 
[(Unknown Country?) (XX)][(Unknown Country?) (XX)]  
 
-> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\ControlSet002\Services\Tcpip\Parameters | 
 
DhcpNameServer : 97.64.183.164 97.64.209.37 
 
[(Unknown Country?) (XX)][(Unknown Country?) (XX)]  
 
-> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\CurrentControlSet\Services\Tcpip\Parameters
 
\Interfaces\{3FA550CF-FFED-4903-85BF-7DE20E6ED189} 
 
| DhcpNameServer : 209.18.47.61 209.18.47.62 
 
[UNITED STATES (US)][UNITED STATES (US)]  -> Not 
 
selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\CurrentControlSet\Services\Tcpip\Parameters
 
\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} 
 
| DhcpNameServer : 97.64.183.164 97.64.209.37 
 
[(Unknown Country?) (XX)][(Unknown Country?) (XX)]  
 
-> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\ControlSet001\Services\Tcpip\Parameters
 
\Interfaces\{3FA550CF-FFED-4903-85BF-7DE20E6ED189} 
 
| DhcpNameServer : 209.18.47.61 209.18.47.62 
 
[UNITED STATES (US)][UNITED STATES (US)]  -> Not 
 
selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\ControlSet001\Services\Tcpip\Parameters
 
\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} 
 
| DhcpNameServer : 97.64.183.164 97.64.209.37 
 
[(Unknown Country?) (XX)][(Unknown Country?) (XX)]  
 
-> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\ControlSet002\Services\Tcpip\Parameters
 
\Interfaces\{3FA550CF-FFED-4903-85BF-7DE20E6ED189} 
 
| DhcpNameServer : 209.18.47.61 209.18.47.62 
 
[UNITED STATES (US)][UNITED STATES (US)]  -> Not 
 
selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System
 
\ControlSet002\Services\Tcpip\Parameters
 
\Interfaces\{C3899F35-22AA-4ECC-A690-A634B3D89B8E} 
 
| DhcpNameServer : 97.64.183.164 97.64.209.37 
 
[(Unknown Country?) (XX)][(Unknown Country?) (XX)]  
 
-> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE
 
\Software\Microsoft\Windows\CurrentVersion
 
\Explorer\HideDesktopIcons\NewStartPanel | 
 
{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not 
 
selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE
 
\Software\Microsoft\Windows\CurrentVersion
 
\Explorer\HideDesktopIcons\NewStartPanel | 
 
{59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not 
 
selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE
 
\Software\Microsoft\Windows\CurrentVersion
 
\Explorer\HideDesktopIcons\NewStartPanel | 
 
{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not 
 
selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE
 
\Software\Microsoft\Windows\CurrentVersion
 
\Explorer\HideDesktopIcons\NewStartPanel | 
 
{59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not 
 
selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   
 
    localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA 
 
Device +++++
--- User ---
[MBR] 838a41500d0039179a992af28e58776f
[BSP] bafed0fca048e0219a515af11be612a6 : Windows 
 
Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset 
 
(sectors): 2048 | Size: 16384 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 
 
33556480 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 
 
33761280 | Size: 460454 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_12132014_220054.log - 
 
RKreport_SCN_12132014_225955.log


#22 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 14 December 2014 - 01:16 AM

Emsisoft Emergency Kit - Version 9.0
Last update: N/A
User account: CHELSEA\Chris Blaze
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 12/13/2014 11:42:44 PM
Value: HKEY_USERS\S-1-5-21-1437231282-1839955917-
 
1510631889-1000\SOFTWARE\MICROSOFT\WINDOWS
 
\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR
 
detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT
 
\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> 
 
DISABLEREGISTRYTOOLS detected: 
 
Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1437231282-1839955917-
 
1510631889-1000\SOFTWARE\MICROSOFT\WINDOWS
 
\CURRENTVERSION\POLICIES\SYSTEM -> 
 
DISABLEREGISTRYTOOLS detected: 
 
Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW
 
\{1146AC44-2F03-4431-B4FD-889BC837521F}
 
detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW
 
\{1146AC44-2F03-4431-B4FD-889BC837521F}
 
detected: Application.Win32.InstallAd (A)
 
Scanned 227983
Found 5
 
Scan end: 12/14/2014 12:55:27 AM
Scan time: 1:12:43


#23 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 14 December 2014 - 02:59 AM

C:\FRST\Quarantine\C\Users\Chris Blaze\AppData\Local\Temp\doxillionsetup.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Chris Blaze\AppData\Local\Temp\vpsetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.10.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.27.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Switch\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.14.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\WavePad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\WavePad\wpsetup_v5.13.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application


#24 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 14 December 2014 - 12:04 PM

Hi Kittie, 

 

Those logs look good. 

 

How is your computer performing? 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#25 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 14 December 2014 - 05:33 PM

Hi Adam,

 

I just got online so I am not sure.  The computer seems to be dragging a little but I had dumped the cache and am loading about 5 pages or tabs at the same time.  It may take a minute for everything to get up to speed. 

 

The stuff ESET found, I did not delete, I just created a log of it to post on here.  Should I delete that stuff?


    Advertisements

Register to Remove


#26 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 14 December 2014 - 09:31 PM

Hi Kittie, 
 

The stuff ESET found, I did not delete, I just created a log of it to post on here.  Should I delete that stuff?

The items flagged by ESET are either files we've already removed, or files associated with software installed on your computer. 
There are several NCH Software programmes installed; I would suggest uninstalling the programmes if you do not use them. 
 
Lets update your vulnerable software to reduce the risk of infection. 
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader X (10.1.13)
  • Follow the prompts, and reboot if necessary.
     

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#27 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 15 December 2014 - 02:45 AM

What is the NCH Software installed on here and what does it do? do you know?



#28 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 15 December 2014 - 01:59 PM

Hi Kittie, 
 
NCH Software is a company who develops audio, video, business, dictation and transcription, graphics, telephony and other utilities. You have the following NCH software installed:

  • Doxillion Document Converter
  • Switch Sound File Converter
  • VideoPad Video Editor
  • WavePad Sound Editor
     

------------
 
Lets update your vulnerable software to reduce the risk of reinfection. 
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader X (10.1.13)
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the 29Fou9c.jpg Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#29 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 15 December 2014 - 09:42 PM

OK, proceeding but so far, I haven't done anything about Flash Player as it appears to be the current version.  I do have the computer set to update Windows on a daily basis if there is anything new.  i get this message on Flash Player. Do I need to download the plug-in as well?

 


 

Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.

Download the Adobe® Flash® Player system plug-in or view the instructions to enable it.

To learn more about the enhanced support for Flash Player in Chrome, including information for developers, see this TechNote.

 

 

 



#30 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 15 December 2014 - 09:56 PM

Hi Kittie, 

 

No, you don't. As you're using Chrome which comes with a built-in Adobe Flash Player, you don't need the programme installed. 

You can uninstall Flash Player using your Control Panel if you wish. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users