eset nod32 stop working (ENHANCED PROTECTION MODE)

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Technical Support

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Virus/Malware eset nod32 stop working (ENHANCED PROTECTION MODE), virus!! help me urgently plzzzz....

views

BlueWind	Jul 22 2011, 11:15 AM Return to original view \| Post #1
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Hi, Are you installing two AV in your computer? Avira and ESET? Also, can you provide the message from ESET? I need you to run OTL for an in-depth scan. If you cannot paste the log here because it's too long(thanks to the cacated LYN) then upload those files as attachment. Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Click on Minimal Output at the top Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save" Double click inside the Custom Scan box at the bottom A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel" Click the OK button and navigate to the file scan.txt which we just saved to your desktop Select scan.txt and click Open. Writing will now appear under the Custom Scan box Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic =================================================== On your next reply please post : OTL log Extras log Let me know if you have any problems in performing with the steps above or any questions you may have.
Card PM	Report Top Like Quote Reply

BlueWind	Jul 22 2011, 01:17 PM Return to original view \| Post #2
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Ok, go ahead and post the OTL log and the Extra log back here for review. To me what I think the problem is just the ESET is blocking facebook. But I will look through the log to see anything else I can help you to clean up.
Card PM	Report Top Like Quote Reply

BlueWind	Jul 22 2011, 01:54 PM Return to original view \| Post #3
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Ok, forget about what I said. Wait for further instructions. This post has been edited by BlueWind: Jul 22 2011, 01:55 PM
Card PM	Report Top Like Quote Reply

BlueWind	Jul 22 2011, 02:20 PM Return to original view \| Post #4
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Here it is. Please follow the instructions CAREFULLY. QUOTE PLEASE TAKE NOTE THAT THIS FIX IS ONLY INTENDED FOR THIS COMPUTER. DOING SO WILL ONLY DO MORE DAMAGE THAN GOOD. I SHALL TAKE NO RESPONSIBILITY FOR ANY DATA LOST WHATSOEVER THAT MAY OCCUR. THANKS Follow these steps to display hidden files and folders. Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options. Click the View tab. Under Advanced settings, click Show hidden files and folders Click OK. (Remember to Hide files and folders once done) Please go to one of the below sites to scan the following files: Virus Total (Recommended) jotti.org VirScan click on Browse, and upload the following file for analysis: C:\Windows\geoiplist.rar C:\Windows\unrar.exe C:\Windows\loader2.exe_ok Then click Submit. Allow the file to be scanned, and then please copy and paste the results link(for Virus Total) here for me to see. If it says already scanned -- click "reanalyze now" Please post the results in your next reply. =================================================== Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL CODE :OTL DRV:64bit: - [2009-05-14 15:49:56 \| 000,121,152 \| ---- \| M] (ESET) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2009-05-14 15:47:16 \| 000,134,024 \| ---- \| M] (ESET) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2009-05-14 15:41:14 \| 000,142,776 \| ---- \| M] (ESET) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O33 - MountPoints2\{2ac6b661-90be-11df-854c-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{2ac6b661-90be-11df-854c-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2ac6b670-90be-11df-854c-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{2ac6b670-90be-11df-854c-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2ac6b68a-90be-11df-854c-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{2ac6b68a-90be-11df-854c-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{44cbd2a8-b1ff-11e0-bd46-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{44cbd2a8-b1ff-11e0-bd46-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{44cbd2c5-b1ff-11e0-bd46-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{44cbd2c5-b1ff-11e0-bd46-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{5b11be41-f4ef-11de-9468-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{5b11be41-f4ef-11de-9468-002622788aa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5b11be4d-f4ef-11de-9468-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{5b11be4d-f4ef-11de-9468-002622788aa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5b11be4f-f4ef-11de-9468-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{5b11be4f-f4ef-11de-9468-002622788aa7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6ed98391-7b9f-11e0-b47b-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{6ed98391-7b9f-11e0-b47b-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{6ed98394-7b9f-11e0-b47b-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{6ed98394-7b9f-11e0-b47b-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{8024f3f7-099c-11e0-9c3d-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{8024f3f7-099c-11e0-9c3d-002622788aa7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{93e00a3e-d231-11df-be5b-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{93e00a3e-d231-11df-be5b-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{98f3b5db-4a37-11e0-b3ba-001e101f7f74}\Shell - "" = AutoRun O33 - MountPoints2\{98f3b5db-4a37-11e0-b3ba-001e101f7f74}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a6c79fc6-a477-11df-bed5-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{a6c79fc6-a477-11df-bed5-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{c667bd71-6001-11e0-b312-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{c667bd71-6001-11e0-b312-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{d0c02023-bffc-11df-9b86-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{d0c02023-bffc-11df-9b86-002622788aa7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{fe5ab63d-b5b2-11df-9aa5-002622788aa7}\Shell - "" = AutoRun O33 - MountPoints2\{fe5ab63d-b5b2-11df-9aa5-002622788aa7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fe5ab654-b5b2-11df-9aa5-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{fe5ab654-b5b2-11df-9aa5-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{fe5ab693-b5b2-11df-9aa5-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{fe5ab693-b5b2-11df-9aa5-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009-08-24 02:42:34 \| 000,143,360 \| R--- \| M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe [2011-07-11 09:40:19 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{60619A2F-D25F-4E17-99CC-21291F48D4E6} [2011-07-09 22:41:50 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{E61D9E84-8E6E-4FDC-9CB4-2EA3490B86A5} [2011-07-08 22:07:42 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{84CC0FAD-C599-4AF1-B0AA-945FF8471D0E} [2011-07-08 09:40:29 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{7899900F-67C7-481B-9BB8-FCEAB6F0DCCA} [2011-07-07 07:30:35 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{970E717B-29E0-430E-9CF1-0606FC755402} [2011-07-06 08:21:48 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{E6CC7D60-3297-413B-986E-F321729B9F66} [2011-07-04 21:49:19 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{C331D310-3A09-4D5A-869A-B1EEF98C8791} [2011-07-03 21:37:10 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{60C5A4CE-2D59-4BC9-B9CE-24F2383DD33C} [2011-07-03 19:55:48 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{E42823CD-E578-48AF-B742-D92E866C0F4D} [2011-07-02 23:29:32 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{B20C60C1-C44A-49FD-98B7-718C104870DF} [2011-07-02 22:38:41 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{C907D749-08D1-4059-A2F9-C700E4905C08} [2011-07-01 18:10:29 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{D714009D-2EFD-4FD3-92AF-78CBE03F8FE3} [2011-07-01 08:30:21 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{B55F37DD-9B9D-4337-A77C-0B6152726A0C} [2011-06-30 19:33:42 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{488EAF2D-8B20-4FB7-BDD3-02DFDC2CF313} [2011-06-30 16:41:59 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{E1382485-ADDE-4704-B911-F99034642C38} [2011-06-30 11:25:26 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{0EEF99B5-DEF5-45D3-BAD6-9DD5BD1B06EE} [2011-06-30 11:18:47 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{9B9527A6-984F-46CA-A8E5-E4E7B8297887} [2011-06-30 09:37:41 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{B51ABEC6-A2B5-4985-AD40-55A98B512F9E} [2011-06-28 22:08:49 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{D264CA36-81B0-47CA-B8C1-74F54BC6CB7E} [2011-06-28 09:41:25 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{37963DE1-53B6-44E0-A9AD-64C9D0FDDCB9} [2011-06-27 22:23:40 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{7A938D57-EBE7-4E42-B6F0-C2521A069DBA} [2011-06-24 20:00:09 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{39A00FE4-2BED-40F5-B5C4-9C7DCC512951} [2011-06-24 11:40:26 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{F3DDB496-92B2-42D5-9972-86C913816979} [2011-06-23 21:30:22 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{75DDD531-093F-4EB7-A106-D6C00E0EB6FC} [2011-06-22 21:50:30 \| 000,000,000 \| ---D \| C] -- C:\Users\user\AppData\Local\{2C2D1D52-AFFD-4751-A5CB-CDDF02F615DC} :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Windows\update.1\svchost.exe" =- "C:\Windows\services32.exe" =- "C:\Windows\update.tray-8-0-lnk\svchost.exe" =- "C:\Windows\update.tray-8-0\svchost.exe" =- "C:\Windows\update.tray-2-0-lnk\svchost.exe" =- "C:\Windows\update.tray-2-0\svchost.exe" =- "C:\Windows\update.2\svchost.exe" =- "C:\Windows\update.1\svchost.exe" =- "C:\Windows\services32.exe" =- "C:\Windows\update.tray-8-0-lnk\svchost.exe" =- "C:\Windows\update.tray-8-0\svchost.exe" =- "C:\Windows\update.tray-2-0-lnk\svchost.exe" =- "C:\Windows\update.tray-2-0\svchost.exe" =- "C:\Windows\update.2\svchost.exe" =- :Files C:\Windows\update.1 C:\Windows\update.2 C:\Windows\services32.exe C:\Windows\update.tray-8-0-lnk C:\Windows\update.tray-8-0 C:\Windows\update.tray-2-0-lnk C:\Windows\update.tray-2-0 :Commands [EMPTYFLASH] [EMPTYTEMP] [RESETHOSTS] [CLEARALLRESTOREPOINTS] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script and( don't check the boxes beside LOP Check or Purity this time ) =================================================== On your next reply please post : File scanner log Fix OTL log Fresh OTL log Let me know if you have any problems in performing with the steps above or any questions you may have. This post has been edited by BlueWind: Jul 23 2011, 11:32 AM
Card PM	Report Top Like Quote Reply

BlueWind	Jul 22 2011, 04:32 PM Return to original view \| Post #5
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Thanks chris Are you still having the same problem?
Card PM	Report Top Like Quote Reply

BlueWind	Jul 22 2011, 05:04 PM Return to original view \| Post #6
Sianzation Senior Member 2,901 posts Joined: Jan 2007	There was something inside your computer making funny stuff to your host file. I just flush it away, but I do found other unwanted stuff that are not supposed to be in your computer so I had them clean up. My only advice to you is always, I mean ALWAYS run only one anti-virus coupled with a standalone firewall, and malware scanner such as the one you have which is highly recommended to have; Malwarebytes. There is a bit more to do. It's up to you whether you want to do it, because this is only part of follow up scan that I do routinely to make sure everything is in order. If you cannot wait for ESET to complete its scan then you can close this thread if you want. Just remember to press Clean Up button in OTL. Re-run Malwarebytes' Anti-Malware Double-click MalwareBytes' (Note to Vista users, please right-click and select Run as Administrator.) Go to Update tab to update Malwarebytes' Anti-Malware Then click Check for Updates. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Quick Scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please copy and paste the log back into your next reply Note: The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when Malwarebytes' Anti-Malware is started. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. =================================================== ESET Online Scanner I'd like us to scan your machine with ESET OnlineScan Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Note It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save* it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Make sure that the option "Remove found threats" is Unchecked Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply. Select Uninstall application on close check box and push =================================================== On your next reply please post : MBAM log ESET log Let me know if you have any problems in performing with the steps above or any questions you may have.
Card PM	Report Top Like Quote Reply

BlueWind	Jul 22 2011, 10:45 PM Return to original view \| Post #7
Sianzation Senior Member 2,901 posts Joined: Jan 2007	It's a quarantined file that I nuked it earlier this afternoon. You're good to go now, unless you have any other issues. Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer.
Card PM	Report Top Like Quote Reply

BlueWind	Jul 23 2011, 12:00 AM Return to original view \| Post #8
Sianzation Senior Member 2,901 posts Joined: Jan 2007	QUOTE(lisieng @ Jul 22 2011, 10:55 PM) already clean up. so that means my lptp virus free already? As far as I could tell, it's free now.
Card PM	Report Top Like Quote Reply

BlueWind	Jul 23 2011, 01:24 AM Return to original view \| Post #9
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Maybe it would be a better idea if you help her to restore to factory settings from the hidden partition in her Acer laptop.
Card PM	Report Top Like Quote Reply

BlueWind	Jul 23 2011, 11:40 AM Return to original view \| Post #10
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Open your own thread and PM me your link. I need to get these logs separated to avoid confusion. I also need you to run GMER and post that in your new thread. Don't attach it. It's much easier for me. On a second thought, copy paste the OTL log you have now in your new thread as well. Please download GMER from one of the following locations, and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zip Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Extract the contents of the zipped file to desktop (applicable only to Zip mirror) . Double click or on your desktop. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and attach it in your reply. Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Card PM	Report Top Like Quote Reply

BlueWind	Jul 23 2011, 10:57 PM Return to original view \| Post #11
Sianzation Senior Member 2,901 posts Joined: Jan 2007	.. This post has been edited by BlueWind: Jul 25 2011, 09:29 PM
Card PM	Report Top Like Quote Reply

BlueWind	Oct 31 2011, 02:22 AM Return to original view \| Post #12
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Reset your host file.
Card PM	Report Top Like Quote Reply

BlueWind	Oct 31 2011, 11:18 AM Return to original view \| Post #13
Sianzation Senior Member 2,901 posts Joined: Jan 2007	That's one way of doing it. Normally I will replace the contents inside with MVPS host file
Card PM	Report Top Like Quote Reply

BlueWind	Nov 2 2011, 05:33 PM Return to original view \| Post #14
Sianzation Senior Member 2,901 posts Joined: Jan 2007	Never heard of D7, there's another alternative software called HostXpert.
Card PM	Report Top Like Quote Reply

« Next Oldest · Technical Support · Next Newest »

Add Reply Options

Change to:

0.0198sec

0.31

7 queries

GZIP Disabled
Time is now: 6th December 2025 - 04:55 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.