Computer Slowing to almost Unusable levels

August 29, 2013, 1:26 pm

≪ Previous: Search conduit complete removal

After browsing some other threads, I went ahead and ran some other scans with AdwCleaner and FRST64 in hopes of streamlining the process. Thank you again for the help...

AdwCleaner -

# AdwCleaner v3.001 - Report created 29/08/2013 at 15:21:17
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ReDJeLLo - REDJELLO-HP
# Running from : C:\Users\ReDJeLLo\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\InstallMate
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Found C:\ProgramData\Premium
Folder Found C:\Users\ReDJeLLo\AppData\LocalLow\boost_interprocess

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16618

-\\ Google Chrome v

[ File : C:\Users\ReDJeLLo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4062 octets] - [29/08/2013 15:21:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4122 octets] ##########

And the FRST Scan -

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by ReDJeLLo at 2013-08-29 15:25:05
Running from C:\Users\ReDJeLLo\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

2012 (Version: 2012.1.2242)
64 Bit HP CIO Components Installer (Version: 8.2.2)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.168)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Apple Application Support (x32 Version: 1.4.1)
Apple Software Update (x32 Version: 2.1.1.116)
ATI Catalyst Install Manager (Version: 3.0.790.0)
AVG 2012 (Version: 12.0.3204)
AVG 2012 (Version: 12.1.2242)
AVG PC TuneUp (x32 Version: 12.0.4020.3)
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4020.3)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
BitTorrent (x32 Version: 7.2.1)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625)
Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625)
Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625)
CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625)
CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625)
CCC Help Czech (x32 Version: 2010.0909.1411.23625)
CCC Help Danish (x32 Version: 2010.0909.1411.23625)
CCC Help Dutch (x32 Version: 2010.0909.1411.23625)
CCC Help English (x32 Version: 2010.0909.1411.23625)
CCC Help Finnish (x32 Version: 2010.0909.1411.23625)
CCC Help French (x32 Version: 2010.0909.1411.23625)
CCC Help German (x32 Version: 2010.0909.1411.23625)
CCC Help Greek (x32 Version: 2010.0909.1411.23625)
CCC Help Hungarian (x32 Version: 2010.0909.1411.23625)
CCC Help Italian (x32 Version: 2010.0909.1411.23625)
CCC Help Japanese (x32 Version: 2010.0909.1411.23625)
CCC Help Korean (x32 Version: 2010.0909.1411.23625)
CCC Help Norwegian (x32 Version: 2010.0909.1411.23625)
CCC Help Polish (x32 Version: 2010.0909.1411.23625)
CCC Help Portuguese (x32 Version: 2010.0909.1411.23625)
CCC Help Russian (x32 Version: 2010.0909.1411.23625)
CCC Help Spanish (x32 Version: 2010.0909.1411.23625)
CCC Help Swedish (x32 Version: 2010.0909.1411.23625)
CCC Help Thai (x32 Version: 2010.0909.1411.23625)
CCC Help Turkish (x32 Version: 2010.0909.1411.23625)
ccc-core-static (x32 Version: 2010.0909.1412.23625)
ccc-utility64 (Version: 2010.0909.1412.23625)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Contents (x32 Version: 1.6.0.294)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.252)
Corel VideoStudio Pro X3 (x32 Version: 1.6.0.294)
CyberLink DVD Suite (x32 Version: 7.0.3320)
D3DX10 (x32 Version: 15.4.2368.0902)
DeviceIO (x32 Version: 1.6.0.294)
Diablo III (x32 Version: 1.0.2.9991)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DivX Setup (x32 Version: 2.6.1.3)
Dora's World Adventure (x32 Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
Energy Star Digital Logo (x32 Version: 1.0.1)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (x32 Version: 1.0.1.312.19219)
Final Drive Nitro (x32 Version: 2.2.0.95)
Google Chrome (HKCU Version: 29.0.1547.62)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive (x32)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.3.1)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.1.5)
HP MediaSmart DVD (x32 Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (x32 Version: 4.2.4604)
HP MediaSmart Photo (x32 Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (x32 Version: 4.2.4522)
HP MediaSmart Webcam (x32 Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.4.0)
HP MovieStore (x32 Version: 1.0.023)
HP MovieStore (x32 Version: 2.0.2)
HP Photo Creations (x32 Version: 1.0.0.4042)
HP Power Manager (x32 Version: 1.2.3)
HP Quick Launch (x32 Version: 2.3.6)
HP Setup (x32 Version: 8.4.4400.3525)
HP Setup Manager (x32 Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 5.20.205)
HP Software Framework (x32 Version: 4.1.8.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
HTC Driver Installer (x32 Version: 3.0.0.007)
ICA (x32 Version: 1.6.0.294)
ICA (x32 Version: 1.6.1.252)
IDT Audio (x32 Version: 1.0.6292.0)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
Intel(R) Wireless Display (Version: 1.2.21.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
IPM_PSP_Pro (x32 Version: 1.00.0000)
IPM_VS_Pro (x32 Version: 13.0)
ISCOM (x32 Version: 1.6.0.294)
ISCOM (x32 Version: 1.6.1.252)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 21 (64-bit) (Version: 6.0.210)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.3220)
LightScribe System Software (x32 Version: 1.18.18.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft RichCopy 4.0 (x32 Version: 4.0.216)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MotioninJoy ds3 driver version 0.6.0003 (Version: 0.5.0001)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Manager (HKCU)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Panda Antivirus Pro 2014 (x32 Version: 13.01.00)
Password Depot 6 - Panda Secure Vault Edition (x32 Version: 6.1.5)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.7717)
PictureMover (x32 Version: 3.5.0.33)
Plants vs. Zombies (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4419)
PowerDirector (x32 Version: 8.0.3320)
PSPPContent (x32 Version: 1.00.0000)
PSPPRO_DCRAW (x32 Version: 13.0.0)
PureHD (x32 Version: 1.6.0.294)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.69.80.9)
Raiden III (x32)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Recovery Manager (x32 Version: 5.5.3223)
RoxioNow Player (x32 Version: 1.9.5.101)
Setup (x32 Version: 1.6.0.294)
Setup (x32 Version: 1.6.1.252)
Share (x32 Version: 1.6.0.294)
Share64 (Version: 1.6.0.294)
Simple Port Forwarding (x32 Version: 3.2.5)
Skype™ 6.5 (x32 Version: 6.5.158)
SofTest 11.0 (x32 Version: 1.0.0)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
StarCraft II (x32 Version: 2.0.8.25604)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Times Reader (x32 Version: 2.055)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Validity Sensors DDK (Version: 4.1.139.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VIO (x32 Version: 1.6.0.294)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 2.0.1 (x32 Version: 2.0.1)
VSClassic (x32 Version: 1.6.0.294)
VSPro (x32 Version: 1.6.0.294)
War2Combat 3.05 (x32 Version: 3.05)
Warcraft III (x32)
Warcraft III: All Products (HKCU)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
WinRAR 4.10 beta 1 (32-bit) (x32 Version: 4.10.1)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

15-07-2013 03:16:01 Windows Update
28-07-2013 05:05:16 Scheduled Checkpoint
25-08-2013 05:22:09 Windows Update
26-08-2013 16:08:33 Removed Apple Application Support
26-08-2013 21:09:33 Removed Facebook Video Calling 1.2.0.287
26-08-2013 22:08:56 Installed AVG PC TuneUp
26-08-2013 22:14:28 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {004E04E2-6720-4A1D-BE86-3E136FE3142F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)
Task: {37170F69-1D03-48BE-A78C-0ECC17EA365D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {4354B4DE-9BAF-41BF-AE87-71994043BC07} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {49D45E25-60C3-4A6F-B417-5B05444F99A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4DD2BEFB-D822-46B5-BE1E-F561D4D0D7BE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {513645FC-CEC2-4F81-AB7C-724A949EF094} - System32\Tasks\task138183018 => C:\Users\ReDJeLLo\AppData\Local\Temp\0.2865066360677674.exe No File
Task: {5B83070A-F8F2-45A6-9A95-49D471527B6E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001Core => C:\Users\ReDJeLLo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.)
Task: {78E2F509-9ABA-4E69-909B-16F127EAD26A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7A8A2594-088C-4228-AB2B-809DBD10494A} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-13] (Microsoft Corporation)
Task: {896BD8D8-33A6-4270-913B-26F08BAD66D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001Core => C:\Users\ReDJeLLo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {9D2E6552-005B-49F8-AB9D-866A2BE04477} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {A818FBBA-4E03-4039-B92A-6ABD9B884247} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-10] (Hewlett-Packard)
Task: {AAD906FE-3590-4040-9966-B4B75A9DC7AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001UA => C:\Users\ReDJeLLo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.)
Task: {C896A8FF-35D0-4AB2-B884-925926D2B2CA} - System32\Tasks\{9BEEE6ED-9340-47AC-B25E-ECF09F7EF255} => c:\users\redjello\appdata\local\google\chrome\application\chrome.exe [2013-08-24] (Google Inc.)
Task: {CBECF508-741D-4A69-94D6-03EE6DC0CF09} - System32\Tasks\Google Updater and Installer => C:\Users\ReDJeLLo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {D0AF4450-046C-4762-A050-DB88ED2ACA6F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-13] (Microsoft Corporation)
Task: {E1168A48-C2C2-4E5C-A75C-059F582266B6} - System32\Tasks\{73441E15-CA68-48A2-9877-21247F6A54E4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: {E6E0CDE5-36AF-49DB-831D-0DC94524263C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {E8780209-DF4A-4357-9D2E-61B6FF2197B7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-01-31] (AVG)
Task: {EF0C2E82-8646-4AB8-92BF-3F5C50926785} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001UA => C:\Users\ReDJeLLo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {F4B900BC-0152-4944-B59A-822AB1B10D6B} - System32\Tasks\{81C34C65-6CE9-416E-816A-86570ED46BB9} => c:\users\redjello\appdata\local\google\chrome\application\chrome.exe [2013-08-24] (Google Inc.)
Task: {FE9730FB-FDA3-4BEB-BD47-296C6925BA97} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1328017681-4178699098-1916099761-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001Core.job => C:\Users\ReDJeLLo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001UA.job => C:\Users\ReDJeLLo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001Core.job => C:\Users\ReDJeLLo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1328017681-4178699098-1916099761-1001UA.job => C:\Users\ReDJeLLo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\ReDJeLLo\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\ReDJeLLo\Downloads\Thumbs.db:encryptable

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2013 10:30:22 AM) (Source: Application Hang) (User: )
Description: The program TUMessages.exe version 12.0.4020.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 123c

Start Time: 01cea3fa3c3b6651

Termination Time: 15

Application Path: C:\Program Files (x86)\AVG\AVG PC TuneUp\TUMessages.exe

Report Id:

Error: (08/28/2013 09:24:09 AM) (Source: Google Update) (User: ReDJeLLo-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (08/27/2013 00:00:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: PavFnSvr.exe, version: 9.6.2.0, time stamp: 0x505c0047
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x5a4
Faulting application start time: 0xPavFnSvr.exe0
Faulting application path: PavFnSvr.exe1
Faulting module path: PavFnSvr.exe2
Report Id: PavFnSvr.exe3

Error: (08/27/2013 11:04:59 AM) (Source: Google Update) (User: ReDJeLLo-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (08/26/2013 05:05:30 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/26/2013 03:48:01 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\ReDJeLLo\AppData\Local\Temp\33989398-7C12-49B9-A897-7100FF2E74CD\dismhost.exe {80B2527B-789F-4EC9-8889-E169AD242B3F}; Description = Removed service pack backup files; Error = 0x8007043c).

Error: (08/26/2013 03:29:52 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2012; Error = 0x8007043c).

Error: (08/26/2013 03:29:52 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2012; Error = 0x8007043c).

Error: (08/26/2013 03:29:06 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2012; Error = 0x8007043c).

Error: (08/26/2013 03:28:56 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2012; Error = 0x8007043c).

System errors:
=============
Error: (08/29/2013 03:24:43 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:23:43 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:22:42 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:21:42 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:20:42 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:19:41 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:18:41 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:17:41 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:16:38 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/29/2013 03:15:37 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (08/28/2013 10:30:22 AM) (Source: Application Hang)(User: )
Description: TUMessages.exe12.0.4020.3123c01cea3fa3c3b665115C:\Program Files (x86)\AVG\AVG PC TuneUp\TUMessages.exe

Error: (08/28/2013 09:24:09 AM) (Source: Google Update)(User: ReDJeLLo-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (08/27/2013 00:00:01 PM) (Source: Application Error)(User: )
Description: PavFnSvr.exe9.6.2.0505c0047ole32.dll6.1.7601.175144ce7b96fc0000005000393425 a401cea2ab1e200cd8C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exeC:\Windows\syswow64\ole32.dll1c0d26da-0f3a-11e3-a1a2-ed6e05622104

Error: (08/27/2013 11:04:59 AM) (Source: Google Update)(User: ReDJeLLo-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (08/26/2013 05:05:30 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/26/2013 03:48:01 PM) (Source: System Restore)(User: )
Description: C:\Users\ReDJeLLo\AppData\Local\Temp\33989398-7C12-49B9-A897-7100FF2E74CD\dismhost.exe {80B2527B-789F-4EC9-8889-E169AD242B3F}Removed service pack backup files0x8007043c

Error: (08/26/2013 03:29:52 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20120x8007043c

Error: (08/26/2013 03:29:52 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20120x8007043c

Error: (08/26/2013 03:29:06 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20120x8007043c

Error: (08/26/2013 03:28:56 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20120x8007043c

==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 5941.86 MB
Available physical RAM: 3340.76 MB
Total Pagefile: 11881.9 MB
Available Pagefile: 8221.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:565.43 GB) (Free:372.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:30.44 GB) (Free:4.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 40C486BC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

Thanks again guys!

↧

not responding

September 1, 2013, 3:11 am

≫ Next: Hacker Problem Possible

≪ Previous: Computer Slowing to almost Unusable levels

Hi
I am getting random Not Responding when using Outlook, Firefox browser, and even when trying to play simple Windows games (e.g. Solitaire)
I have Windows 7 64-bit PC.

↧

Hacker Problem Possible

September 1, 2013, 7:23 am

≫ Next: Slow Laptop Cleanup

≪ Previous: not responding

That's okay, this one is easy, as it starts each line with a time, so edited it :)

It looks good, so that's okay :)

Any joy on the Eset scan as well?

Also, lets see if we have any remains of the programs taht you uninstalled earlier:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code:

:folderfind *TuneUp* *First Aid* *Tweaking.com* :filefind *TuneUp*.* *First Aid*.* *Tweaking.com*.* :regfind TuneUp First Aid Tweaking.com
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

↧

Slow Laptop Cleanup

September 1, 2013, 12:00 pm

≫ Next: Hst request, trying to deal with system bloat

≪ Previous: Hacker Problem Possible

Hi,

I need help cleaning up this laptop. It is running slow and doing weird things on it's own...closing windows etc. I have hijackthis on the computer but when I try to run it I get an error message that says

"For some reason your system denied write access tot he Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this....etc..""

Then it will run but won't give me a log in notepad.

Can you help me?

rnordeman

Ok.....I got it to run and this is what it gave me.....I could really use some assistance with this.
Thanks...

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:19:16 PM, on 9/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)

Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Roe\Downloads\HijackThis (2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3303001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Roe\AppData\Local\DownloadTerms\temp.dat (file missing)
O2 - BHO: WebProtect - {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Roe\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Roe\AppData\Local\DefineExt\temp.dat (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll",RunConduitFloatingPlugin klibnahbojhkanfgaglnlalfkgpcppfi
O4 - HKCU\..\Run: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
O4 - HKCU\..\Run: [ConduitFloatingPlugin_mogmppbjfkngfoaecoialclfiabnpndg] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3303001\plugins\TBVerifier.dll",RunConduitFloatingPlugin mogmppbjfkngfoaecoialclfiabnpndg
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...02/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...0926/CTPID.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10579 bytes

↧

Hst request, trying to deal with system bloat

September 1, 2013, 5:46 pm

≫ Next: Problem with app bario malware

≪ Previous: Slow Laptop Cleanup

Hi, TSG-ers...

wow, i remember a time when YOU guys did all the work. you've really gone uptown, it seems, but i'm sure it's for the best- at least i'm learning something in the process.
and now i will wait VERY patiently, as requested- but please do let me know if i missed some of the required info.
rather than plunking me into the round file.

thanks in the usual advance...

MEZZ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:44:56, on 8/30/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\D\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\D\system32\winlogon.exe
C:\D\system32\services.exe
C:\D\system32\lsass.exe
C:\D\system32\svchost.exe
C:\D\System32\svchost.exe
C:\D\system32\svchost.exe
C:\D\Explorer.EXE
C:\D\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\D\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\D\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\D\system32\svchost.exe
C:\D\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\D\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\Steve.MEZZROW-DC9E79F\Desktop\Security, Utilities\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: SearchBar.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4D0E1F7F-3B37-741C-5738-414E57A15A45} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
O3 - Toolbar: SearchBar - {c9a6357b-25cc-4bcf-96c1-78736985d412} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\D\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\D\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\D\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\D\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\D\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Steve.MEZZROW-DC9E79F\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\D\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\D\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.blues-brothers.biz
O15 - Trusted Zone: http://download.cnet.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/dcode/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1346194773765
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\D\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\D\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\D\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\D\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 9752 bytes

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Celeron(R) CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 510 Mb
Graphics Card: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, 64 Mb
Hard Drives: C: Total - 152625 MB, Free - 4577 MB; E: Total - 305242 MB, Free - 4759 MB;
Motherboard: Dell Computer Corp., 0F5949
Antivirus: AVG AntiVirus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled

↧

Problem with app bario malware

September 1, 2013, 7:41 pm

≫ Next: Need help clearing computer of malware

≪ Previous: Hst request, trying to deal with system bloat

I recently downloaded something that seems to have been attached to appbario toolbar. I tried to uninstall the program in the control panel but it is still attached to both my chrome and mozilla webpage's toolbar. everything has started to run slower and i get messages that something is trying to change the webpage, etc.

I ran the HJT file. It's attached.

Thanks for any help.

Attached Files

hijackthis.log (15.7 KB)

↧

Need help clearing computer of malware

September 1, 2013, 8:36 pm

≫ Next: Rootkit Infection - 0Access

≪ Previous: Problem with app bario malware

A few days ago, Malwarebytes detected a Trojan on my computer. After deleting it, I rebooted and after logging in, was met with a black screen (with the mouse). I then did a hard shutdown, booted it again, and everything seemed normal. However, I used Avast to perform another scan, and disovered that the Trojan was still there. I removed it, rebooted, and the issues seemed to be fixed.

But then, I discovered that there was no sound coming from either my headphones nor my speakers (laptop). Also, when using a browser (I tried both Chrome and Internet Explorer), Google would not load due to a problem with the security certificate not being trusted. This includes GMail. I checked out several things, none of which helped. I updated the audio drivers (Realtek) and checked the list of audio devices. The headphones aren't listed at all (not even under disabled devices), yet the speakers are (and are set as the default device). I also found that NO headphones/earbuds could be detected, and it isn't an issue with the hardware, plus the fact that Realtek detects them, but Windows doesn't ("No speakers or headphones are plugged in," error when hovering over what is normally the volume control).

I've experienced the sound issue once before (minus the Trojan), and I believe I just checked the computer again the next day to find that the problem was gone. I did a System Restore to about a week ago, to no avail.

Right now, I just want to make sure my computer is cleared of any malware before dealing with the sound and certificate issues. I'll create threads on those specific problems in their appropriate subforums once that's done.

Attached Files

	dds.txt (25.6 KB)
	attach.txt (25.1 KB)
	ark.txt (384.2 KB)
	hijackthis.log (17.6 KB)

↧

Rootkit Infection - 0Access

September 2, 2013, 9:17 am

≫ Next: malware/virus?

≪ Previous: Need help clearing computer of malware

Hi,
This on a WIN7 machine ( my son's )
I can only do anything while in Safe Mode.
I was able to run MalwareBytes, it found some things and deleted them, but it's still infected.
When I try to download in Safe Mode, whatever file I'm trying to download, says : such and such exe is infected and has been deleted.
When this first started I was able to bring TDDSKiller in from a USB drive, didn't help. I don't want to plug that thumb drive back into my clean computer to bring other apps over, without knowing if something has copied itself onto it from the infected pc ( too much thought into that? lol ).
So, any help would be appreciated.
ps I'm not against restoring this pc, I think we still have a restore disc, but not a full blown windows disc.
Thanks in advance

↧

malware/virus?

September 2, 2013, 9:53 am

≫ Next: Failed to Connect to a Windows Service

≪ Previous: Rootkit Infection - 0Access

hi i am not very tech minded and really need to get some help,switched on my laptop today and a pop up appeared called browserprotect.exe,i tried to uninstall but it wont let me,any help would be apppreciated thanks and sorry if my question seems dumb but like i say i am not very clued up,thanks

↧

Failed to Connect to a Windows Service

September 2, 2013, 10:23 am

≫ Next: Strange "Incorrect Password" event, trouble w/ HijackThis & GMER, etc = Big worries..

≪ Previous: malware/virus?

All of a sudden my computer is showing signs of a virus/malware and I do not know how to correct it. I have Windows 7 which takes a long time to boot now. Then when my desktop opens up I get an error bubble "Failed to Connect to a Windows Service." Lastly, while no programs are open, I all of a sudden hear audio of 2-3 different ads.

Please Help! :(

↧

Strange "Incorrect Password" event, trouble w/ HijackThis & GMER, etc = Big worries..

September 2, 2013, 11:40 am

≫ Next: muldrop trojan got me good.

≪ Previous: Failed to Connect to a Windows Service

Re-opened thread :)

The thread autocloses after 45 days of no replies, but me replying gets it to open up again ;)

Sounds like you've had a lot going on in your home life, and still ongoing, so reply here when you can :)

Also, as its been a while, can you post a new OTL log as follows and we'll go from there :)

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

If only the OTL log opens, and no Extra's, that's fine :)

eddie

↧

muldrop trojan got me good.

September 2, 2013, 12:20 pm

≫ Next: Laptop running really slow

≪ Previous: Strange "Incorrect Password" event, trouble w/ HijackThis & GMER, etc = Big worries..

Thanks for reporting back. :)

↧

Laptop running really slow

September 2, 2013, 12:56 pm

≫ Next: Error 0x80070424 (Windows defender)

≪ Previous: muldrop trojan got me good.

I just tried to see if I had any replies to my earlier post - I wasn't able to connect to my home network from my laptop. I don't know if this is related to my computer being so slow (there have been a few other times in the last few wks when the laptop had limited connectivity, or couldn't open a new page, or something like that.) Right now it says; "There might be a problem with the driver for the wireless Network Connection Adapter." I can still get online with my old desktop, which I think is hardwired to my Network Gateway (AT&T U-Verse.) If I continue to have trouble, I can probably call U-Verse & get them to help with network connection issues, but I just wanted to note it here - it reminded me I've had a few problems like this recently, so I didn't know if it could be connected. Thanks!

↧

Error 0x80070424 (Windows defender)

September 2, 2013, 3:28 pm

≫ Next: HighjackThis log very concerning

≪ Previous: Laptop running really slow

Hello DomeLara,

Judging by this thread's info and the others you have posted, your system may be infected. Let's take a look.

If the system is Vista/Windows7/8, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

A lot, but comprehensive, and will make sure we get a good view of everything.

↧

HighjackThis log very concerning

September 2, 2013, 3:32 pm

≫ Next: Virus attack

≪ Previous: Error 0x80070424 (Windows defender)

Welcome to TSG jbaileystudio,

I don't see anything amiss in your HijackThis log. I suspect your concerns are those many "(file missing)" entries. Those occur due to HijackThis relying on 32 bit systems, and you have a 64 bit system. But post back on what problems you think are showing in this log please. I'll go ahead and post the log here, so we can review it.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:08 PM, on 8/27/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Justin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jbaileystudio.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/search?pc=MASMJS...=%s&src=IE10TR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU"
O4 - Global Startup: DOW.lnk = C:\ProgramData\Samsung\DeleteOOBEWPP.exe
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: VPDAgent (Agent) - Two Pilots - C:\windows\VPDAgent_x64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\windows\system32\EscSvc64.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: IntelliMemory - Condusiv Technologies - C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe
O23 - Service: Neat Startup Service - The Neat Company - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12927 bytes

↧

Virus attack

September 2, 2013, 3:38 pm

≫ Next: false info given on swsetup

≪ Previous: HighjackThis log very concerning

Hello hfffoman,

Kinda jumped the gun and ran some removal scans there, which can change repair methods. I do see adware loading, so let's get a more detailed look, and then start some repairs.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

↧

false info given on swsetup

September 2, 2013, 3:41 pm

≫ Next: Superantispyware Real-time Protection and Trojan.Agent/Gen-FalComp.Process

≪ Previous: Virus attack

Welcome to TSG sumknut.

I suggest your friend register here at the TSG forum, and start their own request. That way a helper can work directly one on one with them.

↧

Superantispyware Real-time Protection and Trojan.Agent/Gen-FalComp.Process

September 2, 2013, 4:08 pm

≫ Next: Is Google Hacking My Computer?

≪ Previous: false info given on swsetup

Tim5755,
It's good you are on this site. Most help sites close out threads after 72 hours with no response.
I'm still with you.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)

In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

Code:

:Commands [CREATERESTOREPOINT] :OTL IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = http://isearch.babylon.com/?q={searchTerms}&affID=119351&babsrc=SP_ssbtis1&mntrId=C00E001676E0BF02 CHR - plugin: Wajam (Enabled) = C:\Documents and Settings\Tim Hall\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. [2013/08/16 21:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup [2009/03/31 18:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft :Files ipconfig /flushdns /c :Commands [EMPTYTEMP]
Then click the Run Fix button at the top.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply.
That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

-------------------------------------------------------------
AdwCleaner Download and Run

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
(Vista - W7 users: Right-click and select "Run As Administrator")
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
- If Cure is not offered as an option, choose Skip.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
(the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
Copy and paste the contents of that file in your next reply.

If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

Let me know how it goes.
If you are unable to perform the requested, please tell me.
askey127

↧

Is Google Hacking My Computer?

September 2, 2013, 4:37 pm

≫ Next: Personal Settings and Documents are not visible

≪ Previous: Superantispyware Real-time Protection and Trojan.Agent/Gen-FalComp.Process

I noticed with chrome in my task manager is that each tab has it's own entry, like having 7 chrome.exe running.

↧

Personal Settings and Documents are not visible

September 2, 2013, 4:56 pm

≫ Next: I have a virus that keeps shutting of my firewall protection

≪ Previous: Is Google Hacking My Computer?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-09-2013 04
Ran by ELK at 2013-09-02 19:53:54 Run:1
Running from C:\Documents and Settings\ELK.002\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{d033d670-b30c-955e-2209-514d9b374500}\ \ \???\{d033d670-b30c-955e-2209-514d9b374500}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files\Google\Desktop\Install\{d033d670-b30c-955e-2209-514d9b374500}
CMD: netsh winsock reset
*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
*etadpug => Service deleted successfully.
"C:\Program Files\Google\Desktop\Install\{d033d670-b30c-955e-2209-514d9b374500}" => File/Directory not found.

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog ====

↧

Latest Images