Aero

Thanks for checking it. I don't have any symptoms, I just wanted to be as sure as possible that it was all gone.

Hi, thanks for checking it Tarun. I don't use or have Chrome. I use Firefox and never got rid of IE so its there too. Both I think had some wierd toolbar that seemed to be called chromium when this happened. This is the Malwarebytes log from my first pass after the download but after I had removed a couple of things from add/remove programms. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/25/17 Scan Time: 1:19 AM Log File: b11b46a4-d17e-11e7-9041-60a44c2f86e5.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3341 License: Expired -System Information- OS: Windows 10 (Build 15063.726) CPU: x64 File System: NTFS User: Aeronwen\Aeronwen Trewent -Scan Summary- Scan Type: Threat Scan Result: Cancelled Objects Scanned: 253156 Threats Detected: 44 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341 Module: 3 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341 Registry Key: 8 PUP.Optional.InstallCore, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\csastats, No Action By User, [2], [260986],1.0.3341 PUP.Optional.ProductSetup, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\PRODUCTSETUP, No Action By User, [14411], [242047],1.0.3341 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D60D4EBA-B59D-4E76-8E5E-1BBD07E61AFD}, No Action By User, [633], [389376],1.0.3341 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, No Action By User, [633], [389375],1.0.3341 PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP, No Action By User, [633], [390139],1.0.3341 PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ByteFenceService, No Action By User, [633], [388726],1.0.3341 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F2D11A11-A251-CB91-13D1-BB11C3516891}, No Action By User, [63], [302717],1.0.3341 PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, No Action By User, [633], [389016],1.0.3341 Registry Value: 4 PUP.Optional.NotChromeRun, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_DF1187B4E295A26B95BED35F84067766, No Action By User, [1411], [241243],1.0.3341 PUP.Optional.ProductSetup, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14411], [242047],1.0.3341 PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D60D4EBA-B59D-4E76-8E5E-1BBD07E61AFD}|PATH, No Action By User, [633], [389376],1.0.3341 PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP|IMAGEPATH, No Action By User, [633], [390139],1.0.3341 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\{46447018-62EC-1CA0-0F74-39482B1CC5D0}, No Action By User, [63], [302717],1.0.3341 File: 24 PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, No Action By User, [633], [388721],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341 PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\chromium-min.jpg, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\control panel-min-min.JPG, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\down.png, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\ff menu.JPG, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\ff search engine-min.png, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\hp-min ff.png, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\hp-min ie.png, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\search engine.gif, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\setup pages.gif, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\sp-min.png, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\start-min.jpg, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\up.png, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\denifi, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\nosotoc, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\uninst.exe, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\uninstp.dat, No Action By User, [63], [302717],1.0.3341 PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1CM8J6Q3.DEFAULT-1510736047067\PREFS.JS, No Action By User, [63], [303324],1.0.3341 PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1CM8J6Q3.DEFAULT-1510736047067\SEARCHPLUGINS\YAHOO! POWERED.XML, No Action By User, [63], [302726],1.0.3341 PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341 PUP.Optional.ByteFence, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\TEMP\TMPSEC9639918\BYTEFENCE-INSTALLER_3.16.0.EXE, No Action By User, [633], [389016],1.0.3341 Physical Sector: 0 (No malicious items detected) (end) *** and this is the one arfter I run though the AMT *** Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/25/17 Scan Time: 9:49 AM Log File: e6820836-d1c5-11e7-8ee1-60a44c2f86e5.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3342 License: Expired -System Information- OS: Windows 10 (Build 15063.729) CPU: x64 File System: NTFS User: Aeronwen\Aeronwen Trewent -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 1162644 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 4 hr, 24 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

Hi Tarun, Not sure if I should title this log 1 or 2 since you helped me 3 years ago. This time I was a little unwary when installing a frree video converer and missed the custom install and had a couple of things I didnt want installed. I know one was chromium which showed up in Firefox but I am not sure what the other was. I removed chromium via add/remove programs and went through the AMT as much as I could. Both Malwarebytes and Superantuspyware removed stuff. Am I clean now? ... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:45:48, on 25/11/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0608) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe C:\Program Files (x86)\Thunder Master\THPanel.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe C:\Users\Aeronwen Trewent\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Aeronwen Trewent\Desktop\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series" O4 - HKCU\..\Run: [BingSvc] C:\Users\Aeronwen Trewent\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [Discord] C:\Users\Aeronwen Trewent\AppData\Local\Discord\app-0.0.298\Discord.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-610 Series" O4 - HKCU\..\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A O4 - HKCU\..\Run: [Chromium] "c:\users\aeronwen trewent\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: Curse.lnk = Aeronwen Trewent\AppData\Roaming\Curse Client\Bin\Curse.exe O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12044 bytes

Tarun, could you assume I am an idiot and have no idea what that means and tell me what to do?

Tarun, thanks very much for checking it out. I thought I was using microsoft security essentials, so now I am confused. I didn't make notes on the instructions but I will try to go through it again soon. But if I could pretty much work it out there can't be much wrong ^^

Hi Some programs on my pc are not working for me. I tend to think my fatal error was installing win 8.1 but I just wanted to check it was nothing obvious here. I went through the steps in the AMT to the best of my ability (the instructions didn't always seem to match up with what I was seeing). Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:07:50, on 07/04/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:Program Files (x86)ASUSAI Suite IIDIGI+ VRMPowerControlHelp.exe C:Program Files (x86)ASUSAI Suite IIAsRoutineController.exe C:Program Files (x86)EPSONMyEPSON Connectmep.exe C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe C:Program Files (x86)mIRCmirc.exe C:Program Files (x86)SteamSteam.exe C:Program Files (x86)ASUSAI Suite IITurboV EVOTurboVHelp.exe C:Program Files (x86)ASUSAI Suite IINetwork iControlNetSvcHelpNetSvcHelp.exe C:Program Files (x86)ASUSAI Suite IINetwork iControlNetSvcHelpNetiCtrlTray.exe C:Program Files (x86)ASUSAI Suite IIEPUEPUHelp.exe C:Program Files (x86)ASUSAI Suite IIAI Suite II.exe C:Program Files (x86)EPSON SoftwareEvent ManagerEEventManager.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)GoogleChromeApplicationchrome.exe C:Program Files (x86)ASUSAI Suite IISensorAlertHelperAlertHelper.exe C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe C:UsersAeronwenDesktopDownloadHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Preserve R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:Tabs R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe" O4 - HKLM..Run: [Adobe Creative Cloud] "C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM..Run: [KeePass 2 PreLoad] "C:Program Files (x86)KeePass Password Safe 2KeePass.exe" --preload O4 - HKLM..Run: [EEventManager] "C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe" O4 - HKCU..Run: [steam] "C:Program Files (x86)Steamsteam.exe" -silent O4 - HKCU..Run: [EPLTargetP0000000000000001] C:WINDOWSsystem32spoolDRIVERSx643E_IATILQE.EXE /EPT "EPLTargetP0000000000000001" /M "XP-610 Series" /EF "HKCU" O4 - HKCU..Run: [skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun O4 - Startup: Dropbox.lnk = AeronwenAppDataRoamingDropboxbinDropbox.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller18.0.5ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL O20 - AppInit_DLLs: d3dgearload.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WINDOWSSysWOW64MacromedFlashFlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WINDOWSSystem32alg.exe (file missing) O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:Program Files (x86)ASUSAXSP1.00.19atkexComSvc.exe O23 - Service: ASGT - Unknown owner - C:WindowsSysWOW64ASGT.exe O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:Program Files (x86)ASUSAAHM1.00.20aaHMSvc.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:Program Files (x86)ASUSAsSysCtrlService1.00.13AsSysCtrlService.exe O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:Program Files (x86)ASUSAsusFanControlService1.01.10AsusFanControlService.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:WINDOWSsystem32EasyAntiCheat.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WINDOWSSystem32lsass.exe (file missing) O23 - Service: Epson Sc r Service (EpsonScanSvc) - Unknown owner - C:WINDOWSsystem32EscSvc64.exe (file missing) O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:WINDOWSsystem32fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:Program Files (x86)IntelIntel® Integrated Clock Controller ServiceICCProxy.exe O23 - Service: @%SystemRoot%system32ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:WINDOWSsystem32IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WINDOWSSystem32msdtc.exe (file missing) O23 - Service: MyEPSON Connect Service - SEIKO EPSON CORPORATION - C:Program Files (x86)EPSONMyEPSON ConnectmepService.exe O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:WINDOWSsystem32nvvsvc.exe (file missing) O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:WINDOWSsystem32locator.exe (file missing) O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WINDOWSSystem32snmptrap.exe (file missing) O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WINDOWSSystem32spoolsv.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:WINDOWSsystem32sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:WINDOWSsystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WINDOWSSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:WINDOWSsystem32vssvc.exe (file missing) O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater18.0.5ToolbarUpdater.exe O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:WINDOWSsystem32wbengine.exe (file missing) O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:Program Files (x86)Windows DefenderNisSrv.exe (file missing) O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:Program Files (x86)Windows DefenderMsMpEng.exe (file missing) O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:WINDOWSsystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) -- End of file - 11362 bytes

well thanks for all the help. Everything seems to be going smoothly now :dribble:

No, and it has not happened for the past 2 days now. Have we solved it? any idea how? James, it is definately a MBAM error when I try to see a log file, I would show you but I dont know how :(

OK I worked out what AMT is and have done that - will leave it running over night. edit: it ran, and did not find anything but I cannot see the log, I have the same error as before (error at line 1. Line txt: Malwarebytes’ Antimalware 1.46 Error: this line does not contain a recognised action) no idea as it happens I do know how to get into safe mode - but I have no idea what to do when I am there...

I don't know how to create a new SR but I will work on it - may take me some time... I hate to sound all girly but could you be a little more specific, I have no idea what this means. edit - I found this, I hope it was right... http://www.lockergnome.com/windows/2005/04/12/delete-system-restore-points-to-free-disk-space/ Yes, when I click update I get an error message, I thought I would try to deal with that later. umm no, but I have asked someone to show me how to get all photos on to disk. I have lost everything before, and this is very worrying.

TY again for the help. I am still having problems at start-up and just after, my pc freezes and nothing can be done. After about 3 reboots it works ok. I now know I have 2.50 GB RAM ? I followed the instructions to re-enable Microsoft update. Assuming SAS is SUPERAntiSpyware and MBAM is Malwarebytes…. I ran SAS again and it found 19 tracking cookies and 2 trojans – the same as before, I think. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/14/2010 at 10:02 AM Application Version : 4.42.1000 Core Rules Database Version : 5463 Trace Rules Database Version: 3275 Scan type : Complete Scan Total Scan Time : 01:35:09 Memory items scanned : 527 Memory threats detected : 0 Registry items scanned : 7850 Registry threats detected : 0 File items scanned : 49443 File threats detected : 21 Adware.Tracking Cookie gw.callingbanners.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ] ia.media-imdb.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ] stat.easydate.biz [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ] C:\Documents and Settings\Sam\Cookies\Sam@adserver.adtechus[1].txt C:\Documents and Settings\Sam\Cookies\Sam@adserver.mmoguru[1].txt C:\Documents and Settings\Sam\Cookies\Sam@advertising[2].txt atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] cdn.insights.gravity.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] cdn5.specificclick.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] m.uk.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] m1.emea.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] media.disneyinternational.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] media1.clubpenguin.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] s0.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] secure-us.imrworldwide.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] spe.atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] static.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] track.omguk.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ] C:\Documents and Settings\Julia\Cookies\Julia@marketlive.122.2o7[1].txt Trojan.Agent/Gen-FakeAlert C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165513.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165514.EXE Then I ran Malwarebytes, it ran for 2 hours and found nothing but when I tried to look at the log I got an error (error at line 1. Line txt Malwarebytes’ Antimalware 1.44. Err this line does not sontain a recognised action)

TY for the answers I am running XP, I have no idea how much RAM. I couldn't open task manager or do anything when the PC hung this morning. So I went ahead and did the work around anyway (After 3 reboots) I have a few questions that may seem silly, but I don't know.... As I have 4 users on the PC I don't have to do it for each user account do I? Why did you say you do not use windows live, how does that affect this? I use hotmail for some emails, I think that is related to windows live? Tarun, ty I will get to that after seeing what the above does to the PC

TY for looking at it oh umm, yes they did but I didn't think to make notes. I just clicked 'fix the problem'. it was not many, there were 10 very similar things listed as a possible trojan and in another program 2 things that I looked up on the net that seemed to be regarded as false positives, but i got rid of them anyway. I went to add/remove programs and uninstalled the google toolbar....I think I have done this before and it comes back. I did not find anything called windows live toolbar, so i randomly removed windows live stuff and it seems to have gone. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:37:52, on 9/9/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dlbucoms.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\O2\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe c:\WINDOWS\system32\ZuneBusEnum.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.broadband.o2.co.uk O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- End of file - 7629 bytes

Hi, I am totally non-technical but have done my best to follow the PC cleanup. Other people have access to my PC, 2 irresponsible teenagers and someone a lot more technical than me. Lately my PC has been taking forever to start-up and it sometimes hangs at startup (I just reboot until it works) slighly weird things have been happening, like dialling tones (I do not think I have a modem, am not even sure if it os relevant) Is there anything obviously wrong with this? TY in advance for looking at it Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:17:27, on 9/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\dlbucoms.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\O2\bin\sprtsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe c:\WINDOWS\system32\ZuneBusEnum.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.broadband.o2.co.uk O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- End of file - 8310 bytes

Hi, I have been an occasional lurker on these forums ever since I took advice from Tarun over on GWguru, I have finally overcome my fear here caused by not understanding anything anyone says by being terrified of something stranger than usual happening on my pc ^^ Oh and great smilies :fish: