Jump to content

Aero

Member
  • Posts

    15
  • Joined

  • Last visited

Posts posted by Aero

  1. Hi, thanks for checking it Tarun.

    I don't use or have Chrome. I use Firefox and never got rid of IE so its there too. Both I think had some wierd toolbar that seemed to be called chromium when this happened.

     

    This is the Malwarebytes log from my first pass after the download but after I had removed a couple of things from add/remove programms.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/25/17
    Scan Time: 1:19 AM
    Log File: b11b46a4-d17e-11e7-9041-60a44c2f86e5.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3341
    License: Expired

    -System Information-
    OS: Windows 10 (Build 15063.726)
    CPU: x64
    File System: NTFS
    User: Aeronwen\Aeronwen Trewent

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Cancelled
    Objects Scanned: 253156
    Threats Detected: 44
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 1 min, 57 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 3
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341

    Module: 3
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341

    Registry Key: 8
    PUP.Optional.InstallCore, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\csastats, No Action By User, [2], [260986],1.0.3341
    PUP.Optional.ProductSetup, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\PRODUCTSETUP, No Action By User, [14411], [242047],1.0.3341
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D60D4EBA-B59D-4E76-8E5E-1BBD07E61AFD}, No Action By User, [633], [389376],1.0.3341
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, No Action By User, [633], [389375],1.0.3341
    PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP, No Action By User, [633], [390139],1.0.3341
    PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ByteFenceService, No Action By User, [633], [388726],1.0.3341
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F2D11A11-A251-CB91-13D1-BB11C3516891}, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, No Action By User, [633], [389016],1.0.3341

    Registry Value: 4
    PUP.Optional.NotChromeRun, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_DF1187B4E295A26B95BED35F84067766, No Action By User, [1411], [241243],1.0.3341
    PUP.Optional.ProductSetup, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14411], [242047],1.0.3341
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D60D4EBA-B59D-4E76-8E5E-1BBD07E61AFD}|PATH, No Action By User, [633], [389376],1.0.3341
    PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP|IMAGEPATH, No Action By User, [633], [390139],1.0.3341

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 2
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\{46447018-62EC-1CA0-0F74-39482B1CC5D0}, No Action By User, [63], [302717],1.0.3341

    File: 24
    PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, No Action By User, [633], [388721],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341
    PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\chromium-min.jpg, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\control panel-min-min.JPG, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\down.png, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\ff menu.JPG, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\ff search engine-min.png, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\hp-min ff.png, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\hp-min ie.png, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\search engine.gif, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\setup pages.gif, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\sp-min.png, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\start-min.jpg, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\up.png, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\denifi, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\nosotoc, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\uninst.exe, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\uninstp.dat, No Action By User, [63], [302717],1.0.3341
    PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1CM8J6Q3.DEFAULT-1510736047067\PREFS.JS, No Action By User, [63], [303324],1.0.3341
    PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1CM8J6Q3.DEFAULT-1510736047067\SEARCHPLUGINS\YAHOO! POWERED.XML, No Action By User, [63], [302726],1.0.3341
    PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341
    PUP.Optional.ByteFence, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\TEMP\TMPSEC9639918\BYTEFENCE-INSTALLER_3.16.0.EXE, No Action By User, [633], [389016],1.0.3341

    Physical Sector: 0
    (No malicious items detected)


    (end)

     

    ***

    and this is the one arfter I run though the AMT

    ***

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/25/17
    Scan Time: 9:49 AM
    Log File: e6820836-d1c5-11e7-8ee1-60a44c2f86e5.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3342
    License: Expired

    -System Information-
    OS: Windows 10 (Build 15063.729)
    CPU: x64
    File System: NTFS
    User: Aeronwen\Aeronwen Trewent

    -Scan Summary-
    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 1162644
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 4 hr, 24 min, 47 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

  2. Hi Tarun,

    Not sure if I should title this log 1 or 2 since you helped me 3 years ago.

     

    This time I was a little unwary when installing a frree video converer and missed the custom install and had a couple of things I didnt want installed. I know one was chromium which showed up in Firefox but I am not sure what the other was.

    I removed chromium via add/remove programs and went through the AMT as much as I could. Both Malwarebytes and Superantuspyware removed stuff.  Am I clean now?

    ...

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:45:48, on 25/11/2017
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.15063.0608)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    C:\Program Files (x86)\Thunder Master\THPanel.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
    C:\Users\Aeronwen Trewent\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\Aeronwen Trewent\Desktop\Download\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
    O4 - HKCU\..\Run: [BingSvc] C:\Users\Aeronwen Trewent\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    O4 - HKCU\..\Run: [Discord] C:\Users\Aeronwen Trewent\AppData\Local\Discord\app-0.0.298\Discord.exe
    O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-610 Series"
    O4 - HKCU\..\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A
    O4 - HKCU\..\Run: [Chromium] "c:\users\aeronwen trewent\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
    O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
    O4 - Startup: Curse.lnk = Aeronwen Trewent\AppData\Roaming\Curse Client\Bin\Curse.exe
    O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe
    O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
    O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12044 bytes

     

     

     

  3. Tarun, could you assume I am an idiot and have no idea what that means and tell me what to do?

     

     

     

     

    The only issues with the PC Cleanup page is that it needs to be updated as many of the applications listed have had major version updates.

  4. Tarun, thanks very much for checking it out.

     

    I thought I was using microsoft security essentials, so now I am confused.

     

    I didn't make notes on the instructions but I will try to go through it again soon.  But if I could pretty much work it out there can't be much wrong ^^ 

  5. Hi

     

    Some programs on my pc are not working for me.  I tend to think my fatal error was installing win 8.1 but I just wanted to check it was nothing obvious here.

     

    I went through the steps in the AMT to the best of my ability (the instructions didn't always seem to match up with what I was seeing).

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:07:50, on 07/04/2014
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.16518)
    Boot mode: Normal
     
    Running processes:
    C:Program Files (x86)ASUSAI Suite IIDIGI+ VRMPowerControlHelp.exe
    C:Program Files (x86)ASUSAI Suite IIAsRoutineController.exe
    C:Program Files (x86)EPSONMyEPSON Connectmep.exe
    C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    C:Program Files (x86)mIRCmirc.exe
    C:Program Files (x86)SteamSteam.exe
    C:Program Files (x86)ASUSAI Suite IITurboV EVOTurboVHelp.exe
    C:Program Files (x86)ASUSAI Suite IINetwork iControlNetSvcHelpNetSvcHelp.exe
    C:Program Files (x86)ASUSAI Suite IINetwork iControlNetSvcHelpNetiCtrlTray.exe
    C:Program Files (x86)ASUSAI Suite IIEPUEPUHelp.exe
    C:Program Files (x86)ASUSAI Suite IIAI Suite II.exe
    C:Program Files (x86)EPSON SoftwareEvent ManagerEEventManager.exe
    C:Program Files (x86)GoogleChromeApplicationchrome.exe
    C:Program Files (x86)GoogleChromeApplicationchrome.exe
    C:Program Files (x86)GoogleChromeApplicationchrome.exe
    C:Program Files (x86)ASUSAI Suite IISensorAlertHelperAlertHelper.exe
    C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
    C:UsersAeronwenDesktopDownloadHijackThis.exe
     
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Preserve
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:Tabs
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = 
    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = 
    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
    R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
    O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
    O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"
    O4 - HKLM..Run: [Adobe Creative Cloud] "C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe" --showwindow=false --onOSstartup=true
    O4 - HKLM..Run: [KeePass 2 PreLoad] "C:Program Files (x86)KeePass Password Safe 2KeePass.exe" --preload
    O4 - HKLM..Run: [EEventManager] "C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe"
    O4 - HKCU..Run: [steam] "C:Program Files (x86)Steamsteam.exe" -silent
    O4 - HKCU..Run: [EPLTargetP0000000000000001] C:WINDOWSsystem32spoolDRIVERSx643E_IATILQE.EXE /EPT "EPLTargetP0000000000000001" /M "XP-610 Series" /EF "HKCU"
    O4 - HKCU..Run: [skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrun
    O4 - Startup: Dropbox.lnk = AeronwenAppDataRoamingDropboxbinDropbox.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller18.0.5ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
    O20 - AppInit_DLLs: d3dgearload.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WINDOWSSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WINDOWSSystem32alg.exe (file missing)
    O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:Program Files (x86)ASUSAXSP1.00.19atkexComSvc.exe
    O23 - Service: ASGT - Unknown owner - C:WindowsSysWOW64ASGT.exe
    O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:Program Files (x86)ASUSAAHM1.00.20aaHMSvc.exe
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:Program Files (x86)ASUSAsSysCtrlService1.00.13AsSysCtrlService.exe
    O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:Program Files (x86)ASUSAsusFanControlService1.01.10AsusFanControlService.exe
    O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:WINDOWSsystem32EasyAntiCheat.exe
    O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WINDOWSSystem32lsass.exe (file missing)
    O23 - Service: Epson Sc r Service (EpsonScanSvc) - Unknown owner - C:WINDOWSsystem32EscSvc64.exe (file missing)
    O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:WINDOWSsystem32fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:Program Files (x86)IntelIntel® Integrated Clock Controller ServiceICCProxy.exe
    O23 - Service: @%SystemRoot%system32ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:WINDOWSsystem32IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WINDOWSSystem32msdtc.exe (file missing)
    O23 - Service: MyEPSON Connect Service - SEIKO EPSON CORPORATION - C:Program Files (x86)EPSONMyEPSON ConnectmepService.exe
    O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:WINDOWSsystem32nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:WINDOWSsystem32locator.exe (file missing)
    O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
    O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WINDOWSSystem32snmptrap.exe (file missing)
    O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WINDOWSSystem32spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:WINDOWSsystem32sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:WINDOWSsystem32UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
    O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WINDOWSSystem32vds.exe (file missing)
    O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:WINDOWSsystem32vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater18.0.5ToolbarUpdater.exe
    O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:WINDOWSsystem32wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:Program Files (x86)Windows DefenderNisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:Program Files (x86)Windows DefenderMsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:WINDOWSsystem32wbemWmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
     
    --
    End of file - 11362 bytes
     
  6. Did you experience any of the mentioned symptoms booting into Safe Mode?

    No, and it has not happened for the past 2 days now. Have we solved it? any idea how?

    James, it is definately a MBAM error when I try to see a log file, I would show you but I dont know how :(

  7. For MBAM 1.46, use AMT to get it. :dribble:

    OK I worked out what AMT is and have done that - will leave it running over night.

    edit: it ran, and did not find anything but I cannot see the log, I have the same error as before

    (error at line 1. Line txt: Malwarebytes’ Antimalware 1.46 Error: this line does not contain a recognised action)

    I'm thinking there might be a hardware issue. Does this happen if you boot into Safe Mode?

    no idea

    as it happens I do know how to get into safe mode - but I have no idea what to do when I am there...

  8. You just have a trojan in your System Restore according to the SAS log. Create a new SR point

    I don't know how to create a new SR but I will work on it - may take me some time...

    and then clean out all but the most recent via cleanup in Tools tab for your hard drive.

    I hate to sound all girly but could you be a little more specific, I have no idea what this means.

    edit - I found this, I hope it was right...

    http://www.lockergnome.com/windows/2005/04/12/delete-system-restore-points-to-free-disk-space/

    Also, your MBAM is out of date according to that log. 1.46 is the latest.

    Yes, when I click update I get an error message, I thought I would try to deal with that later.

    Hmmmm. That doesn't sound healthy. Maybe we will have to look for another cause.

    Do you have a current backup of all importnat documents, photos etc. on your PC?

    .

    umm no, but I have asked someone to show me how to get all photos on to disk. I have lost everything before, and this is very worrying.

  9. TY again for the help.

    I am still having problems at start-up and just after, my pc freezes and nothing can be done. After about 3 reboots it works ok.

    I now know I have 2.50 GB RAM ?

    I followed the instructions to re-enable Microsoft update.

    Assuming SAS is SUPERAntiSpyware and MBAM is Malwarebytes….

    I ran SAS again and it found 19 tracking cookies and 2 trojans – the same as before, I think.

    SUPERAntiSpyware Scan Log

    http://www.superantispyware.com

    Generated 09/14/2010 at 10:02 AM

    Application Version : 4.42.1000

    Core Rules Database Version : 5463

    Trace Rules Database Version: 3275

    Scan type : Complete Scan

    Total Scan Time : 01:35:09

    Memory items scanned : 527

    Memory threats detected : 0

    Registry items scanned : 7850

    Registry threats detected : 0

    File items scanned : 49443

    File threats detected : 21

    Adware.Tracking Cookie

    gw.callingbanners.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ]

    ia.media-imdb.com [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ]

    stat.easydate.biz [ C:\Documents and Settings\Aero\Application Data\Macromedia\Flash Player\#SharedObjects\83YGJQDZ ]

    C:\Documents and Settings\Sam\Cookies\Sam@adserver.adtechus[1].txt

    C:\Documents and Settings\Sam\Cookies\Sam@adserver.mmoguru[1].txt

    C:\Documents and Settings\Sam\Cookies\Sam@advertising[2].txt

    atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    cdn.insights.gravity.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    cdn5.specificclick.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    m.uk.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    m1.emea.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    media.disneyinternational.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    media1.clubpenguin.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    s0.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    secure-us.imrworldwide.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    spe.atdmt.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    static.2mdn.net [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    track.omguk.com [ C:\Documents and Settings\Julia\Application Data\Macromedia\Flash Player\#SharedObjects\745HC893 ]

    C:\Documents and Settings\Julia\Cookies\Julia@marketlive.122.2o7[1].txt

    Trojan.Agent/Gen-FakeAlert

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165513.EXE

    C:\SYSTEM VOLUME INFORMATION\_RESTORE{09431BD9-6F52-467E-B8B7-0A61834E99D3}\RP618\A0165514.EXE

    Then I ran Malwarebytes, it ran for 2 hours and found nothing but when I tried to look at the log I got an error (error at line 1. Line txt Malwarebytes’ Antimalware 1.44. Err this line does not sontain a recognised action)

  10. TY for the answers

    The hanging at startup could be due to the auto-update bug we've been discussing on another thread. You're vulnerable to this if your computer is running Win XP, has 1 GB RAM or less, and you've opted in to Microsoft Update (Windows Update is the default update site for XP, if there's also a Microsoft Update link in your Start Menu, you have opted in to it).

    To confirm this is the problem, open the Task Manager while the computer is hanging (press Ctrl+Alt+Delete). See which processes have high CPU and Mem Usage; if wuauclt.exe and one svchost.exe are using all your resources, it's the update bug.

    For more information, see this thread. Discussion of this starts in post #10, a workaround is in post #13.

    I am running XP, I have no idea how much RAM. :P

    I couldn't open task manager or do anything when the PC hung this morning. So I went ahead and did the work around anyway (After 3 reboots)

    I have a few questions that may seem silly, but I don't know....

    As I have 4 users on the PC I don't have to do it for each user account do I?

    Why did you say you do not use windows live, how does that affect this? I use hotmail for some emails, I think that is related to windows live?

    Tarun, ty I will get to that after seeing what the above does to the PC

  11. TY for looking at it

    Did any of the anti-spyware programs find anything? At a glance I don't see anything malicious.

    oh umm, yes they did but I didn't think to make notes. I just clicked 'fix the problem'. it was not many, there were 10 very similar things listed as a possible trojan and in another program 2 things that I looked up on the net that seemed to be regarded as false positives, but i got rid of them anyway.

    You'll definitely want to uninstall any/all toolbars.

    I went to add/remove programs and uninstalled the google toolbar....I think I have done this before and it comes back.

    I did not find anything called windows live toolbar, so i randomly removed windows live stuff and it seems to have gone.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 08:37:52, on 9/9/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\dlbucoms.exe

    C:\WINDOWS\system32\FsUsbExService.Exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Program Files\O2\bin\sprtsvc.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\system32\svchost.exe

    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\WINDOWS\system32\SearchIndexer.exe

    c:\WINDOWS\system32\ZuneBusEnum.exe

    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O15 - Trusted Zone: http://*.broadband.o2.co.uk

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe

    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    --

    End of file - 7629 bytes

  12. Hi,

    I am totally non-technical :blink: but have done my best to follow the PC cleanup.

    Other people have access to my PC, 2 irresponsible teenagers and someone a lot more technical than me. Lately my PC has been taking forever to start-up and it sometimes hangs at startup :fish: (I just reboot until it works) slighly weird things have been happening, like dialling tones (I do not think I have a modem, am not even sure if it os relevant)

    Is there anything obviously wrong with this? :P

    TY in advance for looking at it

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 15:17:27, on 9/8/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\WINDOWS\system32\dlbucoms.exe

    C:\WINDOWS\system32\FsUsbExService.Exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Program Files\O2\bin\sprtsvc.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\system32\svchost.exe

    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\WINDOWS\system32\SearchIndexer.exe

    c:\WINDOWS\system32\ZuneBusEnum.exe

    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Aero\Desktop\Download\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O15 - Trusted Zone: http://*.broadband.o2.co.uk

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ukf01.airspan.com/CACHE/stc/1/binaries/vpnweb.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe

    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe

    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    --

    End of file - 8310 bytes

  13. Hi,

    I have been an occasional lurker on these forums ever since I took advice from Tarun over on GWguru,

    I have finally overcome my fear here caused by not understanding anything anyone says :P by being terrified of something stranger than usual happening on my pc :blink:^^

    Oh and great smilies :fish:

×
×
  • Create New...