Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

Avast can't find file

0
0
Hi, I scanned a folder (with HP Games backed up) on my external hard drive with Avast, and it said "Error: The system cannot find the path specified (3)" about some files, see attachment. What does that mean and why does it happen?

Thank you very much, I really appreciate it!

Attached Images
File Type: jpg Avast cna't find path.jpg (56.0 KB)

Shut Down Computer Last Night, Failed To Boot Next Day Until Restore - I'm Scared

0
0
No problem, just post when you are ready and have completed my instructions.

Avast found rootkit

0
0
I let you know privately.

Thank you!

Possible virus Malware problem?

0
0
Fresh OTL scan

OTL logfile created on: 9/10/2014 11:42:59 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.86 Gb Total Physical Memory | 3.61 Gb Available Physical Memory | 61.63% Memory free
11.71 Gb Paging File | 9.58 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.07 Gb Total Space | 315.03 Gb Free Space | 54.12% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/10 09:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/28 09:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/07/24 15:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/02/22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/01/31 13:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/09 22:30:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/27 16:20:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/03/14 04:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/15 11:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/09/10 11:37:18 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/24 14:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 14:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/09/09 11:11:58 | 000,074,560 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/25 18:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/14 22:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 23:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/09 03:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 01:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/27 00:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/20 02:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKCU\..\SearchScopes,DefaultScope = {36D2D28B-AD3D-4174-BA03-2B07576031F3}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=mcafee&type=A111US0&p="
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/09/10 08:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee .com: C:\Program Files\McAfee\MSK [2014/09/09 08:25:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/22 12:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2014/06/17 22:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/07 19:36:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/10 08:30:43 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28924272-B18E-4B03-AD7D-0F670BA7BA42}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40968981-C8F1-4DB2-93FF-8C16B6C05E9E}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43CD905E-EBF6-47E3-B718-E2C843E9587E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/10 11:26:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/10 09:24:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2014/09/10 09:15:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{CCFE7E0B-6813-4DE0-97FE-802AB88FBBAD}
[2014/09/10 08:42:16 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/09/09 21:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{59D49F81-50B2-41CE-ABFA-83CE16C15579}
[2014/09/09 20:44:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{A6CD19D9-AB28-4F8B-9FF5-0C53A203031E}
[2014/09/09 08:35:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{786D61AD-1AEA-4736-9554-0F7B96636023}
[2014/09/08 21:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/08 21:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/08 21:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/09/08 20:45:26 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/08 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/08 20:44:53 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/08 20:44:53 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/08 20:44:53 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/08 20:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/08 20:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/08 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Programs
[2014/09/08 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{7332CB5F-2B77-44AD-B94B-268309118AAC}
[2014/09/08 19:30:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{585F25BB-3AC8-4A38-A65F-417E27B008DE}
[2014/09/08 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Old Firefox Data
[2014/09/08 10:59:01 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{F5E651E4-F49D-463E-9907-E873CCB283BB}
[2014/09/08 08:35:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{9DA511B3-FB3B-4101-8FAB-A622B80F5A67}
[2014/09/06 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Scanned Documents
[2014/09/06 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Fax
[2014/09/06 11:45:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{67575F81-A5AF-49D3-B1BF-32755A95482F}
[2014/09/05 14:35:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{13AB4C61-E16F-4402-9103-138627312F36}
[2014/09/04 10:20:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{A6B5D661-3A0A-44E0-BA0A-13B8EDE23984}
[2014/09/02 15:23:29 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{1415F27D-6947-4EB3-84BA-34AB79D5186C}
[2014/09/01 17:22:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{303F6BA8-915C-4D02-B162-5F55AB22B7FB}
[2014/08/29 15:11:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{99001ED6-C218-4281-BD71-A834D5310344}
[2014/08/27 08:26:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{45D112FB-5487-46F8-87FB-A3F0E5B25916}
[2014/08/26 18:39:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{8A95B3C5-7D84-4144-A0B8-3ABBCD1C59F0}
[2014/08/22 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{64ADEFF9-F969-42BA-AB5B-663E1CFE86EB}
[2014/08/21 16:46:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{5FF41C12-3673-45E0-9912-BE3DA35EF5D3}
[2014/08/20 14:41:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{22286664-8511-472A-BE15-A222D02D40B1}
[2014/08/19 20:38:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{C1FD5A11-2A93-464A-8AF5-AA04F7C666F1}
[2014/08/14 18:12:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{08C30128-F46E-491C-AB3A-6E63516E7449}
[2014/08/13 18:31:01 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{9C2DAE26-F931-47BB-8F3A-CB05A4A0ADC5}
[2014/08/12 10:34:15 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{463DB8DA-D9E0-46A8-B225-E913C18177DC}
[2014/08/11 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{FED9EBF0-57D6-44B4-9AD4-558BC9FA3F38}

========== Files - Modified Within 30 Days ==========

[2014/09/10 11:44:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/10 11:44:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/10 11:42:24 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2014/09/10 11:37:18 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/10 11:36:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/10 11:36:31 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/10 11:30:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/10 10:03:14 | 000,000,171 | ---- | M] () -- C:\Users\Steve\Desktop\shop.cgi-c=orders.htm&t=admin.htm&storeid=4.url
[2014/09/10 09:25:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2014/09/10 08:48:29 | 000,775,124 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/10 08:48:29 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/10 08:48:29 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 08:48:20 | 000,775,124 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/08 20:45:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/23 21:30:34 | 871,819,319 | ---- | M] () -- C:\Users\Steve\Desktop\Down Payment Blues.MOV
[2014/08/23 21:10:20 | 667,777,623 | ---- | M] () -- C:\Users\Steve\Desktop\Los Vamonos.MOV
[2014/08/14 21:36:53 | 000,001,357 | ---- | M] () -- C:\Windows\wininit.ini

========== Files Created - No Company Name ==========

[2014/09/10 10:03:14 | 000,000,171 | ---- | C] () -- C:\Users\Steve\Desktop\shop.cgi-c=orders.htm&t=admin.htm&storeid=4.url
[2014/09/08 20:45:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/04 14:36:34 | 871,819,319 | ---- | C] () -- C:\Users\Steve\Desktop\Down Payment Blues.MOV
[2014/09/04 14:35:49 | 667,777,623 | ---- | C] () -- C:\Users\Steve\Desktop\Los Vamonos.MOV
[2014/04/18 20:53:07 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/24 20:47:26 | 000,001,357 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/13 08:59:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Audacity
[2012/01/03 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

windows losing focus, rootkit problem

0
0
here is the sysinfo log as requested as well.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 32723 Mb
Graphics Card: NVIDIA Quadro FX 1800, 768 Mb
Hard Drives: C: Total - 114469 MB, Free - 22512 MB; D: Total - 357628 MB, Free - 207459 MB; O: Total - 507984 MB, Free - 353066 MB; P: Total - 207417 MB, Free - 119022 MB; R: Total - 357773 MB, Free - 319338 MB; U: Total - 2861578 MB, Free - 1845907 MB;
Motherboard: ASUSTeK COMPUTER INC., P8H77-V LE
Antivirus: Kaspersky Internet Security, Updated and Enabled

I think I have a virus, malware, something.....

0
0
Eddie, here is the scan following the OTL scan. Are we good now??

I can't thank you enough. You wrote code for me to clean up my mess. I'd like some advice on how to keep this from recurring. I am very careful to not download from trusted sites, or to get into sketch websites. I am also careful about opening ANYTHING that I am not sure is safe. What am I doing that creates my "issues?"

Here goes:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File System32\Drivers\RimUsb.sys not found.
Service IntcAzAudAddService stopped successfully!
Service IntcAzAudAddService deleted successfully!
File system32\drivers\RTKVHDA.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Deni\Documents\~WRL0416.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL0506.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL1312.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL2495.tmp deleted successfully.
C:\Users\Deni\Documents\~WRL2558.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Installer\MSI1436.tmp deleted successfully.
C:\Windows\Installer\MSI2610.tmp deleted successfully.
C:\Windows\Installer\MSI2D05.tmp deleted successfully.
C:\Windows\Installer\MSI2DDA.tmp deleted successfully.
C:\Windows\Installer\MSI2F.tmp deleted successfully.
C:\Windows\Installer\MSI3D15.tmp deleted successfully.
C:\Windows\Installer\MSI4DDE.tmp deleted successfully.
C:\Windows\Installer\MSI4F0D.tmp deleted successfully.
C:\Windows\Installer\MSI52AB.tmp deleted successfully.
C:\Windows\Installer\MSI54EE.tmp deleted successfully.
C:\Windows\Installer\MSI5B08.tmp deleted successfully.
C:\Windows\Installer\MSI6619.tmp deleted successfully.
C:\Windows\Installer\MSI71C7.tmp deleted successfully.
C:\Windows\Installer\MSI79DF.tmp deleted successfully.
C:\Windows\Installer\MSI79F9.tmp deleted successfully.
C:\Windows\Installer\MSI7C62.tmp deleted successfully.
C:\Windows\Installer\MSI7F70.tmp deleted successfully.
C:\Windows\Installer\MSI8F47.tmp deleted successfully.
C:\Windows\Installer\MSI8F7C.tmp deleted successfully.
C:\Windows\Installer\MSI9992.tmp deleted successfully.
C:\Windows\Installer\MSI9CBF.tmp deleted successfully.
C:\Windows\Installer\MSI9D34.tmp deleted successfully.
C:\Windows\Installer\MSI9F38.tmp deleted successfully.
C:\Windows\Installer\MSIA08.tmp deleted successfully.
C:\Windows\Installer\MSIAD69.tmp deleted successfully.
C:\Windows\Installer\MSIAEBA.tmp deleted successfully.
C:\Windows\Installer\MSIB191.tmp deleted successfully.
C:\Windows\Installer\MSIB1B3.tmp deleted successfully.
C:\Windows\Installer\MSIBB34.tmp deleted successfully.
C:\Windows\Installer\MSIBDC9.tmp deleted successfully.
C:\Windows\Installer\MSIBF49.tmp deleted successfully.
C:\Windows\Installer\MSIC593.tmp deleted successfully.
C:\Windows\Installer\MSICB03.tmp deleted successfully.
C:\Windows\Installer\MSICC33.tmp deleted successfully.
C:\Windows\Installer\MSICEB2.tmp deleted successfully.
C:\Windows\Installer\MSID39A.tmp deleted successfully.
C:\Windows\Installer\MSIDD49.tmp deleted successfully.
C:\Windows\Installer\MSIE11C.tmp deleted successfully.
C:\Windows\Installer\MSIE3E4.tmp deleted successfully.
C:\Windows\Installer\MSIE9BF.tmp deleted successfully.
C:\Windows\Installer\MSIECEE.tmp deleted successfully.
C:\Windows\Installer\MSIEFDC.tmp deleted successfully.
C:\Windows\Installer\MSIF4D7.tmp deleted successfully.
C:\Windows\Installer\MSIF793.tmp deleted successfully.
ADS C:\Users\Deni\Documents\FWRulestoLiveByFw.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\Hi + resume.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\HMO.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\MarriageOne-liners.eml:OECustomProperty deleted successfully.
ADS C:\Users\Deni\Documents\FwBlondeBreakdown.eml:OECustomProperty deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Deni\Desktop\cmd.bat deleted successfully.
C:\Users\Deni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Deni
->Temp folder emptied: 1510868515 bytes
->Temporary Internet Files folder emptied: 3601318 bytes
->Java cache emptied: 27471300 bytes
->FireFox cache emptied: 47030353 bytes
->Google Chrome cache emptied: 131884563 bytes
->Flash cache emptied: 3267922 bytes

User: Grant

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 42054 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840773798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 183256 bytes

Total Files Cleaned = 2,446.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09102014_135111

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

EDDIE!!! I've lost your post. HELP!!!

SVCHOST.EXE is running high

0
0
Hi everyone!

My name is Frank and I was adviced to move my Thread from Opsys to here.

My problem is that one of the svchost.exe is running high, between 500k and 130k
It is the svchost.exe PID: 2600 AudioEndpointBuilder, Netman, PcaSvc,
SysMain, TrkWks, UxSms, Wlansvc

I've had a decent antivirus and malware removal but it is still running high, which is quite disturbing.

Here is the previous Thread, and the resoult of the TSG Sysinfo.

http://forums.techguy.org/windows-7/...ml#post8965200

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3828 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 431937 MB, Free - 112162 MB; D: Total - 29690 MB, Free - 20382 MB;
Motherboard: LENOVO, MoutCook
Antivirus: COMODO Antivirus, Updated and Enabled

Thank you for your help in advance.

Kind regards,
Frank

malware on new laptop help my dad please

0
0
Hello AvandenEnde and welcome to TSG

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system. Or for Windows 8 go Here

Please proceed as follows :-

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. enable when done!
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me see those logs in your next reply...

Kevin

Help with HiJackThis Reading

0
0
I'm very new with this stuff. I ran HJT because there's browser malware and other strange programs just coming up. Plus, when I try to run Anti Malware (Malwarebytes) then program\ goes to about 80% of the analysis and then the computer shuts down.

Here's the HJT reading, can someone assist me with the right things I need to kill?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:43:26 AM, on 9/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)


Boot mode: Normal

Running processes:
C:\Users\The_Welkers\AppData\Local\Akamai\netsession_win.exe
C:\Users\The_Welkers\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ver8BlockAndSurf\BlockAndSurf.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
C:\Users\The_Welkers\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts...N4XXXX6VMCEXN4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JawWYJKuzmUHn2Jeex30-zvXGjJr0G5L6zQc5QVnu3Tx8ZhjgtfMC4u9JP8DIKrrak4RISYA8irupIq5qPor3mY_w-LZb3bYCecPJ-LuhsQ84s0320M4Eap8HFJDeWi3M-05mS89Wo7i_IbQLCKl-Q,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JawWYJKuzmUHn2Jeex30-zvXGjJr0G5L6zQc5QVnu3Tx8ZhjgtfMC4u9JP8DIKrrak4RISYA8irupIq5qPor3mY_w-LZb3bYCecPJ-LuhsQ84s0320M4Eap8HFJDeWi3M-05mS89Wo7i_IbQLCKl-Q,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts...N4XXXX6VMCEXN4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts...N4XXXX6VMCEXN4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1408710997&from=tugs&uid=ST3160318AS_6VMCEXN4XXXX6VMCEXN4&q={se archTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1408710997&from=tugs&uid=ST3160318AS_6VMCEXN4XXXX6VMCEXN4&q={se archTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123.com/?type=hp&ts...N4XXXX6VMCEXN4
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JawWYJKuzmUHn2Jeex30-zvXGjJr0G5L6zQc5QVnu3Tx8ZhjgtfMC4u9JP8DIKrrak4RISYA8irupIq5qPor3mY_w-LZb3bYCecPJ-LuhsQ84s0320M4Eap8HFJDeWi3M-05mS89Wo7i_IbQLCKl-Q,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JawWYJKuzmUHn2Jeex30-zvXGjJr0G5L6zQc5QVnu3Tx8ZhjgtfMC4u9JP8DIKrrak4RISYA8irupIq5qPor3mY_w-LZb3bYCecPJ-LuhsQ84s0320M4Eap8HFJDeWi3M-05mS89Wo7i_IbQLCKl-Q,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adblocker - {17308930-310C-FDF6-FD98-8FE194757377} - C:\Program Files (x86)\Adblocker\Ddy7hUOr.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: BlockAndSurf - {D42FC174-E80F-470C-8CF5-5E538924B568} - C:\Program Files (x86)\ver8BlockAndSurf\177.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [BlockAndSurf] C:\Program Files (x86)\ver8BlockAndSurf\BlockAndSurf.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\The_Welkers\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: PastaQuotes.lnk = C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\progra~2\pc_boo~1\assist~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NewVideoPlayer Updater Service (NewVideoPlayerUpdaterService) - Unknown owner - C:\Program Files (x86)\NewPlayer\NewVideoPlayerUpdaterService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9132 bytes

Windows XP uploading incessantly

0
0
Hey there, and thanks in advance for any help.

I am running a clean copy of Windows XP, well maintained and with quite high performance. I've fine tuned everything and it SEEMS to be running very well - and fast. Everything was running beautifully until my house mate mentioned that I was hogging the upload bandwidth ... Upon opening the "Wireless network connection status", it seems that my computer is uploading about 12 packets every second, even when no applications are running, all browsers are closed etc, and after a fresh reboot. This is still the case after having closed all possible processes. I have run NOD32, Spybots SD and Malware bytes, and all deep scans come back squeaky clean.

When I open task manager, I can see the prime suspect at the moment is lsass.exe which is one of the running system processes. It seems to be the only running process with a I/O writes rate of 3 Bytes/sec, and it never stops. So I did a search on all drives for LSASS.exe and found two of them, one is in C:/Windows/System32 and the other one is in C:/Windows/System32/dllcache.

I also downloaded a program called Netlimiter, to try to see - and limit - whatever is being uploaded. But the results are nonsense, the Netlimiter program tells me my upload rate is 0B/sec when Windows tells me the upload rate is 12 packets/sec incessantly. But it seems to know when I am uploading/downloading something I actually am aware of... I think it could be a virus, or the FBI, or worse.... Aliens?

Can you help???


Dan

malware, virus, spyware, ransomware, and hacking issues - just traces?

0
0
Thanks for those comments, askey127. Before I hadn't run TDSSKiller or Junkware Removal Tool from the desktop (though I did this most recent time). Nor had I disabled Symantec before running ESET (though I have now). ESET is still doing its scan. So far it has found 7 threats:

Win32/ToolbarConduit
Win32/Toolbar.Montiera.I
Win32/Bundled.Toolbar.Google.D
a variant of Win32/FileTypeAssistant.A
Win32/InstallMonetizer.AQ
Win32/Bundled.Toolbar.Google.D
Win32/Toolbar.Conduit


The Win32/InstallMonetizer.AQ caught my eye. When I tried to find a little info. about it, I found stuff saying that it is typically designed to avoid detection and removal by computer security systems and applications, and these programs are intended to force affected machines to perform certain actions. These can include keylogging, displaying ads, spying and reporting on user activity, granting remote access to hackers, or sending spam. I should mention too that after my initial start to this thread, I reran RogueKiller several times in both safe mode and normal mode (both in my sub account and as an administrator. It found a range of registry entries, some web browser stuff, and one driver issue that was not legit under the AntiRootkit tab. I see that there was a KernelMode rootkit matter there which also might collect keystrokes if I understand correctly. Here's one of those logs (please let me know if you'd like to see others, including more recent ones that look cleaner, at least to my naive eyes):

RogueKiller V9.2.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : StefanAdmin [Admin rights]
Mode : Remove -- Date : 09/10/2014 16:16:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVia64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVia64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BHDrvx64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDSVia64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15 -> DELETED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.115.71.53 24.247.15.53 24.217.0.5 -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.115.71.53 24.247.15.53 24.217.0.5 -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.115.71.53 24.247.15.53 24.217.0.5 -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{9B6773B1-730B-4576-8284-94FC1161101E} | DhcpNameServer : 68.115.71.53 24.247.15.53 24.217.0.5 -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interface s\{9B6773B1-730B-4576-8284-94FC1161101E} | DhcpNameServer : 68.115.71.53 24.247.15.53 24.217.0.5 -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interface s\{9B6773B1-730B-4576-8284-94FC1161101E} | DhcpNameServer : 68.115.71.53 24.247.15.53 24.217.0.5 -> REPLACED ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 8 ¤¤¤
[PUP][FIREFX:Addon] o0v26wcm.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> NOT SELECTED
[CHROME:Addon] Default : Docs [aohghmighlieiainnegkcijnfilokake] -> DELETED
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Yahoo! Toolbar for Chrome [eihhgekonheiliaidomffpplfhecmkag] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 51a34b1927d1bf7900c41419e6882534
[BSP] df0e2d24f79647bb9efe338125d01e23 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 8752273f349251cedf7c6209cdd11aac
[BSP] 804dbf71ce7b1f906f09fbead2fc17a2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


I'm interested to hear what you think could have been going on recently given the information and how bad things might have been. I'm particularly still wondering about potential issues involving keylogging, the ability to collect/share that info., spying, ransomware, and other remote access possibilities. In this way I'm still curious as to whether this stuff was just remnants and traces of older problems or could it still have been quite serious and going on until this cleanup we're doing. Thanks again and I'll post back when the ESET scan is complete so I can share that full log.

Me being silly = annnoyingware on my computer

0
0
All but muvee reveal. The muvic took longer to uninstall an easy PC has some reminants. Both seem to have reinstalled it self a couple of times.

serious theats

0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 8094 Mb
Graphics Card: NVIDIA GeForce GT 640M LE, 1024 Mb
Hard Drives: C: Total - 669121 MB, Free - 400287 MB; D: Total - 26079 MB, Free - 22291 MB;
Motherboard: LENOVO, Product Name
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

I have recently experienced excessive popups and slow operation.

Java script tab pop-up

0
0
Everytime I click on anything in my Yahoo email, it opens another internet tab with this displayed:

javascript:'<script type="text/javascript">document.domain = "s.yimg.com";var rfiAdContent = window.parent["rfiAdContentad35f8b09f33d1c92375498ba76e1d73"];window.parent["rfiAdContentad35f8b09f33d1c92375498ba76e1d73"] = null;document.write(rfiAdContent);document.close();</script>'

Just annoying and not sure how to get rid of this...Thanks!

Browser is redirecting

0
0
Hello,
My browser will redirect to some ad (changes each time) during normal browsing. I've tried running malwarebytes and superantispyware but still happening. Using google chrome as browser

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 8151 Mb
Graphics Card: NVIDIA GeForce GTX 560, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 425304 MB; D: Total - 99 MB, Free - 71 MB; W: Total - 114470 MB, Free - 13419 MB;
Motherboard: Gigabyte Technology Co., Ltd., H55M-S2H
Antivirus: Avira Desktop, Updated and Enabled

The url ctsrda.com shows up with nearly every click and has no text. Also popups

0
0
ctsrda.com shows up with nearly every screen and leads nowhere, nor does it contain any text. At the same time sliding "popups" appear at the lower left screen. A second slider comes out from the left of the first, effectively blocking whatever I am viewing.

System cannot find the file as specified

0
0
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=008b86ce878cbe4a8ae267d65d75c3aa
# engine=20130
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 07:15:05
# local_time=2014-09-12 03:15:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=67112
# found=2
# cleaned=2
# scan_time=2287
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="probably a variant of Win32/Systweak potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=C12C1017175EC7E5F83F58B734F3C0A836E4189F ft=1 fh=a35dc3a674b449d4 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="F:\NOVI\My Documents\Satelit\EXTREME\LiveFTA.exe"

Very slow internet page load and no printer

0
0
Hi
My friends computer is running very slowly and internet pages take ages to load. She has a new printer which I couldn't add as the printer spooker wasn't running even though I started it in control panel.

I've scanned with Super Anti- Spyware and cleaned some malware off it. I have run the sysinfo file shown below and have a hijackthis log.

Please help.....

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz, x86 Family 15 Model 4 Stepping 3
Processor Count: 2
RAM: 1023 Mb
Graphics Card: NVIDIA GeForce 6200SE TurboCache(TM), 256 Mb
Hard Drives: C: Total - 76308 MB, Free - 43650 MB;
Motherboard: Fujitsu Siemens, P5GD1-FM
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:08:33, on 15/08/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: PHOTOfunSTUDIO 5.0.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O4 - Global Startup: Shortcut to Tiscali Broadband.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7261 bytes

HELP!! My Desktop has been infected with Poweliks

0
0
I know you asked me to go to the site and download it but I still cannot connect to the internet through a browser:confused:
Viewing all 4746 articles
Browse latest View live




Latest Images