Tech Problem Aggregator

# Infected with .scr & not sure if safe :(

Q: Infected with .scr & not sure if safe :(

Hi,

I recently was infected by .scr virus from csgolounge, where a user posted a link to a knife "screenshot". I then clicked on the link assuming it was safe and it downloaded a .scr & ran it. It then started to control my mouse and attempted to access my gmail accounts for steam, to trade off my skins. Luckily my gmail was protected and stopped the person (russian ofc) from accessing my account. It did however get my passwords (quickly changed) and managed to send a trade offer to another account. However I had steam email confirmation security so nothing was taken. Here are the steps I took:

1. Deleted the .scr file
3. Restarted (was still active, moving my mouse, typing etc.)
5. Turned my computer off, turned off my internet connection.
6. Restarted (without internet), no sign of it being active.
7. Ran antivirus (windows defender, full scan, didn't find anything)
9. Did a system restore

Even after these steps I'm still unsure whether i'm totally safe. It had a keylogger so i don't want to type any passwords etc. I don't know if it has infected any registry stuff or whether it is still present (defender didn't find anything).

Can anybody help me?

BTW I live in Australia (UTC/GMT +9:30), so I might be quite late with replies (1am here atm) etc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Kyle (administrator) on BELLABOO (27-08-2015 23:57:36)
Loaded Profiles: Kyle (Available Profiles: Kyle)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Valve Corporation) D:\Steam\Steam.exe
(Spotify Ltd) C:\Users\Kyle\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [Steam] => D:\Steam\steam.exe [2899136 2015-08-20] (Valve Corporation)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3730192 2014-12-09] (Disc Soft Ltd)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [Spotify] => C:\Users\Kyle\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-19] (Spotify Ltd)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\...\Run: [Dropbox Update] => C:\Users\Kyle\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-19] (Dropbox, Inc.)
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
ShortcutTarget: Dropbox.lnk -> C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1325000466-3342817125-3708368534-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 61.9.226.33 61.9.226.1
Tcpip\..\Interfaces\{ECCBA195-B742-4320-94E2-E14265FDEDBD}: [DhcpNameServer] 61.9.226.33 61.9.226.1

FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\46dkgyiu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-19] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-19] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Stylish - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\46dkgyiu.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-02-20]
FF Extension: Adblock Plus - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\46dkgyiu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]

Chrome:
=======
CHR Extension: (Stylish) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-08-20]
CHR Extension: (LoungeDestroyer) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-08-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-06]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-02-13] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2015-02-13] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2015-02-13] (ASUSTeK Computer Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S3 Disc Soft Ultra Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [1378576 2014-12-09] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-02-13] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2015-02-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2015-02-13] (MCCI Corporation)
R3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30352 2015-02-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R4 IOMap; \??\C:\WINDOWS\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 23:57 - 2015-08-27 23:57 - 00000000 ____D C:\FRST
2015-08-27 21:37 - 2015-08-27 21:37 - 00000000 ____D C:\Users\Kyle\AppData\Local\NetSupport
2015-08-27 21:29 - 2015-08-27 21:29 - 00000830 _____ C:\ProgramData\moon.txt
2015-08-25 01:04 - 2015-08-25 01:04 - 00000000 ____D C:\Users\Kyle\.swt
2015-08-22 02:15 - 2015-08-27 23:01 - 00000000 ____D C:\BOSS
2015-08-22 00:49 - 2015-08-22 18:54 - 00000000 ____D C:\Users\Kyle\Documents\Nexus Mod Manager
2015-08-21 00:43 - 2015-08-21 00:45 - 00000000 ____D C:\Users\Kyle\Documents\NetBeansProjects
2015-08-20 22:38 - 2015-08-27 23:01 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-20 22:38 - 2015-07-03 13:58 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-20 22:38 - 2015-07-03 13:58 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-20 22:17 - 2015-08-20 22:17 - 00001533 _____ C:\Users\Kyle\Desktop\StarCraft II.lnk
2015-08-20 14:23 - 2015-08-20 14:23 - 00000000 ____D C:\Users\Kyle\AppData\Local\GWX
2015-08-20 01:32 - 2015-08-27 18:31 - 00000043 _____ C:\Users\Kyle\jagex_cl_oldschool_LIVE.dat
2015-08-20 01:32 - 2015-08-20 01:42 - 00000024 ____R C:\Users\Kyle\random.dat
2015-08-20 01:31 - 2015-08-27 23:01 - 00000000 ____D C:\Users\Kyle\OSBuddy
2015-08-20 01:12 - 2015-08-22 00:49 - 00000000 ____D C:\Users\Kyle\AppData\Local\Black_Tree_Gaming
2015-08-20 01:11 - 2015-08-20 01:11 - 06173272 _____ (Black Tree Gaming ) C:\Users\Kyle\Downloads\Nexus Mod Manager-0.56.1.exe
2015-08-20 01:11 - 2015-08-20 01:11 - 00000600 _____ C:\Users\Kyle\AppData\Roaming\winscp.rnd
2015-08-20 01:02 - 2015-08-22 13:14 - 00000000 ____D C:\Users\Kyle\AppData\Local\FalloutNV
2015-08-20 00:32 - 2015-08-27 23:01 - 00000000 ____D C:\Program Files (x86)\Fallout New Vegas
2015-08-20 00:24 - 2015-08-20 00:24 - 00000000 ____D C:\Users\Kyle\AppData\Local\2K Games
2015-08-20 00:23 - 2015-08-20 00:23 - 00002128 _____ C:\Users\Public\Desktop\Mafia II.lnk
2015-08-20 00:23 - 2015-08-20 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2015-08-20 00:22 - 2015-08-20 00:22 - 00000000 ____D C:\Program Files (x86)\2K Games
2015-08-20 00:20 - 2015-08-20 00:20 - 00000080 _____ C:\Users\Kyle\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-08-20 00:19 - 2015-08-20 00:19 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-08-20 00:19 - 2015-08-20 00:19 - 00000998 _____ C:\Users\Public\Desktop\WinSCP.lnk
2015-08-20 00:19 - 2015-08-20 00:19 - 00000000 ____D C:\Program Files (x86)\WinSCP
2015-08-20 00:16 - 2015-08-20 00:16 - 00002044 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2015-08-20 00:16 - 2015-08-20 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-08-20 00:16 - 2015-08-20 00:16 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2015-08-20 00:16 - 2015-08-20 00:16 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2015-08-20 00:16 - 2015-08-14 15:28 - 05861512 _____ (Martin Prikryl ) C:\Users\Kyle\Downloads\winscp575setup.exe
2015-08-20 00:14 - 2015-08-20 23:00 - 00000000 ____D C:\Users\Kyle\Documents\StarCraft II
2015-08-20 00:14 - 2015-08-20 00:14 - 00000000 ____D C:\Users\Kyle\AppData\Local\Blizzard Entertainment
2015-08-20 00:13 - 2015-08-27 23:01 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Battle.net
2015-08-20 00:13 - 2015-08-26 22:04 - 00000000 ____D C:\Users\Kyle\AppData\Local\Battle.net
2015-08-20 00:13 - 2015-08-20 00:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-08-20 00:13 - 2015-08-20 00:13 - 00001163 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-08-20 00:13 - 2015-08-20 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-08-20 00:13 - 2015-08-20 00:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-20 00:11 - 2015-08-20 00:11 - 00000000 ____D C:\ProgramData\Battle.net
2015-08-20 00:10 - 2015-08-20 01:32 - 00000000 ____D C:\Users\Kyle\jagexcache
2015-08-20 00:09 - 2015-08-20 00:11 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2015-08-19 23:59 - 2015-08-11 10:50 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 23:59 - 2015-08-11 09:50 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 23:47 - 2015-08-19 23:47 - 00000000 ____D C:\Users\Kyle\AppData\Local\CEF
2015-08-19 23:34 - 2015-08-19 23:34 - 00000941 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-08-19 23:34 - 2015-08-19 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-19 23:34 - 2015-08-19 23:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-08-19 23:34 - 2015-08-14 11:20 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-19 23:34 - 2015-08-14 11:20 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-19 23:31 - 2015-07-30 23:34 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-19 23:31 - 2015-07-30 23:18 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-19 23:24 - 2015-08-19 23:24 - 00002080 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-08-19 23:24 - 2015-08-07 09:34 - 00572024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-08-19 23:11 - 2015-08-19 23:11 - 00000000 ____D C:\Users\Kyle\Documents\ahk
2015-08-19 22:44 - 2015-07-17 06:06 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-19 22:44 - 2015-07-17 06:06 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-19 22:44 - 2015-07-17 06:05 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 22:44 - 2015-07-17 05:56 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-19 22:44 - 2015-07-17 05:53 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-19 22:44 - 2015-07-17 05:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-19 22:44 - 2015-07-17 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-19 22:44 - 2015-07-17 05:21 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-19 22:44 - 2015-07-17 05:20 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-19 22:44 - 2015-07-17 05:15 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-19 22:44 - 2015-07-17 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-19 22:44 - 2015-07-17 05:11 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-19 22:44 - 2015-07-17 05:09 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-19 22:44 - 2015-07-17 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-19 22:44 - 2015-07-17 05:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-19 22:44 - 2015-07-17 05:04 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-19 22:44 - 2015-07-17 05:02 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-19 22:44 - 2015-07-17 04:44 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-19 22:44 - 2015-07-17 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-19 22:44 - 2015-07-17 04:42 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-19 22:44 - 2015-07-17 04:42 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-19 22:44 - 2015-07-17 04:40 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-19 22:44 - 2015-07-17 04:36 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-19 22:44 - 2015-07-17 04:31 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-19 22:44 - 2015-07-17 04:22 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-19 22:44 - 2015-07-17 04:19 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-19 22:44 - 2015-07-17 04:12 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-19 22:44 - 2015-07-17 04:08 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-19 22:44 - 2015-07-17 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-19 22:44 - 2015-06-16 08:08 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-08-19 22:44 - 2015-06-16 07:32 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-08-19 22:44 - 2015-06-16 07:28 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-08-19 22:44 - 2015-06-16 07:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-08-19 22:44 - 2015-06-16 07:25 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-08-19 22:44 - 2015-06-16 06:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-08-19 22:44 - 2015-06-16 06:17 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-08-19 22:44 - 2015-06-16 06:14 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-08-19 22:44 - 2015-06-16 06:13 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-08-19 22:44 - 2015-06-16 06:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-08-19 22:44 - 2015-06-16 06:11 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-08-19 22:44 - 2015-06-16 06:02 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-08-19 22:44 - 2015-06-16 06:00 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-08-19 22:44 - 2015-06-16 06:00 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-08-19 22:44 - 2015-05-23 12:34 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-08-19 22:44 - 2015-05-23 04:17 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-08-19 22:44 - 2015-05-23 03:38 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-08-19 22:44 - 2015-04-22 01:43 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-08-19 22:44 - 2015-04-22 01:19 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-08-19 22:42 - 2015-08-19 22:46 - 00000000 ____D C:\ProgramData\Gyazo
2015-08-19 22:41 - 2015-07-14 12:57 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-19 22:40 - 2015-08-19 23:00 - 00004968 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BELLABOO-Kyle Bellaboo
2015-08-19 22:39 - 2015-08-27 23:01 - 00005944 _____ C:\WINDOWS\setupact.log
2015-08-19 22:39 - 2015-08-19 22:39 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-19 22:39 - 2015-06-13 02:33 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 22:39 - 2015-06-13 02:06 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 22:39 - 2015-05-01 10:43 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-08-19 22:39 - 2015-05-01 10:43 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-08-19 22:39 - 2015-05-01 10:43 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-08-19 22:38 - 2015-07-22 23:49 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-19 22:38 - 2015-07-22 23:22 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 22:38 - 2015-07-19 11:28 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-19 22:38 - 2015-07-19 04:21 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-19 22:38 - 2015-07-19 04:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-19 22:38 - 2015-07-19 04:01 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-19 22:38 - 2015-07-19 04:01 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-19 22:38 - 2015-07-19 03:59 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-19 22:38 - 2015-07-19 03:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-19 22:38 - 2015-07-19 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-19 22:38 - 2015-07-19 03:58 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-19 22:38 - 2015-07-19 03:42 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-19 22:38 - 2015-07-19 03:40 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-19 22:38 - 2015-07-19 03:39 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-19 22:38 - 2015-07-17 23:45 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-19 22:38 - 2015-07-17 23:40 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-19 22:38 - 2015-07-10 04:10 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-19 22:38 - 2015-06-27 12:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-19 22:38 - 2015-06-27 12:38 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-19 22:38 - 2015-06-27 11:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-19 22:38 - 2015-05-08 03:20 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-19 22:38 - 2015-05-08 02:30 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-19 22:38 - 2015-05-08 02:23 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-19 22:38 - 2015-05-08 01:42 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-19 22:37 - 2015-07-29 08:54 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-19 22:37 - 2015-07-28 23:54 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-19 22:37 - 2015-07-28 23:54 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-19 22:37 - 2015-07-28 23:54 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-19 22:37 - 2015-07-28 23:54 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-19 22:37 - 2015-07-28 23:54 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-19 22:37 - 2015-07-28 23:54 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-19 22:37 - 2015-06-27 08:51 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-08-19 22:37 - 2015-05-21 22:38 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-08-19 22:36 - 2015-07-30 00:07 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-19 22:36 - 2015-07-30 00:00 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-19 22:36 - 2015-07-29 23:53 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-19 22:36 - 2015-07-25 04:27 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-19 22:36 - 2015-07-25 04:27 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-19 22:36 - 2015-07-25 04:22 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-19 22:36 - 2015-07-25 02:57 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-19 22:36 - 2015-07-25 02:53 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-19 22:36 - 2015-07-16 09:59 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-19 22:36 - 2015-07-16 09:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-19 22:36 - 2015-07-16 09:59 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-19 22:36 - 2015-07-16 09:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-19 22:36 - 2015-07-14 05:16 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-19 22:36 - 2015-07-14 05:15 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-19 22:36 - 2015-07-14 04:40 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-19 22:36 - 2015-07-11 03:24 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 22:36 - 2015-07-10 01:44 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-19 22:36 - 2015-07-07 19:10 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-19 22:36 - 2015-07-07 19:10 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-19 22:36 - 2015-07-07 19:10 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-19 22:36 - 2015-07-04 07:21 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-19 22:36 - 2015-07-03 23:30 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-19 22:36 - 2015-06-28 14:37 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-08-19 22:36 - 2015-06-28 14:37 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-08-19 22:36 - 2015-06-28 14:36 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-19 22:36 - 2015-06-28 14:36 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-08-19 22:36 - 2015-06-28 02:12 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-19 22:36 - 2015-06-27 21:17 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-19 22:36 - 2015-06-27 12:43 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-08-19 22:36 - 2015-06-27 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-08-19 22:36 - 2015-06-27 12:42 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-08-19 22:36 - 2015-06-27 12:10 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-08-19 22:36 - 2015-06-27 11:35 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-19 22:36 - 2015-06-27 11:30 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-08-19 22:36 - 2015-06-27 11:23 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-08-19 22:36 - 2015-06-27 10:56 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-08-19 22:36 - 2015-06-20 02:37 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-19 22:36 - 2015-03-30 15:17 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-19 22:35 - 2015-07-15 07:29 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-19 22:35 - 2015-07-15 07:29 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-19 22:35 - 2015-07-15 07:29 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-19 22:35 - 2015-07-14 12:52 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-19 22:35 - 2015-07-14 12:51 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-19 22:35 - 2015-07-11 03:49 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-19 22:35 - 2015-07-11 03:12 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-19 22:35 - 2015-07-11 02:44 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-19 22:35 - 2015-07-11 02:43 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-19 22:35 - 2015-07-11 02:17 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-19 22:35 - 2015-07-11 02:01 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-19 22:35 - 2015-07-10 02:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-19 22:35 - 2015-07-10 02:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-19 22:35 - 2015-07-10 02:00 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-19 22:35 - 2015-07-02 07:49 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-19 22:35 - 2015-07-02 07:46 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-19 22:35 - 2015-07-02 07:07 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-19 22:35 - 2015-07-02 07:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-19 22:35 - 2015-06-16 15:06 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-08-19 22:35 - 2015-06-16 15:06 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-08-19 22:35 - 2015-06-16 08:11 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-19 22:35 - 2015-06-16 07:54 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-19 22:35 - 2015-06-16 06:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-19 22:35 - 2015-06-16 06:39 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-19 22:35 - 2015-06-16 06:20 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-08-19 22:35 - 2015-06-16 05:27 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-08-19 22:35 - 2015-06-12 05:42 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-19 22:35 - 2015-06-12 05:42 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-19 22:35 - 2015-05-31 06:48 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-08-19 22:35 - 2015-05-31 05:06 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-19 22:35 - 2015-05-31 05:05 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-19 22:35 - 2015-05-12 22:49 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-08-19 22:35 - 2015-05-12 02:04 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-08-19 22:35 - 2015-05-08 02:17 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-08-19 22:35 - 2015-05-08 00:51 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-08-19 22:35 - 2015-05-08 00:35 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-08-19 22:35 - 2015-05-04 00:39 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 22:35 - 2015-05-04 00:37 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-08-19 22:35 - 2015-05-04 00:28 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 22:35 - 2015-05-04 00:27 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-08-19 22:35 - 2015-05-04 00:25 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-08-19 22:35 - 2015-05-04 00:19 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-08-19 22:35 - 2015-05-01 08:35 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-08-19 22:35 - 2015-05-01 08:18 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-08-19 22:35 - 2015-04-30 08:52 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-08-19 22:35 - 2015-04-28 22:43 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-08-19 22:35 - 2015-04-28 22:43 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-08-19 22:35 - 2015-04-25 12:04 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-08-19 22:35 - 2015-04-25 12:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-08-19 22:35 - 2015-04-25 11:55 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-08-19 22:35 - 2015-04-24 01:17 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-19 22:35 - 2015-04-24 00:46 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-19 22:35 - 2015-04-16 15:47 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-19 22:35 - 2015-04-14 08:07 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-08-19 22:35 - 2015-04-14 08:04 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-08-19 22:35 - 2015-04-10 10:10 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 22:35 - 2015-04-10 10:04 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-19 22:35 - 2015-04-10 09:47 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 22:35 - 2015-04-10 09:41 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-19 22:35 - 2015-04-09 08:25 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-08-19 22:35 - 2015-04-09 08:11 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-08-19 22:35 - 2015-04-03 10:05 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-08-19 22:35 - 2015-04-03 09:44 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-08-19 22:35 - 2015-04-02 07:52 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-08-19 22:35 - 2015-04-02 07:50 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-08-19 22:35 - 2015-04-01 13:51 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 22:35 - 2015-04-01 13:48 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-08-19 22:35 - 2015-04-01 13:47 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-08-19 22:35 - 2015-04-01 13:38 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-08-19 22:35 - 2015-04-01 13:16 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 22:35 - 2015-04-01 13:15 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-08-19 22:35 - 2015-04-01 12:47 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 22:35 - 2015-04-01 12:47 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-19 22:35 - 2015-04-01 12:23 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-08-19 22:35 - 2015-04-01 12:23 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 22:35 - 2015-04-01 12:15 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 22:35 - 2015-04-01 12:15 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-08-19 22:35 - 2015-04-01 12:01 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-08-19 22:35 - 2015-04-01 11:44 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 22:35 - 2015-04-01 11:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-19 22:35 - 2015-03-20 13:19 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-08-19 22:35 - 2015-03-20 12:38 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-08-19 22:35 - 2015-03-20 12:07 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-08-19 22:35 - 2015-03-20 11:37 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-08-19 22:35 - 2015-03-20 11:26 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-08-19 22:35 - 2015-03-18 02:56 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-19 22:35 - 2015-03-13 13:33 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-08-19 22:35 - 2015-03-13 13:33 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-08-19 22:35 - 2015-03-13 11:32 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-08-19 22:35 - 2015-03-13 10:41 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-08-19 22:35 - 2015-03-13 10:09 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-08-19 22:35 - 2015-03-11 11:19 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-08-19 22:35 - 2015-03-11 10:39 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-08-19 22:35 - 2015-03-09 11:32 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2015-08-19 22:35 - 2015-03-09 11:32 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-19 22:35 - 2015-03-06 12:17 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-08-19 22:35 - 2015-03-04 11:02 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-08-19 22:35 - 2015-03-04 10:42 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-08-19 22:35 - 2015-03-02 11:13 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-08-19 22:35 - 2015-03-02 10:51 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-08-19 22:35 - 2015-02-18 08:49 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-08-19 22:34 - 2015-03-06 12:38 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-08-19 22:34 - 2015-03-06 12:13 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-08-19 22:33 - 2015-08-19 22:33 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-19 22:33 - 2015-08-19 22:33 - 00000000 ____D C:\Users\Kyle\AppData\Local\Dropbox
2015-08-19 22:33 - 2015-08-19 22:33 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-14 06:19 - 2015-08-14 06:19 - 01730328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-08-14 06:19 - 2015-08-14 06:19 - 00201432 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzudd.sys
2015-08-14 06:19 - 2015-08-14 06:19 - 00050392 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzendpt.sys
2015-08-11 01:08 - 2015-08-11 01:08 - 42740536 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 37757584 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 30497920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 22960768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 16160424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 15902640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 15139256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 14512608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 13277448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 12885072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 11845224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 11063440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-11 01:08 - 2015-08-11 01:08 - 03019128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 02942280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 02609480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01906832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435382.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01577808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01568056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435382.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01566536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01110768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01071416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01063040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00991888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00985232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00948832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00887544 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00513840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00417096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00415840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00372880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00213360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-08-11 01:08 - 2015-08-11 01:08 - 00185632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00160896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00137424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00127616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00048992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00047944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-08-03 12:12 - 2015-08-03 12:12 - 00045680 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-27 23:52 - 2015-02-13 20:21 - 00000000 ___DO C:\Users\Kyle\OneDrive
2015-08-27 23:50 - 2015-02-14 06:39 - 01897457 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-27 23:50 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-27 23:48 - 2015-02-13 20:30 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{15200E30-DA4B-4A85-9FB0-2BB616968CC2}
2015-08-27 23:37 - 2015-02-16 15:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-27 23:30 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-27 23:25 - 2015-02-13 20:27 - 00000000 ____D C:\Users\Kyle\Documents\Work
2015-08-27 23:12 - 2015-02-13 20:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1325000466-3342817125-3708368534-1001
2015-08-27 23:07 - 2014-03-19 00:55 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-27 23:02 - 2015-02-13 20:35 - 00000000 ____D C:\Users\Kyle\AppData\Local\Spotify
2015-08-27 23:02 - 2015-02-13 20:17 - 00000000 ____D C:\Users\Kyle
2015-08-27 23:01 - 2015-04-06 2

A: Infected with .scr & not sure if safe :(

Double post, sorry.

1 more replies

Safe Transactions with Infected PCs (2 web pages).

This is an interesting technology making its way to market. It is launching to 6 million customers of an undisclosed online broker in the near future.

The method is that it uses a rootkit to burrow into your OS - Windows only for now on IE and Firefox browsers, but they are working on Linux, Mac and Safari browser versions.

I am not sure that they can guarantee that their rootkit burrows deeper than any malware based rootkit (in order to provide the deepest protection as they seem to make in their claim).

On my WinXP Pro SP2 I used a free anti-keylogger that drilled into the system ahead of everything else (services) so that it was the first to execute before any system services. If they could do it - my assertion is that the malware authors can also - and the anti-keylogger was so proficient that I remember one member did not like it being so low-level and uninstalled it - but, it did its job very well.

The way I confirmed that the anti-keylogger was first to execute was a tool from Microsoft Technet SysInternals toolset here that listed the order of execution at boot time of system services.

As with any software, try it at your own risk - and if you do - please post your review in this thread.

-- Tom

A:Safe Transactions with Infected PCs

If my PC was infected, I wouldn't even risk it. I'd be using extremely personal details and I'd only enter them on a PC I know is clean.

1 more replies

I've got a gig fixing a friend of a friend's laptop. It essentially won't boot. The laptop itself is like, God probably like 10 years old! Most likely has some form of virus or malware on it. (I'm ashamed to say my friends think they either "don't need AV," or "I can't afford [free] AV." )

Anyway, I was thinking to hot swap the hd into my rig, and scan it.
I'm running:
-full Webroot Internet Security Suite
-full Norton 360
-free Avast!
-free Avira

Obviously I won't be trying to boot from this drive until everything says it's ok. I did this last week without even thinking twice, with a different definitely-known-to-be-infected drive, and no real-time shields picked up anything. But really, how safe is this? Is it even possible for anything to try to start messing with me?

A:Hot-swapping infected hd: Is it safe?

FWIW: you might want to use one of those small <\$20 external USB drive connectors that support the laptops drive and then run malware bytes and your AV against it.

I have done this and cleaned up drives without a lot of aggrivation.

rich

4 more replies

Hi there

Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.

I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found

I believe it is referring to the files I tried to delete earlier

I really am at a lose as to what to do and require some assistance!

Here are the DDS LOGS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

A:Infected with Safe and Easy malware and cannot get rid of it!

Hi Littlegreen, to Bleeping Computer.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
Some things to remember while we are working together.
Do not run any other tool untill instructed to do so!
Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can also help.
Do not run anything while running a fix.
If you don't understand a step, please ask for clarification before continuing with any future steps.
In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.adwCleaner
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where ... Read more

4 more replies

I have Wxp Pro on a Dell pc. I get no pop-ups, but programs are slow to open and slow to run. I can't start the pc in safe mode by using F2, F8, F12, etc. When those keys are used, the pc ignores it and starts normally.
When a browser window is open, I can open a site, can scroll thru the site, but can't click on any links or buttons. It acts as if it is just a graphic.
One strange thing, if I minimize the browser window, then maximize it again, I can then surf inside the site.

I have run Ccleaner and Ada-ware. I then ran Rkill, then SuperAnti-spyware and Malwarebytes. Running a full scan on both. SuperAnti found 53 items, quarantined all, but no help. Malware did not find any issues.
I've tried a system restore, but keep getting "can't restore system.......".

Any fast help is appreciated, this is for a school secretary's pc.
Phil

A:Am I infected? Can't start Wxp in safe mode

9 more replies

Browser keeps crashing and PC still very slow. I couldn't do anything unless I was in safe mode. Initially, the icons on desktop were almost completely gone. System is 7 Premium, 3 GB RAM, AMD processor. Thanks for getting me started on getting out of this nightmare.

A:Slow Infected PC; ran JRT and ADW from safe mode

Let's start with a scan using DDS. See if you can get into 'safe mode with networking' :

DDS.com

DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

9 more replies

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.Please give me some time to review your logs and I will be back with instructions.Meanwhile please post the Addition.txt log that comes with FRST.txt the first time FRST is ran on your computer.

5 more replies

I would be very grateful for some help sorting out a friend's PC please.

I've read the First Steps page but cannot carry out all of the suggested scans.

When I boot the PC normally, it works very slowly loading XP Home, then suddenly reboots itself before getting to the login screen. I discovered that it will run in Safe Mode with Networking and I'm using it now to create this thread!

I've run dds.scr and the scan result is pasted below. (Attach.txt is included here in a zipped file). When I try to run GMER nothing happens. The egg timer appears for a few seconds but nothing more. I have downloaded SPTDinst-v162-x86.exe. Executing this file results in a popup stating "No SPTD version was detected". The Uninstall button was greyed-out but the Install button looked inviting, so I clicked it and was prompted to re-start Windows. I restarted XP in Safe Mode and it appeared to load SPTD.sys.

Before looking at this forum I was going to attempt a Windows re-install and backed up My Documents onto a USB memory stick, which I then scanned with Avira on a another laptop. This revealed 16 music files, which had been downloaded with Limewire (I presume), all containing the same virus - EXP/ASF.GetCodec.Gen. I've uninstalled LimeWire now.

I have tried to install Avira AntiVir Personal (in Safe Mode) but, after extracting a load of files to a Temp folder, it gets part way through 'Preparing Installation...' then crashes(?).

I don't know what to try n... Read more

A:Infected PC only works in Safe mode - Help please

Please close this thread - I have wiped the system and re-installed XP. It seemed like the smartest thing to do...

1 more replies

I finally have PC-cillin reinstalled on my pc. I have been through hell with a bot that replicated hundreds of trogans onto my pc. It nuetered PC-cillin, so I couldn't load it. D: Then downloaded AVG7, HiJack This, and Sysclean to finally get rid of everything....so I thought. Went trough heck to uninstall AVG7, then uninstall PC-cillin, then reinstall PC-cillin. I did another scan and suprise! I had more trojans. >.>` Now, I log on again, and a virus opens with one of my system files, spits out two trojans in the process. Now that PC-cillin is operational, it caught the trojans and cleaned them. But, the virus is in PCCGUIDE.EXE and PC-cillin is unable to clean or quarantine the infected file.Can I chunk it into file 13? In otherwords, delete it? I see that it's an exe file, which means I shouldn't touch it without asking first. Oh, and the orignal infection was in EXPLORER.EXE D: Evil!Did I miss anything? ;pYes, the virus is PE_TRATS.A I only remember AGOBOT from before, but I know there was a worm and two other viruses aside from the bajillion trojans.

A:Pccguide.exe Infected. Safe To Delete?

So...I searched the file, and they are part of PC-cillin itself. There were six files total. I scanned them all individually and none showed a virus, yet PC-cillin just told me there was one. *so lost*

5 more replies

Hi there

Out of the blue today when I started up chrome my normal tab opened (I use new tab redirect) and another tab called easylife.search opened up as well.
I ran malwarebytes and it kept blocking the program over and over but to no avail.
After wards I ran rougekiller and when it popped up as PUP i deleted it (this was in chrome) it was gone, however i was signed out of chrome and I need to stay signed into chrome for work purposes. When I signed back in it was back and now when I run rougekiller it will not disappear.

I went to C:/ProgramData and tried to delete the DLL files there however that didn't work either.
In my control panel there is a random program called Fast and Safe by Gtgroup however when I try deleting it it comes up with an error message stating:
There was a problem starting C:\PROGRA~3\FASTAN~1\FASTAN~1.DLL The specified module could not be found

I believe it is referring to the files I tried to delete earlier

I really am at a lose as to what to do and require some assistance!

Here are the DDS LOGS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Kossi at 14:26:09 on 2014-06-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.12248.8078 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

A:Infected with Safe and Easy malware and cannot get rid of it!

1 more replies

Microsoft did a scan in safe mode, but my computer is still running slow. i cant figure it out. i have one care as my anti virus, and malware bytes. i've ran both and nothing is showing up, any suggs would be greatly appreated.

thanks,
Lindaga35

A:am i still infected? scanned in safe mode already

Please reboot your computer and update Malwarebytes. This time do a FULL scan and post the new log here

5 more replies

Hi, I had McAfee running and it found a trojan, so i removed it right? For some odd reason my PC restarted(blue screen of death, something about memory) Every time i try to boot normally it gives me the blue screen. so now im in safe mode typing this. I've done multiple full scans on Mcafee and it still says one or more errors could not be fixed because of an error. anyways it been like this all day. I just downloaded avast version 4.8 and currently scanning my system. Any suggestions of help? I'd rather not delete the entire contents of my hard drive and reinstall vista.

Edit 1-avast! Virus Cleaner Tool - version 1.0.211 Ansi

Edit 2- Currently scanning with AVG 8.5 Free Trial Safe Mode

Edit-3 It seems that AVG has cleaned my computer right, i can now boot up normally and my mcafee says im secure.tt

Edit-4 Mcafee is on overload again, my computer got blue screen again. and i am currently scanning with mcafee.

Edit-5 Mcafee has been uninstalled by me and now running avg once more

A:Help, infected laptop, currently in safe mode.

10 more replies

Hi, last fri I received an email via my yahoo account from UPS ( which I now now is not). I think this is a nasty virus has worms too.Avira scanned the file before I unzipped it, I did not get any warning, even though I had updated avira files before, then it went spirling downhill!!I had so many windows opening up, I immediately disconnected from the net then proceded to virus scan with Avira. At the end of the scan, it could not help as it was infected. I could not open the report, even though there were warnings.I tried Spybot scan which found a majority of problems which I allowed the fix. I did not think it wise to go on the net as I kept getting Internet Explorer pages opening up.All during this time I was getting Norton virus updates and warnings - I dont have nortons so ignored them and did not open any of the files. Just closed at the X them and made sure i was disconnected from net.After spybot cleaned up, I used ATF to clean my temp files and then turned off and re-started.Since then I can not log on to windows, even in safe mode and adminstrator. I tried and logging on a number of times in a variety of ways but it keeps logging me out. I am not getting past the log on page.I cannot seem to get into windows and think I must have messed up somewhere. I have my external drive plugged in and was about to back up my monthly documents but decided to reply to my emails before! Hence now cannot access anything. I have spent the weekend reading forums and page... Read more

A:infected with UPS virus. Cannot log on even in safe mode

81 more replies

- On a small Peer-to-Peer network...
- One PC is infected
- Setup is: Cable Modem connected to small Linksys Router connected to a few PC's

1 - Is it a concern that the malware could spread to other PC's in the small Workgroup?
2 - If so will this fix it while still allowing the infected PC net access...
.. turn off all clean PC's
.. remove the infected PC from the Workgroup
.. turn on the clean PC's
This way the infected PC is not in the Peer-To-Peer Workgroup but it is still sharing the same router...

Right now I'm turning off (or disconnecting) all clean PC's from the network before turning on the infected PC. This is a problem for other users.

Thanks for any help.

A:Safe to have infected PC online - But not in Workgroup?

Are the clean PCs fully patched and are there no Windows accounts on those clean PCs with weak passwords?

3 more replies

I am trying to fix my father's desktop computer, which he seems to have sufficiently filled with Malware. I am having a very hard time dealing with this, and am hoping for some help. Here are some of the things I know so far: It is a Dell running XP. Currently, I cannot run task manager, either in normal or safe mode. I cannot install Hijack This, MalwareBytes, or any other program in an effort to remove anything. Some of the names I have run across are "AntiMalware Doctor", "Security Tool", as well as the "Microsoft Security Essentials Alert" (particularly when I try to run taskmgr or regedit in the normal mode). I have been able to access regedit when in Safe Mode with Command Prompt... That is as far as I have gotten. I found some junk that seems to be related, but each restart brings me the same "Microsoft Security Essentials Alert" when I reboot and try for the taskmanager. As I can't seem to run anything on the desktop, I am using my laptop to try to download any potentially useful programs and move them over with a jump drive, but nothing will load. Any thoughts or recommendations would be greatly appreciated!!!!!!!I was just able to run TDSS Killer in Safe Mode from the Command Prompt, which appeared to be successful. Here is the log... I hope I copied it in right, as it appears huge! TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:442010/09/25 10:48:32.0734 ===============... Read more

A:Computer infected can't even run in Safe Mode!

2 more replies

I'm not able to use internet in regular mode of windows xp. If i restart in safe mode with network support I can access the internet.I have checked everything concerning driver issues etc. The ip is correctly assigned. I have done several scans wit MBAM, I've used registry cleaners, etc. It all started a couple weeks ago when the pc started working very slow. I did a disk cleanup, defragmented the harddisk, did registry cleans, scanned for viruses etc. It was a bit better but not too much. After a few days the internet stopped working on my pc.Is there any solution to fix this problem?Hereby the DDS.txt log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Zjefne at 13:56:09,23 on vr 24/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.447.221 [GMT 2:00]AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\A... Read more

A:Infected? No internet, just in safe mode

3 more replies

(See attached)

My Firefox download progress bar has decided to take a dislike to MGlogs.zip from the malware forum.
How can I sort this out please? So sick of software thinking it's being 'useful' !

A:Something Deciding Safe Files Are Infected...

That could be Firefox' baked-in Google Safe Browsing/Phishing Protection (or w/e its called now), see if you can find a likely pref from this page to add/modify from about:config: https://wiki.mozilla.org/Safe_Browsing

1 more replies

I have an infection in my DropBox.
I am hoping i disconnected before it got to my local box, but cannot tell because, I logged off/shutdown the system.
Windows 7, booting up, trying to go into Safe Mode, with networking.
As soon as it comes up, I try to log in (Still disconnected from the network, and it reboots the system.
Is this something new, or maybe unrelated?

A:Lucky Infected and No Safe Mode now?

Welcome to BC...

This is the second time this week that someone has posted not being able to boot into safe mode. Please
start a new topic in the Malware Removal forum and let the pros see if it is a new malware or just a coincidence.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

DO NOT bump your new topic. Wait for a response from one of the Team Members.

1 more replies

Hi all,

My computer started running verrrrrrrrrrrrry slowly two days ago. It's so slow that nothing is usable. I tried to do a system restore, but all restore points are gone before April 30. Restoring the April 30 restore point fails with an error.

Tried various spyware and rootkit removal software and nothing helps. Desperate...

Here's my HijackThis log:

Thanks! Bob

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:35 PM, on 5/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http... Read more

A:Computer infected? Only runs OK in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

2 more replies

Hi - I am running a win 7 OS and am infected with the FBI moneypack virus. It is not allowing me to enter either 'safe mode' or 'safe mode w/ networking' or 'safe mode with command prompt'.

When I log in to the computer using a different user I don't have this issue.

A:FBI Moneypack Virus - Infected even in safe mode

Hi gsms123

I will be handling your log to help you get cleaned up. Please give me some time to do up a fix and I will get back to you as soon as possible.

White Warrior

23 more replies

Hi,
My computer is running windows 7 64bit and got infected with win32.sality.bh. I am not able to run any program except kaspersky. I had a full scan and removed all threats it could find but apparently the so called anti virus is not as powderful as it described. i still cant open any program. I tried to run in safe mode but cant do it without msconfig. any idea how can i run in safe mode? thanks in advance.

More replies

XP Pro SP3 machine boots fine normally but can not get past the driver loads in safe mode. It just starts over. Seems to stop at the MUP.sys line. I've copied in a different MUP.sys file but it didn't help.
Original problem is something is starting up about 9 instances of Windows Explorer in full screen on multiple advertising sites and hanging the PC for a while. Also get memory location errors popping up at regular intervals. Memory test is good and the sticks are now 4 days new but still get the errors that don't hang anything but the messages just reoccur.
Ran Malwarebites and deleted old user profiles, temp files and got Windows updates current. Didn't see any odd programs installed or notice any crazy processes but haven't sorted each little one out yet. Have antivirus on it but not detecting anything.

A:XP Pro Infected boots OK but not booting into safe mode

Video card or internal?

2 more replies

Hello I'm new here and I am having an issue I believe. Nod32 detected this variant Win32/Kryptik.AVM trojan in C:\Windows\SysWOW64\dllhost.exe and C:\WINDOWS\SYSWOW64\CRYPT3232.DLL and as well MWBAM detected something along same line I think I removed it but after another scan MWBAM had a log with a reg key hijacked reg.key noactivedesktop hkey_local_machine software microsoft windows current version policies explorer. Here is HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:13:25 PM, on 11/16/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files (x86)\Ultra ISP\dialer.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\BWK\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ultraisp.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Intern... Read more

A:Malwarebytes detected this is it safe to remove am I infected?

2 more replies

hi i'm new to the forum, and need some serious help. i clicked the wrong thing, and now i have some virus on my computer, here is what i have tired so far

1. I ran my virus software AVG, but when it starts scanning, it goes like 5 mins then just shuts down, the program still stays open but the scanning window just shuts without completing the scan

2. I ran Ad-ware, and it scans till it gets to the HKEY scan then locks up.

3. I made system recovery disks through the AVG software, but i can;t get the computer to boot of the disk, and i don;t know how to get it to work.

4. I tired restarting in safe mode, to run the virus programs again and the computer will not go into safe mode, it says there was an error and i must start it normally.

following systoms:
-when i start internet explorer it goes right to google, and types in "free porn" and searches out....(no idea why it does this)
-when i open up my documents, windows freezes and has an error then shuts down
-when i start the computer a toolbar pops up on the right side with ads for spyware, porn, insurance and other things.
-also some other things, i can;t really explain

now i been reading on here about HijackThis, so i downloaded that and got the log file. I also got Ewido, i ahevnt; ran a scan yet. i know a little about computers but i can't get anything to work or get this thing off. so here is the log file
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:50:45 PM, on 12/... Read more

A:Infected and wont restart in safe mode

14 more replies

Hi,

Had Issues for a while with being directed to random sites while using google and random pop ups,

Had the Yellow shield pop up in the task bar telling me i had to restart the system, after restart the Colour of the font in Firefox had changed to black and was running slow and freezing, 3-4 minutes in and the system would freeze only relief being the restart button.

3/4 restarts down the line im here , after the Windows XP loading screen goes off the screen just stays black no welcome page

EDIT EXTRA: It seems the wpa.dbl fil was modified at the time of the attack

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:42, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.micros... Read more

More replies

I'm fixing someone's computer and I scanned with malware byte's anti malware. They have a few registry keys but one registry value.Is it safe to remove?

A:Registry Keys Infected. It Is It Safe To Delete Them?

What's the full path for this registry value?

13 more replies

Today, my laptop became infected with the FBI malware.  It has disable my ability to use Safe Mode in any way.

I urgently need assistance.   Thanks.

A:Infected with FBI Virus - Safe Mode is not accessible

3 more replies

Hello,

I'm using a spare computer to try and resolve an issue with my laptop.

Earlier I was using Firefox but Internet Explorer suddenly began to pop up. After a few tries using Task Master, I was able to shut off IE. But I wanted to search for any trojans or viruses and attempted to scan using Malwarebytes. This program shut down after a few seconds of scanning. When I attempted again, it said "Windows cannot access the specified device, path, or file."

I tried to run HijackThis in Safe Mode to try and get a log but got the exact same message as above about Windows not being able to access.

Any assistance would be GREATLY appreciated!

A:Badly Infected - Cannot Run HijackThis in Safe Mode

16 more replies

I've been in France the last 9 months studying and when I came back, my parents told me to look at their computer since it has been acting weird and they could only use it in safe mode. They had been using it without any virus protection it seems. So I dowloaded Super antiSpyware, MalwareBytes and Avast, and scanned the computer with each of them. Superanti spyware found about 1700 infections, malware bytes found 260 more, including koobface.worm, and avast found 4 viruses. I managed to be able to start the computer in normal mode but it freezes many times, so it is very ineffective to use it like that. I don't know what else is wrong with it as I've run out of knowledge of how to fix the problems. I managed to run DDS in normal mode, but was unable to run gmer, both in normal and safe mode. It said there was an unexpected error and it must close.Here is my dds log. Anything else you'd like me to do, just tell me.DDS (Ver_10-03-17.01) - NTFSx86 Run by David at 1:35:00.38 on Sun 06/06/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.1915.1146 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLau... Read more

A:was infected with koobface.worm, must use safe mode

3 more replies

My XP machine has a problem.  It gave me the Moneypak page on boot up and won't boot into safe mode.

I made a ubuntu startup disk and used that to backup my data files.  Also, ran some antivirus boot disks (Kaspersky, Bitdefender, and AVG), but it did not fix the problem.  However, they did get rid of the Moneypak page that was showing on startup.  Now when doing a normal boot, I see my desktop for about 1 or 2 seconds, then get a beige screen which changes quickly to a white screen and hear the hard drive spinning - probably loading things.  When I hold the power button to reboot, the blank page shuts down and I can briefly see my normal desktop full of icons again. Not enough time though to run any programs.

Since I can access my files by booting into Ubuntu, I assume the problem could be fixed by manually removing the right files or making some other changes, but I don't know which.

Can anyone help me get my machine working again?  Your assistance is much appreciated.

A:Infected with Moneypak - can't boot into safe mode

more replies

Hey guys,So my girlfriends computer had a virus on it called Windows System Defender. It installed itself while browsing the internet, no we don't remember what site it was. I looked up ways to remove it and I did everything it said to do and even removed an instances of it from the Registry. It still persists and continues to come back,we think. After running a bunch of virus scanners it appears that I have gotten rid of the original virus but now have a new one that we can't figure out what it is and won't pop up on virus scanners. It also won't let us boot up in safe mood. It gives us a blank blue screen when we try to do so. I have posted a HJT log to see if that will show anything. Any help is much appreciated. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:16 PM, on 11/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system... Read more

A:Infected With Virus and Can't Boot to Safe Mode

Problem has been resolved.

2 more replies

my computer is showing odd behaviour,menus keep blinking and it is difficult to watch a video because it gets forwarded on its own.suspecting a virus infection,i used combofix without supervision.however the problems i had earlier persists.is it safe to uninstall combofix without taking any action?

A:is it safe to uninstall combofix if your computer is infected?

3 more replies

My understanding of malware is quite basic, but it seems like one of the big issues in trying to clean a system is that the bugs are loaded by Windows into memory and hence cannot be easily purged while Windows is running. Would it be possible then to clean a drive on a 2nd system--that is hook up the drive as a secondary on another clean box then remove the files identified in a previous HijackThis log from the sick drive?

Assuming that this is feasible, is it safe? Or will the malware migrate even if the infected registry on the 1st drive is not implemented?

A:Safe to scan infected drive on 2nd comp?

HJT is looking into the registry of the booted disk, but Adaware/SpyBot can scann other drives.

I think you'd be better off to post the active HJT log and get instructions on what/how to remove the probs.

2 more replies

I've been on the BC forums for the past couple years, and I just joined the forum and this is my first post. I've had years as an end user on computers, but have only been doing basic tech work off and on for the last year or two, so my experience is a little limited in some areas. I'm helping a friend who's son tried to "download music" and ended up on The Pirate Bay, among other sites. So far, most of the infections seemed to be removed, but there's still pop up ads that I can't get rid of. I've used Malwarebytes multiple times and it now comes up with a clean scan. Spybot S&D2 come up with the same results over and over again, regardless of quarantining the results and deleting. This has happened at least 4+ times so far.

I have rkill on the desktop and used it first before any scans because the pop ups and redirects to ads were so bad in Chrome. I ran MB next, then SS&D. When those kept coming up with problems, I followed one of the removal guides and installed Combofix and Adwcleaner. It's much better, but I'm not sure it's completely clean. When I would clear one or two, another new one would pop up. I've also used Revo Uninstaller Pro to uninstall some problematic programs, but still see remnants of things, such as C:\Users\XXXXX\AppData\LocalLow\{581A79A5-59DE-AAE6-EEAE-27C2924CFC0D}\cosstminn.2.9.dat. I thought I got rid of cosstminn but it's just an example of what causes me to doubt it's clean. Also, when I'm on a BC page, some words are s... Read more

A:Infected with Conduit, Browse Safe, Cosstminn, and more

33 more replies

Hi Guys,

My WinXP Sony Vaio VGN-215M has been infected by what the Dr. Web demo identified as 'NTRootkit.83'. The first symptom I noticed was .EXE files starting to disappear, including my Norton Antivrus. Another problem I noticed is my wireless network connection has disappeared (no networks show up anymore).

I have tried a variety of tools including the McAffeee Rootkit tool beta, but it seems this one is still sticking around. Dr. Web support indicated I should reboot in safe mode and then run Dr. Web to remove it, BUT; when I try a reboot in any form of safe mode, it:

a) reboots
b) shows the loading screen, and then goes through a list of drivers on the bottom of the screen
c) reboots itself back into normal mode

So effectively I cannot reboot into safe mode.

I have output the following Hijackthis logfile, if this helps:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:25 PM, on 16/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe

A:Infected with NTRookit.83 - Can't reboot in safe mode

Still getting nowhere.

Installed Dr. Web antivirus, and just like my Norton, the .exe files for the program disappear. This is one nasty litte trojan.. please help!

1 more replies

I am visiting my kids and my ex-in laws got scammed by a FakeAV.  The person they talked to installed windows 8 and now it boots only to safe mode.

Here are the Hijack This logs, DDS logs.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:12:54 PM, on 8/29/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Ron and Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89NEVL99\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSear... Read more

A:Not exactly sure what computer is infected with but boots only to safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546184 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies

I am available Mon - Thur, but will monitor my post and go to the computer if necessary over the weekend. This is an elderly woman's laptop done as a volunteer project and I will receive no compensation for my services.

I get redirected trying to go to bleeping computer and had to use safe mode to download and post.

Here is my log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17344
Run by Judy Gilman at 9:28:45 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.3250 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs

A:Win 7 infected with redirect. Can only use Chrome in safe mode.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554855 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies

Hi all,

I had a Windows 7 installation on my old hard drive which got infected with rootkit.0access. I tried removing it with malwarebytes but it kept coming back. Also originally MB did get rid of a few other infections (successfully it seems). Anyway, I decided to abandon the windows installation and start again on a new solid state drive.

I've had the old HD unplugged since I did the new install. Is it safe to plug it in, boot to my new HD, do a scan, and start picking my files out? Obviously I won't run any programs from it...

Thanks peeps.

A:Old infected hard drive, safe to access?

It'll be safer to put that old hard drive in USB hard drive enclosure.Then..Install Panda USB Vaccine, or BitDefender?s USB Immunizer on your computer to protect it from any infected USB device.Now you'll be safe to plug USB enclosure in and scan the drive with your AV program.

1 more replies

A user came to me with a laptop that does not connect to the internet at all in normal mode. (Wired or wireless, DHCP or static IP, IPv4 or IPv6)
Connects to the network perfectly fine, but no internet connection.
Unless in safe mode then the internet works just fine. (which led me to think malware was the root of the problem)
Nothing else appears to be wrong/off; just lost internet connection.

ipconfig /release /renew... nothing
ipconfig /dnsflush /dnsregister... nothing
Tried new drivers... nothing
reset winsock... nothing
Scanned with McAfee... Clean
Scanned with MBAM... Clean
rkill... clean
tdsskiller... clean
running a hjt now, but thought I would post here first and see if it may well be something else.

NOTE: If you think this should be posted in networking then let me know and i'll gladly create a new thread there. I will not post my HJT until recommended, and that will go into the appropriate thread

Thanks in advance for your help. I've been using this site for years, first time I couldn't find a fix and need to post.

A:Internet Connection In safe mode only. Am I infected?

Uninstall your antivirus and let us know if you can connect

1 more replies

Here are my log files. PLease help. I cant get this off no matter what I do. Deckard's System Scanner v20071014.68Run by Nikky on 2008-05-10 18:01:05Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 82% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-10 18:01:36Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exeC:\Program Files\Common ... Read more

A:Infected With Safe-strip Spyware/malware?

Can anyone please take a look at this and possible help me. My computer is going so slow now. Thanks

3 more replies

Alright this is a family's laptop that is about 5 or even more years old...has windows xp on it dont know the exact one -.-...alright.

My sister has been using it and says she has never done anything to it...which i dont believe but anyways this computer will not boot up what so ever...everytime you power it on it goes to the screen that says unexpected error software/hardware problem yada yada yada...and then it gives you the options of boot in safe mode, safe mode networking, safe mode command prompt, last known good configuration...and none of those will work...we do have the recovery disks to wipe it but are trying to find a better way if possible...and when you try to load into any of the safe mode choices it stops at multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\Drivers\Mup.sys...will stay at that for about 5-10 mins and then just turn off...if you try to just do normal mode or last known configuration it just acts like it loads with the windows and the little green loading bar then shuts off...the more i type the more i think the harddrive is toast but im new and learning so i probably could be wrong. Just looking for suggestions =)

Oh and this pc will run very hot...so if its a hardware issue i would not be surprised.

A:HP Pavilion will not boot in safe, safe w/networking, safe command or in normal mode

I'm heading to work now ill be back later tonight so just post suggestions and i will try them. =)

11 more replies

I'm trying to help fix a friend's infected machine. I don't know what caused it but i can not run most of the malware removal tools.

The XP SP2 PC is getting continuous bad image errors pointing to a file called "UACxtcujhcadh.dll" - not a valid Windows Image.
Can not run any program without these error messages and the standard malware tools won't run.

The machine will only boot into safe mode, otherwise will get a blue screen with Driver_IRQL_Not_Less_or_Equal after login.
I've run a RootRepeal and will include the log.

Thank you in advance for any suggestions. Any idea which infection I might be dealing with here?

A:Infected, Can't run removal tools, only boot into safe mode

Go ahead and close this. I can not get any programs to run. RootRepeal can not access the boot sector and it throws up an error that it can not read the registry.

I'm going to wipe this machine so this can be closed.

2 more replies

A:Infected With Numerous Items. Can Only Boot In Safe Mode

Hi, PaulDH Welcome.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\ComboFix.t... Read more

12 more replies

The compter is locked.  I have tried to restore system earlier date- did not work.  I get into the advance boot options window but when I chose either of the safe modes-  it shuts down before I can get to anything-Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal staff. ~ Animal

A:fbi money pak virus removal- has infected my safe mode- HELP

Don't give up on System Restore after one try!  I have removed this virus twice this week for people and they have a newer version than anyone talks about on forums or can see in removal videos on Youtube.

My solution was to run system restore more than once trying a couple different restore points till one completed successfully.  In one case, it said it was unsuccessful but when the computer rebooted normally afterwards, it actually was successful.

Press F8 when rebooting to bring up boot options and select "Repair Your Computer".  Log in as administrator and select system restore and try again if you can on an available restore point before the infection.  It may take a few tries.

Post back here if it is not.

15 more replies

I've tried everything I. The F8 menu, I'm in a reboot/launch repair loop.
I've tried kaspersky recovery disk and advair boot disk and can not get the virus off so I can atleast boot into windows and fix this.
Ideas? Should I try FRST64?

A:Infected with a virus can't boot windows even into safe mode

Should I try FRST64?

Please do and post its report.

3 more replies

Can anyone help? This is an old computer- but I have always been able to use it. My daughter decided to "borrow it" and it hasn't been the same. I downloaded "hijackThis" and here is what it showed: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:20 PM, on 11/2/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Gamevance\gamevance32.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\IObit\Advanced SystemCare 3\Awc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\Sear... Read more

A:Computer Infected? Keeps showing desktop in safe mode

2 more replies

Hi, Suddenly today our PC shut down spontaneously.  I can turn it on and sometimes get to the safe mode screen, but when I hit enter to get safe mode, the computer once again shuts down.  If I immediately try to restart, the computer won't even get to the first page without shutting down.  What to do?
thanks!  Barbara

A:Infected? Computer won't start long enough to get into safe mode

Is Safe Mode with Networking any better? What is your Operating system? Did you notice if you had any malware pop up or you were removing some before this happened.

4 more replies

I intend to download Windows 7 x64 setup so that I can burn it on a DVD but there is a very persistent USB malware in the PC, and now I am wondering if that malware could somehow "sneak up" into the ISO file that SDM would download and prepare for burning on a disk... If that is the case, then the whole process would be meaningless. Does anyone know?

More replies

Hi folks,

I'm on windows XP.

When computer first loads up I get this message:
"avgwdsvc.exe encountered a problem and needed to close"

internet explorer and firefox do not work. However, IE works when started "with no add ons" and firefox works in safe mode. Email works.

I'm worried I have a virus. I'm not able to run avg to do a virus check because it crashes every time it is loaded.

I've installed and run three anti malware programs but the problem is still present

Would really appreciate some help.

Cheers,

More replies

W32/Blaster.worm has infected laptop. Can't get on web. Can't get in safe mode.
From my cell phone I have been researching and it seems to be an old virus.
I am getting security warning/malicious program.
Firewall warning: Hidden file transfer to remote host has been detected. There is a remote host transfer IP: 25.92.229.139.
And it make a pig squeal sound when I start it up!

A:W32/Blaster.worm has infected laptop. Can't get on web. Can't do safe mode.

2 more replies

Hello,I am dealing with a problem a few days now and I can't find a solution for it.When i boot my pc, windows load to desktop and after a minute or so i get a blue screen with the error message:QUOTESTOP: 0x0000008E (0xC0000005, 0x80635AC1, 0xB490796C, 0x00000000)Also nod32 icon was red but i couldn't click on it (windows were buzy loading other programs).I booted pc in safe mode and tried to run nod32 but it wouldn't start. I uninstalled it and tried to install Kaspersky but due to safe mode i couldn't install it. I then downloaded malwarebytes and run a full scan.This is the log from the scan:QUOTEMalwarebytes' Anti-Malware 1.44Database version: 3554Windows 5.1.2600 Service Pack 2 (Safe Mode)Internet Explorer 6.0.2900.218014/1/2010 12:46:54 ???mbam-log-2010-01-14 (00-46-54).txtScan type: Full Scan (C:\|G:\|H:\|)Objects scanned: 554114Time elapsed: 1 hour(s), 37 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 2Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft&#... Read more

A:Infected, Blue Screen, PC only Boots in Safe Mode

2 more replies

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. It's still the same, desperate for help, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Minefield\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Pa... Read more

A:Infected with trojan, Vista won't start aside from safe mode

Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Installed Programs

Please could you give me a list of the programs that are installed.Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and ... Read more

3 more replies

Hello,

Could someone please help, I have lost control of my laptop. If I boot into normal mode the computer freezes and I have to turn it off manually. In safe mode I cant run Hijackthis or Avast. Microsoft Security Essentials cannot update.

I have ran TDSSKiller and pasta the log below. It found 8 threats but dont know what to do it them.

Im running Win 7 Pro.

Any help would be much appreciated, thanks
15:00:04.0499 2600 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:00:04.0619 2600 ============================================================
15:00:04.0619 2600 Current date / time: 2012/06/21 15:00:04.0619
15:00:04.0619 2600 SystemInfo:
15:00:04.0619 2600
15:00:04.0619 2600 OS Version: 6.1.7601 ServicePack: 1.0
15:00:04.0619 2600 Product type: Workstation
15:00:04.0619 2600 ComputerName: Scorpio
15:00:04.0619 2600 Windows directory: C:\Windows
15:00:04.0619 2600 System windows directory: C:\Windows
15:00:04.0619 2600 Running under WOW64
15:00:04.0619 2600 Processor architecture: Intel x64
15:00:04.0619 2600 Number of processors: 4
15:00:04.0619 2600 Page size: 0x1000
15:00:04.0619 2600 Boot type: Safe boot with network
15:00:04.0619 2600 ============================================================
15:00:05.0039 2600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder... Read more

A:Badly Infected - Cannot Run Avast or HijackThis in Safe Mode

Hello again, I was reading through other posts and installed combo fix. Maybe this might be of some help too

Thanks

ComboFix 12-06-21.01 - Administrator 21/06/2012 15:44:35.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.8089.6972 [GMT 1:00]
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Access Centre\AppData\Local\TempDIR
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 13:50 . 2012-06-21 13:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BFA3D38-DCC1-4969-9747-699DB7E1B76A}\offreg.dll
2012-06-18 11:27 . 2012-06-18 19:33 -------- d-----w- c:\users\Administrator.AccessCentre-PC\AppData\Roaming\EndNote
2012-06-18 11:27 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\Co... Read more

2 more replies

My cousin's mouse stopped working on his computer after installing a game expansion. He asked me to try to fix it and I noticed his computer was heavily infected with viruses. I've removed a lot of malicious files through Malwarebytes' Anti-Malware; however, the mouse still doesn't work, and I think there are still viruses. I also tried to reinstall the drivers for the mouse off the manufacturer's website(Logitech), but it didn't help. Since the mouse only works in safe mode, I can only run GMER in safe mode.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Administrator at 19:10:45.24 on Mon 09/20/2010Internet Explorer: 7.0.6000.16643Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2813.2149 [GMT -7:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svcho... Read more

A:Mouse only works in safe mode, infected with viruses

11 more replies

Hello,

I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.

I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.

Need help removing please, Thank you

A:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools

AA39754E-715219CE

See video for help on to do this

6 more replies

I'm getting a lot of pop ups and redirects when on the internet. I have run my Symantec Anti Virus, and followed all the steps listed on your site to no avail. I have tried following instructions from other posts, as well as the removal instrucions on the Symantec web site but nothing will get rid of these programs. None of the programs on my computer are detecting any of the programs, but when I run the virus scan off of the symantec website it finds them. When trying to run "Hijack This" an error message kept popping up when I selected scan and save, but I was able to bypass it by scanning only, then saving. When I try to access this forum on the infected computer it shuts down the internet explorer so I had to save the file, and post from another location... Please help!!! I'm at my wits end Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:45 PM, on 7/25/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\winnt\System32\smss.exeC:\winnt\system32\winlogon.exeC:\winnt\system32\services.exeC:\winnt\system32\lsass.exeC:\Program Files\Sygate\SPF\smc.exeC:\winnt\system32\svchost.exeC:\winnt\System32\svchost.exeC:\winnt\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Grisof... Read more

A:Infected With Spyware.isearch, Error Safe, & Winfixer (and More, I Think)

Hello lmvierraI will be helping you with your problems.Please right click on Hijackthis.exe located here:C:\Program Files\Trend Micro\HijackThis\HijackThis.exeSelect rename and rename it to reveal.exePost the contents of the resultant log in your next reply.Demon Cleaner

25 more replies

Hi all - this is my first ever post to a forum - normally I google my problems and find the solution, however this one seems pretty gruesome. I have checked around various forums for a day now, with no luck so far. As I am new to this, please excuse any gross violations of etiquette Here is the scenario:

A friend of mine from work approached me about some of his computer problems (frequent pop-ups, etc...), as I installed AVAST! Home for him a few months back. (His PC specs are: - compaq presario desktop, windows XP home SP2, AMD Sempron 3200+, 1ghz, 512m RAM, 80gb HD)
I suspected that he had not kept his free registration current, and that Avast expired and he had accumulated some viruses, spyware, trojans, etc... So trying to help out, I met him at the computer store, recommended that he purchase Zone Alarm Internet security (antivirus, anti-spyware, firewall...) and installed it for him. After installation, a dialog box opened suggesting I restart the computer, which I did(thinking back to my own machine, I do not recall having to restart after installing zone alarm - I think I may have inadvertently messed up here, because I had not even scanned for viruses/spyware, yet once the computer restarted, it would not boot normally) - I had to start in safe mode with networking. I figured that I would scan for viruses in safe mode anyway, and that should get rid of whatever was causing the problem. Found 39 infected files - Zone Alarm cleaned all but one of them - it reported... Read more

A:Severely infected computer - will now only boot into safe mode

6 more replies

I have a relatively new Vista Home system which was running fine until last night, when running an exe windows showed the command prompt listing keygen.exe, and serial.exe. Then another was listed, and Windows said something had stopped responding, and it would shut down in 1 minute. It restarted, and after the boot screen, microsoft loading bar the screen usually just remains black, and eventually reboots. Sometimes you see the vista logon scree and it says please wait, only to go black and do the same. Although there's also a short delay with a black background only with a cursor, I can load in safe mode. Here I've run a full AVG anti spyware (formerly ewido) scan which some stuff, unfortunately I can't find reports of that or Avast AV I ran, but I thin it picked up a keygen archive, and deleted 1/2 trojans, moved some other stuff to the chest. In add/remove programs I've found an un-installed some oberon media entries, including big kahuna reef 2, galapago, and others. Tried system restore which couldn't log in, with same black screen problem. I'd rather not re install as I the systems nicely setup, plus I don't have Vista Home Premium CD, only an ultimate which. It's still the same, desperate for help, thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:22, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network suppor... Read more

More replies

Ok I will list the problems in order that they occured...

-Went to a site, suddenly I get the infamous fake spyware icon (the blue shield) and it says I have all these viruses and starts scanning

-I try to open up AVG and it's locked. I try MBAM and it's locked. Thankfully super antispyware works. and finds 4 of the trojan dropper and gen combo

- I delete and restart my computer in safe mode when I GET A BIG BLUE screen telling me that there was a problem (something like hardware problem or changes). This has never happened to me! I usually run safe mode and run my scans and boom my problem is solved but somehow it seems to be blocked!

-On the bright side my computer WILL load in regular mode but I seem to have the yahoo redirect problem. I ran trend micro, AVG, MBAM, and super antispywar and they dectect NOTHING. Please help! I'm really out of ideas on what to do. I ran a combo fix but it didn't take long and really had nothing in the log that stood out. If I need to post a hijack log I will gladly but I'll have to get back to the infected computer.

More replies

Hi,

I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.

I can not seem to start any programs.

A:Infected with Antivirus Security Pro, will not let me start in safe mode

36 more replies

Just recently had a few issues with my '08 HP laptop w/ Vista: cd burner is not working or recognizing DVDs/CDs and I suddenly stopped being able to connect to the internet via my landlord's wireless (can connect but is showing "Limited Connection"). I have connected to them with no problem for the past 2 years. I have had issues with the Security Tool virus in the past few months and I'm wondering if this might be causing it. I was planning on trying a system restore tonight to see if I could back things up to when I was hit with that (mid-July). Anyway (long story short), I brought the laptop to work today to see if I could connect successfully to my work's wireless connection to see if it just might be an issue with my landlord's router. However, should I be worried about compromisingi my work's system if I AM infected with anything? If I can connect, I was planning on trying to d/l some free anti malware/spyware to try to deal with Security Tool.

Any help is appreciated! Sorry for the long post...

Thanks a million,
Rachel

More replies

I am working for someone and using their computer. I have accidentally infected this computer and do not have access to the Administrator account to change/revert things. I am in safe mode now and can access the internet. I have tried calling places like Symantec to get help over the phone and there is not much they can do without admin access. I will post the DDS log at the end. The GMER was not able to scan my computer, most likely because of the infection.

I apologize, I do not remember the exact names of the infection or the "antispyware program" that was running after. The virus started with an S and sounded like syndavi. The "antispyware program" was called AntiSpyware _______. I have Symantec Endpoint protection on this computer. I can restart out of safe mode to find these but I would rather not make anything worse as it is not my computer. Is this possible to fix without admin access? Will pay well if it is able to be resolved. Thank you so much for your help!
DDS (Ver_10-11-27.01) - NTFSx86 NETWORK
Run by vevans at 13:00:33.75 on Fri 12/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1367 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE

A:Infected with no admin access, running in safe mode now

3 more replies

Ever since I got that virus my computer has only been able to start in safe mode with networking. Whenever I boot up my comp, the typical windows xp screen would load and then a blue screen would flicker for a mili sec (too fast for me to read!) and then I am presented with the option of booting it into safe mode. I have ran Malwarebytes anti malware and it seems to have gotten rid of most of them, but one or sometimes two keep coming back. The trojan "HKEY_Local_Machine\software\tdss" would come back every time I reboot and run malware. If I dont get rid of it, it will re direct me to a different site (about viruses) whenever I click on links. When I get rid of it, links work fine. And I was unable to run adware and and spybot in sm, I have ran stinger though...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:45:20, on 10/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Trend Micro\Hija... Read more

A:infected with xp anitvirus 2009 and can only access safe mode

13 more replies

Hey guys,
I finally got a pop-up ive been wanting for a few months now. It is one of those fake virus scanning websites trying to run a fake scan (just a .gif picture) and it tells me to download their AV.
Ya let me get right to that! REALLY!
I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Am i alright to download this? A second opinion never hurts. Cant know everything. Damn hard pill to swollow haha!

Thanks everyone,
Ben

Well, if you're going to let it run its course to see what it does, make sure that the computer is completely isolated with ZERO and I mean ZERO information on it.

Also, keep in mind that not only can this sort of thing mess with your software, but in rare cases it can kill hardware if it's really horrid.

9 more replies

Hello, I have probably 20 hours into trying to repair a Dell Inspiron 6400 running Windows XP Pro. The most frustrating part of this is that tools that I believe might help, such as Malwarebytes AntiMalware, Hijack This and RootRepeal are being blocked from installation or running by something...even in Safe Mode. I have tried the rename files names to get them to work...they still do not open. It is the "something" that I have been unable to find.
I was able to load Spyware Doctor, but when scanning it would hang up on one program...so it never finished. I was able to run Virut (it cleaned files, unable to open some) and right now Symantec Trojan.Vundo Removal Tool is running.
I have done a Windows Repair Installation which means I rolled back to SP1. I can get Internet access in Safe Mode, not in regular mode. When I try to update Windows it stops in the middle and says I have an error. I get a "spoolsv" error when the machine starts. From reading it appeared this is a Windows update issue. I did look for excessive SPL's and there were none. When in Internet Explorer I get the red letter warnings that I am infected with 18 trojans and should scan my machine. I did not click on scan my machine. Typically when trying to go to a antivirus/malware site I am blocked or Explorer/Mozilla closes.
I got regedit to work by renaming it reg-edit. The other above mentioned programs did not work even when renamed. Another program that will not work... Read more

More replies

My laptop has been infected by malware/spyware. This is the first time i have joined any forum so look forward to your help. I have been working in safe mode since 2 days and need immediate help as this is my company laptop and i need access to programs that i cant get in safe mode.
Below is the HJT log report and attached is DDS. I could not run GMER in safe mode, let me know what to do. I also see that their is an "iexplore" process running in task manager which is a Trojan, as it launches itself after regular intervals even after i kill the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:25 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe

A:infected by malware/spyware.. running PC in safe mode since 2 days..need help

Hello and Welcome to TSF.

Quote:

this is my company laptop

We are sorry but this forum is intended for the home user.

This thread shall now be closed.

------------------------------------------------------

1 more replies

Title says it all, can't get in any of the safe modes. Saw another guy with the same problem so I followed Gringo's advice on how to run FRST and here are the logs. Assumed I should start my own thread, hope that's cool
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 14-01-2013 19:50:59
Running from I:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

A:Internet computer compliance virus infected all safe modes

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

20 more replies

My computer started displaying the System Tool pop up and the dreadful blue screen that said there was an error within the computer and the program was closing to save it (paraphrased of course-the screen came and went so fast)it then said if recent hardware had be installed try uninstalling it then it restarted. It went from that to now only being able to boot in safe mode. Now the wireless network is disabled...it says connection status unknown- the dependency service or group failed to start.
DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by msladydebbie at 23:09:48.71 on Wed 03/02/2011
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2813.2347 [GMT -6:00]

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe

A:Infected With System Tool Computer Only Boots In Safe Mode

26 more replies

Hi,

I am infected with the System Care Antivirus on a Windows XP machine. When I try to boot into Safe Mode (both with or w/out Networking), I get a Windows blue screen of death. I have removal instructions that I can follow, but those depend on launching Safe Mode. Any suggestions? Is there a rescue disc that I could try?

[Note: The machine does boot into normal Windows mode].

Thanks!

FrisB

A:Infected w System Care Antivirus -- Can't Boot Into Safe Mode

I'll report this topic to appropriate helpers.
Hold on there....

4 more replies

In step 2 of the self-removal process I need to reboot my computer in safe mode with networking. I do that and soon after my computer logs me off and restarts. What gives?

A:Infected with antivirus security pro - safe mode shuts down computer

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

3 more replies

I am having the same issue posted by KellyV6726.  I have the "Antivirus security pro" virus but can't follow the fix instructions because it won't let me boot in Safe Mode of any form.   I followed the instructions from Aaflec in KellyV6726's  post and created a FRST.txt file, which I'll paste below.  Since Aaflec took Kelly's FRST file and created a fix file, I am hoping someone can do the same for me - or tell me how to do it.  (I initially posted this issue in the "Am I infected" forum, but received no replies so I'm assuming that was not the right place!)

The contents of my FRST file:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [ccApp] - C:\Program Files\Common F... Read more

A:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

26 more replies

Windows xp pro service pack 3.  Browser hijacked by the virus.  I turned off the computer and could not restart.  It continues to cycle through the Windows start up screen, then goes blank, then short timed screens of unintelligible (to me) white letters on black screen, a blue letter on black screen saying something about corrupt file(s), etc.

I created a HitmanPro boot flashdrive.  It would only let me make a 64-bit version on my laptop, and I think my tower that has the virus is a 32-bit system.  I can get to the boot screen, and I get a message that HitmanPro is booting the computer, but it just goes back to the "Start in safe mode" screen.  No matter which option I choose, the screen freezes.  If I hit the Alt, CTRL, Delete sequence, it goes back to the boot screen.

I do not have a boot disk.

A:Infected with FBI Moneypak virus or similar and can't start computer in safe mod

Hi ssjphd,

Press Run then OK
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Verify the correct drive letter is selected for your USB device then click OK
It will install a little bootable OS on your USB device
Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
After it has completed do not choose to reboot the clean computer simply close the installer
Remove the USB and insert it in the sick computer
Boot the Sick computer
Press F12 and choose to boot from the USB
A Welcome to xPUD screen will appear
Press File
Expand mnt
Click on the folder that represents your USB drive (sdb1 ?)
Press Tool at the top
Choose Open Terminal
Type bash driver.sh -f

42 more replies

Hi - I was following another post where Afflack (splng?) was helping someone with the same issue.  I was able to create a FRST text file as he instructed.  However, in the post I was following, Afflack took this info and created a fix file for the user's computer.  I am hoping the same can be done for me.  Here is the contents of the FRST scan.  If I need to provide anything else, please let me know.
Thanks - Dinx

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-06-09] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Micr... Read more

A:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Sorry for the mis-spelling - the person who was helping was Aaflac.

3 more replies

***before wasting your time reading this, I'm running Vista and don't know if it will work on XP or earlier systems***

Hi guys, I am by no means a tech expert. So do the following at your own risk.

More replies

My PC has been infected with 'Internet Security' and i have followed all the steps on
http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2012 but have not successfully got my computer back.

I located the virus files and rename to virus and virus2.

I then ran:
FixNCR.reg
tdsskiller.exe -> can't load driver -> does not find a rootkit infection
Malwarebytes anti-malware -> 38 days old version as i cannot access internet -> found and remove internet security (log attached)
Spyware doctor -> failed to set up due to lack of internet. starts automatically when booting up the PC.

they seem to have stopped 'internet Security' however i cannot connect to the internet, cannot enable mcafee, cannot boot on safemode (get blue screen saying i should check my computer for viruses or recent changes), cannot do system restore to a previous date. I suspect some sort of stubborn rootkit infection.

outputs from dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by SanchezPrieto Family at 0:47:17 on 2012-02-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1425 [GMT 11:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe

A:Infected with 'Internet Security' and unable to boot on any safe mode

Hello al345 and welcome to BC.

Sorry about the delay, do you still need help?

75 more replies

In a laptop recently infected by ransomware, XP boots normally but with RUNDLL error messages, but all boots into safe modes end in BSOD 7B

Computer: Acer TravelMate 4070
System name: ACER-CD38DA1573
BIOS: §Acer 3°18, 21 Feb. 2006
SMBIOS version: 2.31
OS: Windows XP Home Edition, Vesion 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629 : Service Pack 3) (Italian language version)
Antivirus: originally NOD32 (Italian), now AVG 2013 Free (Italian)

I am trying to fix the Acer laptop of a friend here in Italy. Giuseppe is a bookkeeper and does not visit the usual infected sites, but recently he booted up his computer and found it locked with a spash screen declaring, “Il vostro computer è stato bloccato.” This is an Italian ransomware that surfaced in December 2012 and presently is hitting computers that visit contaminated websites in Italy. Because it is extremely convincing it has apparently encouraged a lot of copycat imitations, since there appear to be several variants now in circulation. And because it is brand new, extremely devious, and mostly limited to Italian computers, the major antivirus firms do not seem to have produced specific removal tools for it yet. The only help I have found online for how to remove it are some sets of instructions here and there, some of them including a custom removal tool to download.

Giuseppe told me that he recently saw the ransomware splash screen on startup, but when he rebooted it the screen did not appear again. For protection he was ... Read more

A:In a laptop recently infected by ransomware, all boots into safe modes end in BSOD 7B

16 more replies

I seem to have some kind of infection that wont let my computer boot into safe mode. This has also caused my clock to show up on my desktop as military time, although when i try to fix it it's showing it to be in normal time. This all started after one strange day when my google started to redirect me to weird search sites, and other weird things on firefox. I have ran malwarebyes, spybot, and avg internet security 9.0 and they are all finding nothing. I can't seem to remove this from the computer and I really need some help. Windows XP Media Edition Version 2002 SP3. Thank you so much for your time and help, here are the logs.DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 23:50:08.40 on Mon 01/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ============================= Pseudo HJT Report ===============uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ieho... Read more

A:Infected with a virus/Trojan/Spyware/or malware that wont let me safe boot

10 more replies

Good day to everyone, especially those lovely people at BleepingComputer.com.

Tonight (Monday 1st July 2013) around 22:30pm my monitor went blank and was then replaced by a full screen message stating that it was the United Kingdom Police (Cheshire Police Authority), with a pic of the Metropolitan Police top man Bernard Hogg-whathisname.  It told me to cough up £100, payable by ukash or paysafe only.

Obviously it's a ransomware scam, and it's not the first one that I've had on my PC. You guys very kindly helped me get rid of my last one (Live Platinum Security virus).

I'm running Windows Vista, with Malaware (trial version) and Pandasoft AV software.  So much for Pandasoft....

One major problem that I have however...  I cannot create any DDS logs or download anything.  As soon as I log into my PC, the ransomware automatically kicks in, locking me out of my computer.
I've tried booting it into safe mode, both with and without networking, and all what happens is that  as soon as I log in, the PC instantly goes into restart mode.  This virus is an evil little bugger, I'll tell you!

As I work a 12-hour shift, I won't be able to reply or do much until late in the evening (UK time).

Thanking you in advance with helping me kill this nasty virus off my PC.

Best regards,

Graham

A:Infected with PCeU ukask/paysafe ransomware, cannot access safe mode

28 more replies

Hi,

I have been goin through and taking help from various threads here and I appreciate every person who is supporting others in some way or another .. THis is a great team work. Kudos to all.
Coming to my problem, My Computer Acer 1640, Windows Home edition, with 512mb was infected with Advanced Virus Remover. Initially disabled every Windows utility of my computer and then my system went dead (black screen). Safe mode was no better. Eventually one day, my lap gave me a desktop on safe mode and i went on to create a new user with all administrative rights. This might sound stupid, but i am not a computer whiz and jus did thing my way. Then using the new user, i went into registry and also local services. In local services i was able to start my McAfee and run a scan. Although this was not that helpful since my networking was not available, it did motivate me to look further. Eventually one day, I could get my internet working in safe mode. I downloaded Malwarebytes and it cleaned up most of the rubbish. I still was restricted from using Systerm restore and many other functions but using registry edit, i figured to activate system restore. But my current problem is that i am not able to log on to windows normally even though i tried doin the same using F8 option.

I wanted to restore my system to a previous date and get it runnign properly and this is possible only if i can log bak to windows normally.

pls help

I appreciate eveyrone who has taken time to read thru this, ... Read more

More replies

Ok my moms computer has a virus that has messed with the safe mode registry item and can't boot into safe mode. And before I new about the registry item I had set the computer to automatically boot in safe mode,like an idiot, assuming it would force it in but now it is stuck in a boot loop. When it tries to go into safe mode, it goes through the list of files loading then it stops listing files and reboots. So how do I get it to stop the reboot so I can get into safe mode so I can get rid of the little butt munch. PLS PLS PLS PLS HELP!!!!!

A:Computer infected with virus and stuck in safe mode boot loop

You could try and use a System Restore Point via Recovery Console -> How to Perform a System Restore in Windows XP through the Recovery Console | eHow.com

You could try a Repair Install which recreates the Basic Windows Registry.

(both the above require a Windows XP cd)

You could try 'fixing' the bad Safe Mode Registry keys -> Restoring Safe Mode with a .REG file ? Didier Stevens

1 more replies

Hi Folks.
I am new to the forum.
One of my PCs is acting strange. XP SP3 system.
Cleaned some things with Mbam.
But noticed that when I boot into Safe mode, McAfee Real Time scanner is off. If I turn it on, 3 seconds later it gets turned off. Seem like a virus.
McAfee scans are clean. MBam scans are now clean.
Several online scanners come up clean
several free scanners come up clean (occasional tracking cookie)
Combofix runs to stage 50, prints "deleting files" and the PC immediately reboots.
Usually jusched.exe crashes after startup.
Feels like something is lurking in there.
Any help is appreciated.
Below is the HJT log.

Thx.
David

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:32:37 PM, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe

A:Mcafee Real time scan disabled in Safe Mode - Infected?

2 more replies

Hello

I've posted the message below in the Virus, etc. Removal Logs forum already. I'm new here (first time infected with a virus!) and so don't know which forum is really the most appropriate to get the quickest useful response. Apologies if posting in more that one thread is against etiquette.

Ed

------------------------------
My PC has been infected with a UK version of the FBI MoneyPak virus, claiming to come from the Police Central e-Crime Unit (PCeU) and demanding ?100 via uKAsh or paysafe care to unlock my computer.

I have Windows Vista Home Premium.

I have tried to follow the advice on the Norton support site and here on bleeping computer by starting the computer in safe mode. But as soon as I log in, the virus takes over the whole screen so I cannot use my browzer to download any software to try to fix it.

The only thing I am able to do when the virus screen has appeared is to use Ctrl-Alt-Delete to bring up the screen which gives options:
Lock this computer
Switch User
Log off
Shut down, etc.

If I try to start Task Manager, it flashes for half a second then disappears and the virus screen takes over again.

I'm completely stuck. What help or advice you can offer.

Ed

A:Infected with UK Police MoneyPak virus - Safe Mode doesn't work

Hello Sheddy71,

Since no logs were included in the other topic nor in this one. This is the forum you should start with. I have deleted the other topic in the log forum to avoid confusion for everyone. Thank you for choosing Bleeping Computer for your Malware Removal needs.

Someone with malware experience should reply to you here shortly. Please be patient while your topic is evaluated by our volunteer helpers.

2 more replies

My computer is infected with a search hijacker. I've tried malwarebytes, trend micro and super-antispyware, but haven't been able to remove it. Now, windows won't even start - it gets hung up after the initial window xp screen, leaving just a blank black screen; i.e. the desktop never comes up. Thanks for the help. Here is the DDS log:DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Joe at 20:43:06.21 on Tue 12/15/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.721 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Joe\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0�... Read more

A:Infected with search hijacker; now windows doesn't open except in safe mode

13 more replies

I can download and run DDS, but it gets killed before I get the log. Ditto with RootRepeal and HijackThis. When I try rkill, it seems to work, but then I immediately get a "personalized settings" pop-up, which runs briefly, then (I'm assuming) undoes whatever rkill achieved. None of the malware removers I've tried (Malware Bytes, SpyBot, Windows Defender, AdAware) run to completion. I've tried exefix, which again, seems to run fine, but the tools still won't finish. Upon normal boot, Windows XP launches, then the "Personalized settings" thing pops up first, followed by "Protection System"--a virus I've been able to read about online, but none of the fixes I've seen elsewhere seem to work. Windows Defender makes an appearance, but when I try to start it, it says "Access is denied. Error code: 0x80070005." I also have some redirect problems when trying to find solutions online, but I can work around it by going to the site in question (e.g., bleepingcomputer) and searching internally for my problems. When I try and run in safe mode, I get a blue screen: STOP: 0x0000007E(0XC000005, 0x8537009, 0XF7C7B3E0, 0XF7C7B0DC).Any help at all would be greatly appreciated! I assume the first step is figuring out how to get a DDS, RootRepeal or HijackThis log, but I'm totally flummoxed. Would listing my processes help?I got D.D.S. to run! Here are the results.I'm trying RootRepeal again next.DDS (Ver_09-10-26.01) - NTFSx86 Run by Matt at 10:3... Read more

A:Infected: safe mode=blue screen, can't run any spyware removal tools

I realize there's a policy against "bumping" threads here, but my computer's getting progressively worse. Yesterday, the system tray disappeared, and today, Windows XP no longer loads; I get a blue screen no matter which configuration I try. I'm guessing that my best bet is going to be salvaging whatever I can from the hard drive and reformatting Windows XP, but before I go that route, I thought I'd give this one last shot! If any of you wonderful, overworked volunteers is able to take a look in the next day or too, I'd greatly appreciate it.

Much thanks,

Plautus

25 more replies

A:Infected with malware - no gmail, search results do not resolve, and safe mode loop

17 more replies

Hi,

Last night my PC was infected after visiting a normal blog. Immediately my PC was getting false messages of "intruder alerts" and prompts for running a scan. Although I clicked on the "x" to close the window rather than "Yes", the next thing I know I see a blue icon on my desktop for Security Tools.

It ran a fake scan - trying to tell me I had numerous malicious spyware programs. I ignored this, but now I can't use task manager, malwarebytes and spybot get blocked so they can't perform a scan, firefox runs really slow (nothing new there...), and often gets redirected to sites promoting symantec products, or won't let me access the internet - blocking various searches like when I googled "Security Tool virus removal".

I also get a rapid fire of windows alerts telling me my PC is under attack.

It has also downloaded a "Windows Security Centre" icon which looks to be a fake as this looks to be what is driving the alerts telling me my PC is under attack - the icons however are remarkably similar to the official microsoft security centre logos.....

I attempted to reboot the PC in safe mode, but this doesn't work as immediately it jumps into the BSOD after selecting any of the safe mode options - although when I reboot in normal mode this is fine.

It seems like this is just one of the variants of the security tools virus...

A:Security Tool - PC infected, applications blocked and BSOD when trying to boot in safe mode - HELP!!

Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take so... Read more

1 more replies

my problem has been getting worse over the past few days. I am usually very good at removing this stuff but for some reason this one is giving me trouble. I have run malwarebytes and does not pick up anything. when i go to IE and search on an engine, the results i click on send me to other pages. i cannot get into safe mode, give me the blue screen of death. now other programs are not letting me in, outlook etc... please help!! DDS (Ver_09-12-01.01) - NTFSx86 Run by denhom at 9:37:00.81 on Fri 01/22/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2729 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\Symantec AntiVirus... Read more

A:Infected with somthing, browser redirecting, cant get into safe mode, blue screen of death

anyone?anyone?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of th... Read more

13 more replies

I have an infected Dell laptop running Windows XP Pro SP3. On startup, it displays a System Shutdown pop-up with a one-minute timer and the message, "The system process C:\Windows\system32\services.exe terminated unexpectedly with status code -1073741482. The system will now shut down and restart."

When I booted it into Safe Mode, I found AVCare (which I removed). Spybot S&D also caught Monopod attempting to set a startup item in the registry (which I blocked). There's more garbage on the system, because it still reboots itself.

I booted it again into Safe Mode (logged in as Administrator) and tried installing SDFix and MBAM from a flash drive. I was able to install both of them, but they both crash when I run them. SDFix crashes right after I type "Y" to start the scan, and crashes explorer.exe along with it. I was able to start MBAM after installing, but it crashed as soon as I clicked "Start Scan", and I when I try to run it again I get the message, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Any help would be very much appreciated.

HijackThis also will not run. Firefox and IE7 are both get redirected away from anti-virus and anti-spyware sites (like Trend Micro House Call). In some cases the browsers crash. I installed Google Chrome to try to get a clean browser, and it won't bring up a... Read more

A:Infected laptop reboots automatically on startup; MBAM and SDFix crash in Safe Mode

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies

.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Mom at 1631 on 2011-06-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1805 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes =... Read more

A:Only runs in safe, redirects even in safe, reboots in normal mode..no virus' found

oh and Malwarebytes did block a 91-207-192-22 port 49179 svchost.exe

9 more replies