kevinf80

You`re very welcome, glad to help....

Hello and P2P/Piracy Warning: Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin....

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin

Can you run FSS scan one more time please, it is very unusual not to see BITS on an XP system

Glad to help, come back anytime...

In my experience with Chrome (which is not much) seems to be removal of the default folder, at least that way nothing is saved and a quick fix is found. I just do not use Chrome as it seems to have too many pitfalls.... This is my set up for Windows 7: Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license. As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc.... Before using NoScript read from this link http://noscript.net/ makes it easy to understand.... Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100 Understanding WinPatrol - http://www.winpatrol.com/features.html I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!. Read the following link to fully understand PC security and best practices.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Are we now ok to close? Take care, Kevin

How is your system responding, any issues or concerns? Read the following link to fully understand PC security and best practices.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 If all ok can we close? Kevin...

You got log from FRST fix? Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Finally, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Kevin

Thank you for the feedback Michael, please do not worry about donations as they are not compulsory. I get more pleasure working with guys who give a kind word of thanks on completion. If all is ok with no issues read through the following link entries #1 to #9 :- http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Take care, Kevin...

Post back when those scans are finished, let us know if anything was found...

Yes probably, been a long day..... Is attach now, apologies.. fixlist.txt

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Download and save mbam-clean.exe and save to your desktop from the following: http://www.malwarebytes.org/mbam-clean.exe Now do the following: Click on Start and select Control Panel Open Uninstall a Program Uninstall Malwarebytes' Anti-Malware Restart your computer, very important to do that!! Run mbam-clean.exe It will ask to restart your computer, please allow it to do so, very important!! Next, D/L and install Malwarebytes again and update as follows :- Please download Malwarebytes Anti-Malware and save it to your desktop. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Kevin... fixlist.txt

Run ESET online scan, only point it at the external hard drive and make sure that the option "Remove found threats" is ticked. This method can be risky as backups can become corrupt depending what is found/removed.... Personally i`d wipe the external hard drive when I know for sure the working system is clean, then i`d back up essential data etc once again...

The problem only lies in Chrome, this an awful browser that will save all settings, as we kill them off they seem to come back. Removing the Default folder is the best way to get rid of everything total.... Yes post back when you`re ready, is nearly 1am for me so am calling time. Will reply later after you re-post.... I will show you my security set up if you want, does not include Chrome.....lol..

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin....

Go to the following link and run both method 1 and method 2, let me know if this works..... I dont personally use Chrome so have little experience..... http://en.kioskea.net/faq/29225-google-chrome-restore-to-default-settings

Is this issue only happening in Chrome?

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Uninstall adwcleaner.exe Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Uninstall Click Yes at Would you like to Uninstall Adwcleaner Next, Remove ESET Online Scanner (Only if installed) Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER. Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop. Double click icon to start the program. If you are using Vista or Windows 7 accept UAC Then Click the big button. You will get a prompt saying "Begining Cleanup Process". Please select Yes. Restart your computer when prompted. This will remove tools we have used and itself. Any tools/logs remaining on the Desktop or downloads folder can be deleted. Next, We now need to reset your system restore points and create a new clean one. To do this "Turn off" System restore > Left click start > Right click My Computer > Left click Properties > Select System restore tab > put tick in Turn off System Restore box > apply > ok. To reverse as previous but remove the tick from Turn off System Restore > apply ok. Create a new restore point > Start > all programs > accessories > system tools > system restore > create a restore point > In the Restore point description box give it a name for reference eg. Clean 1. The time and date are added automatically > then select create and follow the prompts. Finally, Read the following link, replies #1 through to #9 for answers to common security question and best answers: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if all ok, no issues and we can close out... fixlist.txt

What is jumping, you confuse me..

It definitely shows up int he FSS log; It will be called Background intelligent transfer service in the service list

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run) http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :Filesipconfig /flushdns /cC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.phpC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.phpC:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.htmlC:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exeC:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exeJ:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exeJ:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.htmlJ:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exeJ:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Next, Remove Combofix now that we're done with it Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself. The above procedure will delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen. Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those two logs from OTM and Security Check. Also confirm CF uninstall ok... Regarding the external HD, just delete the suspicious backups, no need to keep them. Make fresh backups when we are sure this system is clean. Regarding the start up or shutdown issues, will be worth installing SP3 and see what difference that makes. If no other issues go here: http://support.microsoft.com/kb/322389 expand the relevant section for instructions how to d/l and install SP3.... Kevin

That is good news, ok do this: Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run) http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :Filesipconfig /flushdns /cC:\$Recycle.Bin\S-1-5-21-704944380-1527385307-4179125320-1000\$R1C4BM4\pro webcam hack v 1.0.Fullversion.With.Crack.New.SKIDROW.exeC:\$Recycle.Bin\S-1-5-21-704944380-1527385307-4179125320-1000\$RJ3GXC8\hmh+56g14m+65j1+jk6,\Citp\email.extractor.v.5.6.0.0-patch.exeC:\Users\Brecht\AppData\Local\Google\Chrome\User Data\default\extensions\pbldkgaiebjgehfdphpdhdfdafmaodpi\1.1\W09zyRfIYx.jsC:\Users\Brecht\AppData\Local\Temp\D2EA03ED-BAB0-7891-83CB-075C2A5931E3\Latest\BabMaint.exeC:\Users\Brecht\AppData\Local\Temp\D2EA03ED-BAB0-7891-83CB-075C2A5931E3\Latest\ccp.exeC:\Users\Brecht\AppData\Local\Temp\D2EA03ED-BAB0-7891-83CB-075C2A5931E3\Latest\IEHelper.dllC:\Users\Brecht\AppData\Roaming\GooglePlug\Unlocker1.9.1.exeC:\Users\Brecht\AppData\Roaming\Mozilla\Firefox\Profiles\8edjdg4t.default\extensions\v.btb@atp-oae.co.uk\content\bg.jsC:\Users\Brecht\Downloads\cpu-z_1.59-setup-en.exeC:\Users\Brecht\Downloads\Mouse Rate Checker 1.1_isdmgr.exeC:\Users\Brecht\Downloads\utorrent.exeC:\Users\Brecht\Downloads\LicGen_OF_v1.2.123__Winx64_-ByDanCorC:\Users\Brecht\Downloads\The Great Gatsby 2013 DVDRIP. Jaybob:Commands[EmptyTemp]Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.Click the red button.Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Next, We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Remove ESET online scanner (Only If installed): Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER. Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted. Next, Follow the instructions here (if needed): http://windows.microsoft.com/en-gb/windows7/improve-performance-by-defragmenting-your-hard-disk and Defrag your HDD. Next, Create a new restore point: 1. Right-click on Computer and go to Properties. 2. Next click on the System Protection link. 3. The System Properties dialog screen opens up and you will want to click on Create. 4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create. 5. You should see the message "The restore point was created successfully To remove all but the most recent restore point do the following: 1. Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup. 2. If prompted, select the drive that you want to clean up, and then click OK. 3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. 4. If prompted, select the drive that you want to clean up, and then click OK. 5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up. 6. In the Disk Cleanup dialog box, click Delete. 7. Click Delete Files, and then click OK. Re-Boot your PC. Let me know if those steps complete, alos if any remaining issues or concerns..... Ensure real time protection is turned back on for MSE.. Kevin...

Not really 100% sure but believe a rogue setting within Chrome was to blame, using Zoek to correct the settings has made the difference. Ok we progress: Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Delete Zoek from the Desktop or the folder it was saved to, also open C:\ and delete all files related to Zoek Next, Uninstall adwcleaner.exe Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Uninstall Click Yes at Would you like to Uninstall Adwcleaner Next, Remove ESET online scanner (Only If installed): Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER. Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted. Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop. Double click icon to start the program. If you are using Vista or Windows 7 accept UAC Then Click the big button. You will get a prompt saying "Begining Cleanup Process". Please select Yes. Restart your computer when prompted. This will remove tools we have used and itself. Any tools/logs remaining on the Desktop or downloads folder can be deleted. Finally, Create a new restore point: 1. Right-click on Computer and go to Properties. 2. Next click on the System Protection link. 3. The System Properties dialog screen opens up and you will want to click on Create. 4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create. 5. You should see the message "The restore point was created successfully To remove all but the most recent restore point do the following: 1. Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup. 2. If prompted, select the drive that you want to clean up, and then click OK. 3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. 4. If prompted, select the drive that you want to clean up, and then click OK. 5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up. 6. In the Disk Cleanup dialog box, click Delete. 7. Click Delete Files, and then click OK. Re-Boot your PC. Let me know if those steps complete, also if any remaining issues or concerns... Kevin

What is the status of the system, are there any remaining issues or concerns....

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed: Download Malwarebytes from the following link and save it to your desktop.: http://www.malwarebytes.org/mbam.php Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those logs, also give an update on any remaining issues or concerns... Kevin fixlist.txt