kevinf80

Entries flagged in log 09-04-41 were actually quite safe as they were held in Quarantine by FRST after earlier removal. Yes donations go direct to me via Paypal, 60% go to a charity I support. One more procedure to complete to make sure system good.... We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Kevin....

Excellent, ok do the following: Download OTM from either of the following links and save to your Desktop: http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :Filesipconfig /flushdns /cC:\Users\Phillip\AppData\Local\Temp\ge+yAXbX.exe.partC:\Users\Phillip\AppData\Local\Temp\is2029326378\yontoo-c4.exeC:\Users\Phillip\AppData\Local\Temp\is357113909\uninstaller.exeC:\Users\Phillip\AppData\Roaming\DSite\UpdateProc\UpdateTask.exeC:\Users\Phillip\AppData\Roaming\Image Editor Packages\uninstaller.exeC:\Users\Phillip\Downloads\ImageEditorSetup.exeC:\Users\Phillip\Downloads\PicResizer.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Post those logs, also let me know if there are any remaining issues or concerns... Kevin...

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Uninstall all references to SparkTrust, Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the produced log. Next, Open FRST again, select the "Scan" button, post the new log. Kevin fixlist.txt

Adobe Reader is outdated... Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System. Step 2 - Select your Langauge. Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java" It will check your current version and then offer to update to the latest version Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very important Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Kevin...

Yes is FP, Zoek can be seen as a threat because of what it does/how it works. If the program had updated probably would not have flagged Zoek. Unfortunately we do not see any other progress. What is the status of your system now, what issues/concerns do we have...

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the produced log Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Kevin... fixlist.txt

Hello and P2P/Piracy Warning: Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post those logs... Kevin

Either you did not follow the instructions correctly for FRST fix, or you post incorrect log. What you post is not what I expect to see from FRST fix.... This was the instruction: The log you post is not Fixlog.txt

The log FRST.txt is not complete, post the full log.

That`s ok, post back with results later when you have the time.... Kevin....

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin..

Hello and P2P/Piracy Warning: Next, Post the log from Combofix, should be here: C:\Combofix.txt Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin....

Please download RogueKiller from here: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller

Lets try this from outside of windows.... Kaspersky Rescue CD STEP A: Download and create a bootable Kaspersky Rescue Disk CD 1. Download the Kaspersky Rescue Disk ISOimage from below. KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO) 2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that) IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn) 3. You can now insert your blank DVD/CD in your burner. 4. Install ImgBurn by following the prompts and then start this program. 5. Click on the Write image file to disc button. 6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso) 7. Click on the big Write button. 8. The disc creation process will now start and it will take around 5-10 minutes to complete. STEP B: Configure the computer to boot from CD-ROM On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD. IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot: 1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot: 2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device. 3. Insert your Kaspersky Rescue Disk and restart your computer. STEP C: Boot your computer from Kaspersky Rescue Disk 1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process 2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard. 3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER. 4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard. 5. Once the actions described above have been performed, the Kasprsky operating system will start. STEP D: Launch Kaspersky WindowsUnlocker to remove the malicious registry changes This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk. 1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker. IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard. 2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode. STEP E: Scan your system with Kaspersky Rescue Disk 1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update. 2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated. 3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan. 4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side. 5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed. 6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer. 7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply. If you`d rather use the USB stick version, instructions here: http://support.kaspersky.com/8092

If you do not have the problem by logic there is nothing to fix. Run the following: Download and install CCleaner from here: ] Ensure to select Slim version. (No Toolbar) Then select the items you wish to clean up. In the Windows Tab: Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those. Clean all the entries in the "Windows Explorer" section. Clean all entries in the "System" section. Clean all entries in the "Advanced" section. Clean any others that you choose. Make sure "Wipe free space" is unticked, this will dramatically increase scan time if selected. In the Applications Tab: Clean all except cookies in the Firefox/Mozilla section if you use it. Clean all in the Opera section if you use it. Clean Sun Java in the Internet Section. Clean any others that you choose. 4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done. CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application. When that completes run CCleaner again, select the "Registry" tab > scan for issues > fix selected issues. Save a back up. Reboot when finished. All you can do is see if the error returns...

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the produced log.. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Kevin... fixlist.txt

Hello and P2P/Piracy Warning: Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Let me see those logs... Kevin

Go here: http://support.microsoft.com/kb/310353 follow the instructions and run a clean boot, see if that makes any difference..

When you run a clean boot (all non MS services stopped) and then revert back to normal mode (all non MS services started) nothing is fixed or altered. The idea of a clean boot is to prove a point. If the issue is stopped in a clean boot state it proves a non MS service is at fault. Once we know a non MS service is at fault it then a process of elimination to find the problem service... The following is the instructions for XP :- Clean boot XP. Click Start, click Run, type msconfig, and then click OK. The System Configuration Utility dialog box is displayed. We now need to configure selective startup options: In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup. Click to clear the Process SYSTEM.INI File check box. Click to clear the Process WIN.INI File check box. Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked. Click the Services tab. Click to select the Hide All Microsoft Services check box. Click Disable All, and then click OK. this will disable none MS services. When you are prompted, click Restart to restart the computer. When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK. If the clean boot fixes the issue do the following: Repeat as above, ensure all MS services are hidden, enable half of the non MS services then re-boot. If the issue does not return do exactly the same again, this time only enable the bottom half of non MS services. If the issue returns we know the issue is in the bottom half, so you now repeat again but only enable half of the bottom half. Keep doing that until you isolate the rogue sevice. Let me know how you get on, I know it is a laborious task but it will locate the issue. Obviously if the issue happens with the initial clean boot we`ll have to think again.... To return your computer to a Normal startup mode when complete, follow these steps: Open msconfig... On the General tab, click Normal Startup - load all device drivers and services, and then click OK. When you are prompted, click Restart.

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. standardsearch;autoclean;emptyclsid;firefoxlook;Chromelook;autoclean;iedefaults;Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply…..

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the produced log. Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those logs, also let me know of any remaining issues or concerns... Kevin.. fixlist.txt

When you did a clean boot did the issue stop? If the issue clears in that state it is then a process of elimination to find the problem service. I know that process can be tedious but it is an option well worth doing...

Yes I agree, do the following: We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here

Hello and P2P/Piracy Warning: Next, Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe Important - Save it to your desktop. Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7). Give permission if necessary, and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify the file saved. Please run the program once only. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post those logs,