1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Search.nu virus won't go away =(

Discussion in 'Virus & Other Malware Removal' started by yellosnosid, Dec 28, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Hi
    So I have tried full scans from the following programs
    MalwareBytes (had to do 2 scans in "normal" so not safe mode to find things called Win 32 Toolbar)
    Did ESET,Bitdefender & Kaspersky full online scans
    Microsoft Safety Scanner
    SUPERantispyware scans (about 3 full scans,1scan found & deleted mainly tracking cookies but some other things with names I forget,sorry!)
    HouseCall Scan
    Went to each individual browser & deleted the toolbar,changed back my homepage,it worked but I had to do it twice for Chrome & when I open a new tab even in Safe mode I get the annoying search.nu on the new tabs

    All scans find nothing at the moment but it must still be there if a new tab opened in Safe Mode has that search.nu coming up
    My antivirus is AVG(used to have McAfee)
    I have Windows 7
    64bit
    Thanks in advance for any help!

    Log Files:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:20:43, on 28/12/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Marion\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110829125357.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Marion\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29A05272-79DB-4A28-9BF2-ECE5B87B5F70}: NameServer = 195.67.199.27 195.67.199.28
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C98AFA9A-4194-4279-AF1F-D4687BA24BAD}: NameServer = 195.67.199.27 195.67.199.28
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Tele2 Connect AT Service (CTATSvc) - Tele2 - C:\Program Files (x86)\Tele2 Connect\ATService.exe
    O23 - Service: Tele2 Connect Monitor (CTConnect) - Columbitech - C:\Program Files (x86)\Tele2 Connect\Connect.exe
    O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15871 bytes




    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Marion at 23:22:48 on 2012-12-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.3947.2950 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\helppane.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Marion\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110829125357.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Spotify Web Helper] "C:\Users\Marion\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 83.255.245.11 193.150.193.150
    TCP: Interfaces\{29A05272-79DB-4A28-9BF2-ECE5B87B5F70} : NameServer = 195.67.199.27 195.67.199.28
    TCP: Interfaces\{42BA6F8F-CBAA-4C63-9723-BC44ECE1B59A} : DHCPNameServer = 83.255.245.11 193.150.193.150
    TCP: Interfaces\{A279D623-E6BE-44D8-B8B9-A5EC6E3604DF} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A279D623-E6BE-44D8-B8B9-A5EC6E3604DF}\B49727B6F6B616E637C6965647D27457563747 : DHCPNameServer = 172.30.25.1
    TCP: Interfaces\{A279D623-E6BE-44D8-B8B9-A5EC6E3604DF}\C696E6B6379737 : DHCPNameServer = 130.244.127.161 130.244.127.169
    TCP: Interfaces\{C98AFA9A-4194-4279-AF1F-D4687BA24BAD} : NameServer = 195.67.199.27 195.67.199.28
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://acer.msn.com
    x64-mDefault_Page_URL = hxxp://acer.msn.com
    x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\MSKAPB~1.DLL
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20110829125359.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\es57jbpy.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ie/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-20 21:46; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-6 639216]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-6 281928]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 30568]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-1-6 75672]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-5-9 208272]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-5-9 158832]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-7-17 86016]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-5-9 77424]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-6 481376]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-5-9 22912]
    S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-5-9 20328]
    S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-5-9 62584]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-8-19 2399560]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 CTATSvc;Tele2 Connect AT Service;C:\Program Files (x86)\Tele2 Connect\ATService.exe [2010-3-16 574784]
    S2 CTConnect;Tele2 Connect Monitor;C:\Program Files (x86)\Tele2 Connect\Connect.exe [2010-3-16 1780544]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-8-19 229376]
    S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-9 352336]
    S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-6-16 873064]
    S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-5-19 255376]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 398184]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 682344]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
    S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
    S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-5-9 197960]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-15 257344]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-9 2656280]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
    S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-6 65128]
    S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-7-17 117248]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-7-17 13952]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-7-17 256000]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-9 317440]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-13 24176]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-6 227856]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-6 98728]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-9 326760]
    S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-15 1255736]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]
    S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-28 15:34:27 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E746CA7-AB3E-4DE9-A982-A154A849C2E2}\mpengine.dll
    2012-12-28 02:15:10 -------- d-----w- C:\Users\Marion\AppData\Local\Programs
    2012-12-27 22:25:38 -------- d-----w- C:\Users\Marion\AppData\Roaming\QuickScan
    2012-12-27 21:09:50 -------- d-----w- C:\Users\Marion\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-27 21:09:14 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-12-27 21:09:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-12-27 21:05:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2012-12-22 10:01:43 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-22 10:01:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-22 10:01:42 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-22 10:01:40 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-21 22:32:13 -------- d-----w- C:\Users\Marion\AppData\Local\{2FC86FC4-162B-4DC0-81F2-D4133982F526}
    2012-12-20 23:32:10 -------- d-----w- C:\ProgramData\Browser Manager
    2012-12-20 20:48:18 773968 ----a-w- C:\Windows\System32\msvcr100.dll
    2012-12-20 20:47:44 -------- d-----w- C:\ProgramData\Wincert
    2012-12-20 20:45:14 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-12-20 20:43:50 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar
    2012-12-14 12:49:38 -------- d-----w- C:\Users\Marion\AppData\Local\{DD05BFD6-F6E1-4445-A6D7-FC8B70F62950}
    2012-12-13 10:33:44 -------- d-----w- C:\Users\Marion\AppData\Local\{99F3EFE6-D33E-470F-B073-575B90158C86}
    2012-12-12 07:38:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 07:38:45 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-12 07:36:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-12-11 15:27:48 -------- d-----w- C:\Users\Marion\AppData\Local\{49B83808-0BE8-4E90-8248-DD06EC74B4A6}
    2012-12-07 14:59:56 -------- d-----w- C:\Users\Marion\AppData\Local\{BF42A35F-408E-46C2-9F17-0F7A973EC1B7}
    2012-12-07 02:59:07 -------- d-----w- C:\Users\Marion\AppData\Local\{08EE889D-B716-442B-889A-4C94A5942037}
    2012-12-06 07:09:21 -------- d-----w- C:\Users\Marion\AppData\Local\{954C7967-36DB-4C7C-8278-CA9362912A36}
    2012-12-03 10:46:07 -------- d-----w- C:\Users\Marion\AppData\Local\{89CB498C-A6FE-43D2-8716-0B5EC86F2DCF}
    2012-12-02 03:35:34 -------- d-----w- C:\Users\Marion\AppData\Local\{6F1B1215-B940-4290-A4F4-D3DADA94F1A1}
    2012-11-30 14:20:36 -------- d-----w- C:\Users\Marion\AppData\Local\{FB3E49B7-E639-4EE0-8EFD-B4CDC7EC4CDD}
    2012-11-29 08:51:07 -------- d-----w- C:\Users\Marion\AppData\Local\{822D5D51-1E0C-4186-8273-F90695E9A855}
    .
    ==================== Find3M ====================
    .
    2012-12-14 15:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-12 14:17:51 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 14:17:51 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-17 04:40:51 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-17 04:40:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-17 04:40:32 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 17:48:33 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-14 08:00:27 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-10-14 08:00:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    .
    ============= FINISH: 23:24:19.37 ===============
     
  2. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    My computer will no longer let me access the desktop after I put it in hybernate,started it up & it goes into system recovery.I press F8 & tried almost all options except for putting it back to factory settings.It says startup repair could not detect a problem,your computer was unable to start.startup repair could not repair this computer automatically.Will I loose all my files? Can this be fixed or do I have to go to a repair shop?
    Thanks in advance
     
  3. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
      services.exe
    • now press the search button
    • when the search is complete, search.txt will also be written to your USB
    • type exit and reboot the computer normally
    • please copy and paste both logs in your reply.(FRST.txt and Search.txt)
     
  4. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Thank you very much for your reply,I have a few questions
    1)Do logs reveal personal information stored on my computer,as I'm not really at ease with posting them where anybody can access them.
    2) Can the virus transfer & infect my memory stick? what are the chances of it happening...
    I was unable to do a system restore when I was in the advanced boot options as it says there are no restore points,will it be possible to get some of my files back?
    I cannot save the farbar tool as the library computers won't allow me to but will try another computer asap
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    it may reveal your user name if you have set up your computer with your real name, but you can edit that name out before posting if you wish. It doesn't reveal passwords or serial numbers, just the files and programs on your computer which are usually very generic.
    some infections have the capabilities of doing this, but all you are doing is copying text files back and forth that I have asked you to run, so unless you transfer an infected file to the USB, it shouldn't get infected, you can use a utility to protect the USB


    Panda USB drive vaccination

    Download Panda USB Drive Vaccine from here and save it to your desktop.
    Double click the file to run it making sure your USB is already inserted.

    I am hoping to restore your computer with the FRST tool so that it will be fully functional again, obviously I can't guarantee that I can do that as I don't know what is causing this issue at the moment. If we cannot restore the computer, there are many rescue disks out there linux/ubuntu based that will allow access to your files so that you can copy them off the machine

    ok good
     
  6. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Super thanks =D,I 'll get panda when I use another computer
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
  8. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
    Ran by SYSTEM at 12-01-2013 20:29:14
    Running from G:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2186856 2011-01-09] (Realtek Semiconductor)
    HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
    HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-27] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-17] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-17] (Egis Technology Inc.)
    HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-09] ()
    HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-03] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
    HKU\Username\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Username\...\Run: [Spotify Web Helper] "C:\Users\Username\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-24] (Spotify Ltd)
    HKU\Username\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
    Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150
    Tcpip\..\Interfaces\{29A05272-79DB-4A28-9BF2-ECE5B87B5F70}: [NameServer]195.67.199.27 195.67.199.28
    Tcpip\..\Interfaces\{C98AFA9A-4194-4279-AF1F-D4687BA24BAD}: [NameServer]195.67.199.27 195.67.199.28
    ==================== Services (Whitelisted) ===================
    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
    2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2399560 2011-08-18] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
    2 CTATSvc; "C:\Program Files (x86)\Tele2 Connect\ATService.exe" [574784 2010-03-16] (Tele2)
    2 CTConnect; "C:\Program Files (x86)\Tele2 Connect\Connect.exe" [1780544 2010-03-16] (Columbitech)
    2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [197960 2011-03-13] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208272 2011-03-13] (McAfee, Inc.)
    2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [158832 2011-03-13] (McAfee, Inc.)
    2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    4 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-09] ()
    ==================== Drivers (Whitelisted) =====================
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-09] (AVG Technologies)
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
    1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [x]
    3 mfeavfk01; [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2013-01-12 20:06 - 2013-01-12 20:06 - 00000000 ____D C:\FRST
    2012-12-28 16:01 - 2012-12-28 16:22 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2012-12-28 14:24 - 2012-12-28 14:24 - 00027405 ____A C:\Users\Username\Desktop\dds.txt
    2012-12-28 14:24 - 2012-12-28 14:24 - 00013899 ____A C:\Users\Username\Desktop\attach.txt
    2012-12-28 14:20 - 2012-12-28 14:46 - 00016094 ____A C:\Users\Username\Desktop\hijackthis.log
    2012-12-28 14:18 - 2012-12-28 14:18 - 00688992 ____R (Swearware) C:\Users\Username\Desktop\dds.scr
    2012-12-28 14:17 - 2012-12-28 14:17 - 00388608 ____A (Trend Micro Inc.) C:\Users\Username\Desktop\HijackThis.exe
    2012-12-28 13:33 - 2012-12-28 13:33 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Username\Downloads\revosetup.exe
    2012-12-28 12:17 - 2012-12-28 12:17 - 00847609 ____A C:\Users\Username\AppData\Local\census.cache
    2012-12-28 12:16 - 2012-12-28 12:16 - 00108667 ____A C:\Users\Username\AppData\Local\ars.cache
    2012-12-28 12:02 - 2012-12-28 12:02 - 00000036 ____A C:\Users\Username\AppData\Local\housecall.guid.cache
    2012-12-28 12:01 - 2012-12-28 12:02 - 02406064 ____A (Trend Micro Inc.) C:\Users\Username\Downloads\HousecallLauncher64.exe
    2012-12-28 11:37 - 2012-12-28 11:39 - 05014093 ____A (Swearware) C:\Users\Username\Downloads\ComboFix.exe
    2012-12-27 18:14 - 2012-12-27 18:15 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Username\Downloads\mbam-setup-1.70.0.1100.exe
    2012-12-27 15:36 - 2012-12-27 15:38 - 81364032 ____A (Microsoft Corporation) C:\Users\Username\Downloads\msert.exe
    2012-12-27 14:25 - 2012-12-27 14:27 - 00000000 ____D C:\Users\Username\AppData\Roaming\QuickScan
    2012-12-27 13:09 - 2012-12-27 13:09 - 00001812 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-12-27 13:09 - 2012-12-27 13:09 - 00000000 ____D C:\Users\Username\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-27 13:09 - 2012-12-27 13:09 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-12-27 13:09 - 2012-12-27 13:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-12-27 13:06 - 2012-12-27 13:06 - 22877440 ____A (SUPERAntiSpyware.com) C:\Users\Username\Downloads\SUPERAntiSpyware.exe
    2012-12-27 13:05 - 2012-12-27 13:05 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-12-27 12:48 - 2012-12-27 12:48 - 00002120 ____A C:\scu.dat
    2012-12-27 12:35 - 2012-12-27 12:38 - 149807200 ____A C:\Users\Username\Downloads\setup_11.0.0.1245.x01_2012_12_27_23_16.exe
    2012-12-22 02:01 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-22 02:01 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-22 02:01 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-22 02:01 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-21 14:32 - 2012-12-23 15:07 - 00000000 ____D C:\Users\Username\AppData\Local\{2FC86FC4-162B-4DC0-81F2-D4133982F526}
    2012-12-20 15:32 - 2012-12-20 15:32 - 00000000 ____D C:\Users\All Users\Browser Manager
    2012-12-20 12:48 - 2012-06-27 11:26 - 00773968 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
    2012-12-20 12:47 - 2012-12-25 13:12 - 00000000 ____D C:\Users\All Users\Wincert
    2012-12-20 12:45 - 2012-12-24 03:25 - 00000000 ____D C:\Users\All Users\boost_interprocess
    2012-12-20 12:43 - 2012-12-25 13:11 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
    2012-12-20 12:38 - 2012-12-20 12:39 - 00000041 ____A C:\Users\Username\AppData\Roaming\mbam.context.scan
    2012-12-14 04:49 - 2012-12-14 04:50 - 00000000 ____D C:\Users\Username\AppData\Local\{DD05BFD6-F6E1-4445-A6D7-FC8B70F62950}
    2012-12-13 02:33 - 2012-12-13 02:34 - 00000000 ____D C:\Users\Username\AppData\Local\{99F3EFE6-D33E-470F-B073-575B90158C86}
    ==================== One Month Modified Files and Folders =======
    2013-01-12 20:06 - 2013-01-12 20:06 - 00000000 ____D C:\FRST
    2012-12-28 17:01 - 2011-08-24 18:46 - 00000994 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-12-28 16:22 - 2012-12-28 16:01 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2012-12-28 16:17 - 2012-04-12 13:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-12-28 15:05 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-28 15:05 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-28 15:02 - 2011-06-15 19:08 - 01833144 ____A C:\Windows\WindowsUpdate.log
    2012-12-28 15:00 - 2011-07-12 09:48 - 00000000 ____D C:\Users\All Users\clear.fi
    2012-12-28 14:59 - 2011-08-24 18:46 - 00000990 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-12-28 14:58 - 2011-09-15 15:30 - 00042856 ____A C:\Windows\setupact.log
    2012-12-28 14:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-28 14:46 - 2012-12-28 14:20 - 00016094 ____A C:\Users\Username\Desktop\hijackthis.log
    2012-12-28 14:24 - 2012-12-28 14:24 - 00027405 ____A C:\Users\Username\Desktop\dds.txt
    2012-12-28 14:24 - 2012-12-28 14:24 - 00013899 ____A C:\Users\Username\Desktop\attach.txt
    2012-12-28 14:18 - 2012-12-28 14:18 - 00688992 ____R (Swearware) C:\Users\Username\Desktop\dds.scr
    2012-12-28 14:17 - 2012-12-28 14:17 - 00388608 ____A (Trend Micro Inc.) C:\Users\Username\Desktop\HijackThis.exe
    2012-12-28 13:33 - 2012-12-28 13:33 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Username\Downloads\revosetup.exe
    2012-12-28 12:17 - 2012-12-28 12:17 - 00847609 ____A C:\Users\Username\AppData\Local\census.cache
    2012-12-28 12:16 - 2012-12-28 12:16 - 00108667 ____A C:\Users\Username\AppData\Local\ars.cache
    2012-12-28 12:02 - 2012-12-28 12:02 - 00000036 ____A C:\Users\Username\AppData\Local\housecall.guid.cache
    2012-12-28 12:02 - 2012-12-28 12:01 - 02406064 ____A (Trend Micro Inc.) C:\Users\Username\Downloads\HousecallLauncher64.exe
    2012-12-28 11:39 - 2012-12-28 11:37 - 05014093 ____A (Swearware) C:\Users\Username\Downloads\ComboFix.exe
    2012-12-28 08:49 - 2011-09-10 14:23 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-12-28 08:49 - 2011-09-10 14:17 - 00000000 ____D C:\Users\All Users\MFAData
    2012-12-27 20:08 - 2011-09-24 08:16 - 00159326 ____A C:\Windows\PFRO.log
    2012-12-27 20:08 - 2011-07-13 12:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-27 19:43 - 2011-09-24 08:29 - 10000014 ____A C:\ATsvcLog.txt.old
    2012-12-27 18:23 - 2011-12-28 13:30 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-12-27 18:15 - 2012-12-27 18:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Username\Downloads\mbam-setup-1.70.0.1100.exe
    2012-12-27 15:38 - 2012-12-27 15:36 - 81364032 ____A (Microsoft Corporation) C:\Users\Username\Downloads\msert.exe
    2012-12-27 14:27 - 2012-12-27 14:25 - 00000000 ____D C:\Users\Username\AppData\Roaming\QuickScan
    2012-12-27 13:09 - 2012-12-27 13:09 - 00001812 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-12-27 13:09 - 2012-12-27 13:09 - 00000000 ____D C:\Users\Username\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-27 13:09 - 2012-12-27 13:09 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-12-27 13:09 - 2012-12-27 13:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-12-27 13:06 - 2012-12-27 13:06 - 22877440 ____A (SUPERAntiSpyware.com) C:\Users\Username\Downloads\SUPERAntiSpyware.exe
    2012-12-27 13:05 - 2012-12-27 13:05 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-12-27 12:48 - 2012-12-27 12:48 - 00002120 ____A C:\scu.dat
    2012-12-27 12:38 - 2012-12-27 12:35 - 149807200 ____A C:\Users\Username\Downloads\setup_11.0.0.1245.x01_2012_12_27_23_16.exe
    2012-12-25 13:12 - 2012-12-20 12:47 - 00000000 ____D C:\Users\All Users\Wincert
    2012-12-25 13:11 - 2012-12-20 12:43 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
    2012-12-25 03:37 - 2012-05-20 08:04 - 00000000 ____D C:\Users\Username\AppData\Local\Spotify
    2012-12-25 03:37 - 2012-05-20 08:03 - 00000000 ____D C:\Users\Username\AppData\Roaming\Spotify
    2012-12-24 03:25 - 2012-12-20 12:45 - 00000000 ____D C:\Users\All Users\boost_interprocess
    2012-12-23 17:18 - 2009-07-13 20:45 - 00288712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-23 17:12 - 2011-08-30 00:38 - 00000000 ____D C:\Users\Username\AppData\Roaming\SoftGrid Client
    2012-12-23 15:07 - 2012-12-21 14:32 - 00000000 ____D C:\Users\Username\AppData\Local\{2FC86FC4-162B-4DC0-81F2-D4133982F526}
    2012-12-20 15:32 - 2012-12-20 15:32 - 00000000 ____D C:\Users\All Users\Browser Manager
    2012-12-20 12:39 - 2012-12-20 12:38 - 00000041 ____A C:\Users\Username\AppData\Roaming\mbam.context.scan
    2012-12-18 11:01 - 2011-07-13 07:01 - 00000000 ____D C:\Users\Username\AppData\Roaming\Skype
    2012-12-16 09:11 - 2012-12-22 02:01 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 06:45 - 2012-12-22 02:01 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 06:13 - 2012-12-22 02:01 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-16 06:13 - 2012-12-22 02:01 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-14 07:49 - 2011-07-13 12:51 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-14 04:50 - 2012-12-14 04:49 - 00000000 ____D C:\Users\Username\AppData\Local\{DD05BFD6-F6E1-4445-A6D7-FC8B70F62950}
    2012-12-13 23:52 - 2011-08-24 18:47 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-12-13 02:34 - 2012-12-13 02:33 - 00000000 ____D C:\Users\Username\AppData\Local\{99F3EFE6-D33E-470F-B073-575B90158C86}
    2012-12-13 00:26 - 2009-07-13 21:08 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 20%
    Total physical RAM: 3946.73 MB
    Available physical RAM: 3145.13 MB
    Total Pagefile: 3944.93 MB
    Available Pagefile: 3217.3 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:362.15 GB) NTFS
    2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.43 GB) NTFS
    4 Drive g: () (Removable) (Total:29.8 GB) (Free:29.75 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 29 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 15 GB 1024 KB
    Partition 2 Primary 100 MB 15 GB
    Partition 3 Primary 450 GB 15 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Acer NTFS Partition 450 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 29 GB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 29 GB Healthy
    =========================================================
    Last Boot: 2012-12-25 07:25
    ==================== End Of Log =============================
     
  9. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Farbar Recovery Scan Tool (x64) Version: 09-01-2013
    Ran by SYSTEM at 2013-01-12 20:12:02
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======



    How can I edit/remove my 1st post?
    Thanks =D
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    you will need to make a request to an Admin to edit the first post


    Please run the following:

    Refer to the ComboFix User's Guide

    1. Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  11. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Thanks for your speedy reply =)
    I think my computer when I start it will be like the other times where it goes into startup repair & I don't know how to get CFix on the desktop when it is in this limited mode.I don't think I will be able to access System Tray icon either .I haven't turned it back on since I ran the last tool you asked for...I will check & let you know what it does.But I have saved CFix onto a memory stick (without saving it to the desktop 1st)


    How do I make a request to an Admin ?
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    are you able to send a PM to Cookiegal?

    ComboFix should run from the USB stick
     
  13. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Done,thanks.

    I'll try to run it from the USB like I ran the other scan from but I'm still unsure about how I'll manage to disble AV & Anti Spyware because my computer is still automatically going into startup repair when turned on.
     
  14. yellosnosid

    yellosnosid Thread Starter

    Joined:
    Dec 28, 2012
    Messages:
    106
    Cookiegal said

    "If you continue to edit your posts then CatByte will not be able to post fixes for you to run."
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    ok, I thought it was something in particular that you wanted to remove from the first post?

    Editing posts does make it more difficult for me

    Were you able to run ComboFix from the USB?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082784

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice