unwanted windows poping up

[bobbym]

Hi
still getting the unwanted windows.

after running the fix and computer run back up I got this when trying to get back to this forum

The proxy server is refusing connections



Firefox is configured to use a proxy server that is refusing connections.

Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working.



please find reports requested below

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by bob at 2014-10-18 13:28:43 Run:2
Running from C:\Users\bob\Desktop
Loaded Profiles: bob (Available profiles: bob)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:20194
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
End
*****************

Processes closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key not found.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.


The system needed a reboot.

==== End of Fixlog ====



RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bob [Administrator]
Mode : Scan -- Date : 10/18/2014 13:51:07

¤¤¤ Processes : 2 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:36832 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:36832 -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 5c9708733e9b452cc48320213f13fd39
[BSP] 1e9ea23df4c4414dd7ff862a4a5d7113 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SSD U100 32GB ATA Device +++++
--- User ---
[MBR] 7a5d0d242e4d9af2c9f0abf73bf47d7f
[BSP] 6a55d54d7b50f1f1c8a0c5c3ebd99098 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 30431 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: MAXTOR 4K060H3 ATA Device +++++
--- User ---
[MBR] c42bf55c8aa642f79c12ce36efc311de
[BSP] 757b538851286eecb987a35b30da53b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 26999 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 55296000 | Size: 30257 MB
User = LL1 ... OK
User = LL2 ... OK

hope these help.

[Juliet]

in IE, check Tools > Internet Options > Connections Tab > LAN Setttings. What settings is selected here?

Do you know if you connect through a proxy to connect to the internet?

[bobbym]

Hi
have just checked the Proxy settings. they still revert to "use Proxy" after I change them to auto. no I an shore I should not be using a proxy.

[Juliet]

run the RogueKiller tool and remove/clean these entries.

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:36832 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:36832 -> Found


~~~~~~~~~~~~~~~~~~~~~`

Open Internet Explorer, click on the “gear icon” IE Icon Gear in the upper right part of your browser, then click again on Internet Options.

In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now need to close your browser, and then you can open Internet Explorer again.


In the upper-right corner of the Firefox window, click the Firefox menu button , then click on the “Help” button.
From the Help menu, choose Troubleshooting Information.
If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.
Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
To continue, click on the “Reset Firefox” button in the new confirmation window that opens.

Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

Note: Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.



please post the
RogueKiller.log

When the extra window opens, what does it display and can you tell me what site name is in the web bar?

[bobbym]

Hi
have run Rogue Killer twice each time the first two lines you wanted cleaned, are replaced. the third deleted. the forth gives an error[2] message. all four appeared as the original scan on the second scan with the same results.

proxy set up still refusing to go stay in "auto"

[bobbym]

also did the browser resets with no change.

[Juliet]

Let's try booting into safe mode in case it's being stopped by your onboard security.

http://www.bleepingcomputer.com/tuto...mode/#windows7


While in safe mode try to redo these settings again.
Open Internet Explorer, click on the “gear icon” IE Icon Gear in the upper right part of your browser, then click again on Internet Options.

In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now need to close your browser, and then you can open Internet Explorer again.


In the upper-right corner of the Firefox window, click the Firefox menu button , then click on the “Help” button.
From the Help menu, choose Troubleshooting Information.
If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.
Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
To continue, click on the “Reset Firefox” button in the new confirmation window that opens.

Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

Note: Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.



please post the
RogueKiller.log

When the extra window opens, what does it display and can you tell me what site name is in the web bar?

[bobbym]

hi
sorry had to stop to go to church.

I have tried running Rogue Killer in safe mode and reset browsers. IE stayed in automatic while in safe mode but reverted to "use Proxy" once run up normally.

I have had a little experience editing the registry on a couple of other computers. if that could be of any help just need a talk through though.

log requested

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bob [Administrator]
Mode : Scan -- Date : 10/18/2014 13:51:07

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] JAVAKeyboardNative.exe -- C:\Users\bob\AppData\Local\MetafileODBCRoot\JAVAKeyboardNative.exe[-] -> Killed [TermProc]
[Suspicious.Path] (SVC) MetafileODBCRoot.exe -- C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe[-] -> ERROR [41c]

¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MetafileODBCRoot.exe (C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MetafileODBCRoot.exe (C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MetafileODBCRoot.exe (C:\Users\bob\AppData\Local\MetafileODBCRoot\MetafileODBCRoot.exe) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:36832 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:36832 -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2632905467-853276935-2808178832-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] 5c9708733e9b452cc48320213f13fd39
[BSP] 1e9ea23df4c4414dd7ff862a4a5d7113 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SSD U100 32GB ATA Device +++++
--- User ---
[MBR] 7a5d0d242e4d9af2c9f0abf73bf47d7f
[BSP] 6a55d54d7b50f1f1c8a0c5c3ebd99098 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 30431 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: MAXTOR 4K060H3 ATA Device +++++
--- User ---
[MBR] c42bf55c8aa642f79c12ce36efc311de
[BSP] 757b538851286eecb987a35b30da53b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 26999 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 55296000 | Size: 30257 MB
User = LL1 ... OK
User = LL2 ... OK

[Juliet]

Enough to drive ya crazy isn't it?

OK
It doesn't appear to be so much of a malware issue but maybe a setting....Wish I knew.

I had another trusted advisor look in and they thought it possibly is related to
MySafeProxy for Internet Explorer (HKLM-x32\...\{2535ED3F-5ADD-4A65-B07F-82F04C7358E7}) (Version: 1.0.6 - XTRM Group Ltd.) <==== ATTENTION

Might be


Let's try this


Download Malwarebytes' Anti-Malware to your desktop.

• Windows XP : Double click on the icon to run it.
• Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

• On the Dashboard click on Update Now
• Go to the Setting Tab
• Under Setting go to Detection and Protection
• Under PUP and PUM make sure both are set to show Treat Dections as Malware
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
• Then on the Dashboard click on Scan
• Make sure to select THREAT SCAN
• Then click on Scan
• When the scan is finished and the log pops up...select Copy to Clipboard
• Please paste the log back into this thread for review
• Exit Malwarebytes

***************************************

If you already have MBAM on your computer:

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

********************************************


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note:
  For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings[/*]
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
  
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  
  
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan.

*************************************

Please post these 2 logs when finished.

[Juliet]

Let's throw this scan in as well.

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.