Sign in to follow this  
Followers 0
MagiX110

Windows Command Processor - HELP

9 posts in this topic

Hi i have recently had severe issues with malware that has infected my PC.

at first it disconnected my internet by uninstalling my network driver and many other things, after restoring then UNDOing my restoring it somehow restored my driver so i can access the internet, it has disabled my Mcafee, and a window keeps popping up called "Windows Command Processor"

Ive read many threads now with people who have had the same issues, ive tryed Rkill, Malwarebytez anti-virus, Spybot search and destroy, CCleaner, etc, nothing seems to get rid of it. Ive also tryed to detect the raw process using Hijackthis and it doesnt seem to detect it.

can someone help me get this off as its a major problem, would be really appreciative thanks people

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Share this post


Link to post
Share on other sites

im currently in safemode or it wont let me visit this website, i hope thats ok, i will do what you asked now thank you

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by HousePC at 18:20:09 on 2012-09-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2495 [GMT 1:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\mcafee\VirusScan\mcods.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624172116.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [AdobeBridge]

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe

uRun: [DscIhece] C:\Users\HousePC\AppData\Local\umkvwevn\dscihece.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

StartupFolder: C:\Users\HousePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dscihece.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SHORTK~1.LNK - C:\Program Files (x86)\ShortKeys 3\shortkey.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{2E30D14A-B6FE-462B-B8DC-B5082BBC5B74} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{8206B912-0058-4392-9AF0-E7426FCA9975} : NameServer = 8.8.8.8

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624172116.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\HousePC\AppData\Roaming\Mozilla\Firefox\Profiles\ofsmj58t.default\

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-15 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]

S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-3 476016]

S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-3 387440]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 399432]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-16 676936]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-15 199272]

S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-19 1153368]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-9-6 2438696]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-15 224704]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 114144]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-09-20 13:05:48 -------- d-----w- C:\Users\HousePC\AppData\Local\Microsoft Games

2012-09-20 12:17:03 -------- d-----w- C:\Users\HousePC\AppData\Local\{C93148A0-C609-44A3-ACEE-B3CC9D532EC3}

2012-09-17 13:11:19 -------- d-----w- C:\Users\HousePC\AppData\Local\Apps

2012-09-17 13:11:18 -------- d-----w- C:\Users\HousePC\AppData\Local\Deployment

2012-09-17 13:00:53 -------- d-----w- C:\Users\HousePC\AppData\Local\{9BF0F2F6-6560-4D13-83FB-662F150270C0}

2012-09-16 18:19:04 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-09-16 18:18:01 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-09-16 18:18:01 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-09-16 18:15:15 -------- d-----w- C:\Users\HousePC\AppData\Roaming\TestApp

2012-09-16 18:15:15 -------- d-----w- C:\ProgramData\PC Tools

2012-09-16 13:03:27 -------- d-----w- C:\Program Files (x86)\Citrix

2012-09-16 13:03:23 -------- d-----w- C:\Users\HousePC\AppData\Local\Citrix

2012-09-16 13:03:19 103784 ----a-w- C:\Users\HousePC\GoToAssistDownloadHelper.exe

2012-09-16 12:56:50 -------- d-----w- C:\Users\HousePC\AppData\Roaming\McAfee

2012-09-16 12:08:32 -------- d-----w- C:\Users\HousePC\AppData\Local\{EDE0FE17-5CAF-42C9-9A8C-CA734A12705F}

2012-09-16 07:45:07 -------- d-----w- C:\Users\HousePC\AppData\Roaming\SUPERAntiSpyware.com

2012-09-16 07:44:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-09-16 07:44:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-09-16 07:31:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-16 06:58:09 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Malwarebytes

2012-09-16 06:58:04 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-16 06:58:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-16 06:58:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-16 06:44:23 388096 ----a-r- C:\Users\HousePC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-16 05:13:46 -------- d-----w- C:\Users\HousePC\AppData\Local\{1688A56A-33C9-43F7-B356-1B8B7EEDC46D}

2012-09-16 04:52:57 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-09-16 04:45:13 -------- d-----w- C:\Users\HousePC\AppData\Local\{D50FE16A-A060-458B-A5BA-D954525E6B00}

2012-09-16 04:26:34 -------- d-----w- C:\Users\HousePC\AppData\Local\{61A16220-7A30-4B37-AD43-0A41369925E7}

2012-09-16 04:14:01 -------- d-----w- C:\Users\HousePC\AppData\Local\{50F50541-CC27-4783-907E-1A08A2D6C3DB}

2012-09-16 04:10:06 -------- d-----w- C:\Users\HousePC\AppData\Local\{674580A8-59A9-45BB-B6B9-484E62855110}

2012-09-16 03:58:11 -------- d-----w- C:\Users\HousePC\AppData\Local\{7207BC5C-B9D4-4193-8806-4B6C2A5536C3}

2012-09-16 03:18:27 -------- d-----w- C:\Users\HousePC\AppData\Local\{A3D1370F-EB2A-4C51-8AAA-75FBE86B606D}

2012-09-16 03:07:29 -------- d-----w- C:\Users\HousePC\AppData\Local\umkvwevn

2012-09-16 03:07:28 95576 --s---w- C:\Users\HousePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dscihece.exe

2012-09-15 18:42:54 -------- d-----w- C:\Users\HousePC\AppData\Local\{D123DE3B-2953-44F9-B7BD-CEAD1DF6516D}

2012-09-14 22:28:45 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-14 22:28:45 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-14 22:28:44 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-14 22:28:43 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-14 22:28:42 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-14 22:28:41 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-14 22:28:41 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-13 15:04:42 -------- d-----w- C:\Users\HousePC\AppData\Local\{15443F7C-3411-4207-9DAB-6902B4C82706}

2012-09-13 03:08:20 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Sony Online Entertainment

2012-09-13 01:23:54 -------- d-----w- C:\Users\HousePC\AppData\Local\SCE

2012-09-12 14:45:28 -------- d-----w- C:\Users\HousePC\AppData\Local\{52C20FBC-00E2-497A-B042-B71033755392}

2012-09-12 14:31:05 -------- d-----w- C:\ProgramData\7531CCA91881015F6476D5DFF875F002

2012-09-11 22:37:50 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Vauruh

2012-09-11 22:37:50 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Herefi

2012-09-10 16:53:29 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2012-09-09 21:21:10 -------- d-----w- C:\ProgramData\Firefly Studios

2012-09-09 21:20:41 -------- d-----w- C:\Program Files (x86)\GameSpy Arcade

2012-09-09 18:22:46 -------- d-----w- C:\Fraps

2012-09-06 15:25:15 -------- d-----w- C:\Program Files\CyberGhost VPN

2012-09-04 12:45:34 -------- d-----w- C:\Users\HousePC\AppData\Local\LogMeIn Rescue Applet

2012-09-03 17:11:16 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2012-09-03 16:40:34 -------- d-----w- C:\Users\HousePC\AppData\Local\Turbine

2012-09-01 16:40:47 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-30 13:46:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-08-30 13:46:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-08-29 18:11:40 -------- d-----w- C:\Users\HousePC\AppData\Local\ShellShock_Enterprises

2012-08-26 19:52:55 -------- d-----w- C:\Users\HousePC\AppData\Local\{9125DA0A-F078-476B-B396-0B07960492DD}

2012-08-26 18:57:00 -------- d-----w- C:\Users\HousePC\AppData\Local\{01FB5684-3E1D-43E7-8736-D05719E68454}

2012-08-26 18:56:16 -------- d-----w- C:\Users\HousePC\AppData\Local\GameSpy

2012-08-25 14:46:54 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Black Sea Studios

2012-08-24 23:01:44 -------- d-----w- C:\Users\HousePC\AppData\Local\ApplicationHistory

2012-08-24 22:58:11 -------- d-----w- C:\.jagex_cache_32

2012-08-24 10:50:03 -------- d-----w- C:\Users\HousePC\AppData\Local\FalloutNV

2012-08-22 23:27:50 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-08-22 11:07:29 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Helios

2012-08-22 11:07:04 -------- d-----w- C:\Program Files (x86)\TextPad 6

2012-08-22 10:40:19 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2012-08-22 10:23:06 -------- d-----w- C:\Program Files (x86)\Mass Effect 2

2012-08-22 10:23:06 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2012-08-21 23:04:52 -------- d-----w- C:\Users\HousePC\AppData\Local\My Games

2012-08-21 21:20:05 -------- d-----w- C:\Program Files (x86)\2K Games

2012-08-21 21:18:47 -------- d-----w- C:\Windows\SysWow64\URTTEMP

.

==================== Find3M ====================

.

2012-09-16 07:30:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-16 07:30:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-15 15:37:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 15:37:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-15 15:37:16 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-10 02:48:18 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-26 17:53:50 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-26 17:53:50 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-26 17:36:26 10256384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-26 17:32:02 24827392 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-26 17:01:56 20466176 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-26 16:28:30 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-26 16:28:20 930304 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-26 16:26:22 1101312 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-26 16:22:48 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-26 16:22:44 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-26 16:21:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-26 16:20:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-26 16:20:14 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-26 16:20:10 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-26 16:20:02 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-26 16:19:16 6380032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-26 16:17:50 70144 ----a-w- C:\Windows\System32\coinst_8.981.2.dll

2012-06-26 16:02:04 6998016 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-26 15:44:06 4254208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-26 15:43:36 5530112 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-26 15:40:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-26 15:40:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-26 15:40:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-26 15:40:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-26 15:40:10 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-26 15:36:16 4734976 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-26 15:35:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-26 15:33:54 6674432 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-26 15:22:58 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-26 15:22:48 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-26 15:22:34 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-26 15:22:30 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-26 15:22:30 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-26 15:22:26 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-26 15:22:18 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-26 15:22:10 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-26 15:21:12 55296 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-26 15:21:04 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-26 15:20:56 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-26 15:20:48 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-26 15:20:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-26 15:18:08 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-26 15:18:08 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-26 15:18:04 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-26 15:18:04 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-26 11:41:18 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-26 11:41:04 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-26 11:40:58 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-26 11:40:52 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-26 11:40:48 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-26 11:40:40 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-26 11:39:56 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-26 11:39:10 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-26 11:39:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

.

============= FINISH: 18:23:02.27 ===============

DDS LOG

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 19/04/2012 15:30:30

System Uptime: 20/09/2012 17:34:49 (1 hours ago)

.

Motherboard: Dell Inc. | | 0GDG8Y

Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3292/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 667.589 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP129: 20/09/2012 13:48:51 - Windows Backup

RP130: 20/09/2012 13:50:57 - Windows Backup

RP131: 20/09/2012 14:29:55 - Windows Backup

RP132: 20/09/2012 14:34:15 - Windows Backup

.

==== Installed Programs ======================

.

"The last Kingdom"

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

Adobe Reader X (10.1.4) MUI

Adobe Shockwave Player 11.6

AIM for Windows

Apple Application Support

Apple Software Update

Assassin's Creed Revelations

Battlefield 2

Battlefield 3™

Battlelog Web Plugins

Blio

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Company of Heroes

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Counter-Strike: Global Offensive

CyberLink PowerDVD 9.5

D3DX10

Dead Rising 2

Dell DataSafe Online

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

DirectX 9 Runtime

DivX Setup

Dual-Core Optimizer

ESN Sonar

Fallout: New Vegas

Fraps

Galerie de photos Windows Live

GameSpy Comrade

Google Earth

Google Update Helper

HiJackThis

Hitman: Blood Money

Hotspot Shield 2.67

InterActual Player

Java 7 Update 7

Java Auto Updater

Junk Mail filter update

Killing Floor

King Arthur - The Role-playing Wargame

Knights of Honor

L.A. Noire

League of Legends

LIMBO

Magicka

Malwarebytes Anti-Malware version 1.65.0.1400

Mass Effect 2

Mass Effect™ 3

McAfee SecurityCenter

McAfee Virtual Technician

Medieval II: Total War

Medieval II: Total War Kingdoms

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Mount & Blade: Warband

Mount & Blade: With Fire and Sword

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multiplayer Monopoly Online Game

NVIDIA PhysX

Origin

Pando Media Booster

PDF Settings CS6

PhotoShowExpress

Pirates of the Burning Sea

PlayReady PC Runtime x86

Rockstar Games Social Club

Rome: Total War Gold Edition

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

ShortKeys 3

Sid Meier's Civilization 4 Complete

SimSolar v2.0

Skype™ 5.10

Sonic CinePlayer Decoder Pack

Spybot - Search & Destroy

Steam

Stronghold

Stronghold 2

Stronghold Crusader + Extreme

Stronghold Legends

swMSM

System Requirements Lab CYRI

TeamSpeak 3 Client

TextPad 6

The Lord of the Rings Online™

The Lord of the Rings Online™ v03.07.01.8015

The Ship

Third Age - Total War 3.0 (Part 1of2)

Third Age - Total War 3.0 (Part 2of2)

Tom Clancy's H.A.W.X. 2

Tom Clancy's Rainbow Six 3: Gold Edition

Tom Clancy's Rainbow Six: Vegas

Total War: SHOGUN 2

Trine 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (32-bit)

Xfire (remove only)

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

20/09/2012 18:05:23, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

20/09/2012 17:49:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

20/09/2012 17:39:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

20/09/2012 17:35:28, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

20/09/2012 17:35:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

20/09/2012 17:35:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

20/09/2012 17:35:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

20/09/2012 17:35:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

20/09/2012 17:35:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

20/09/2012 17:35:10, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

20/09/2012 13:41:10, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

18/09/2012 03:28:14, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

16/09/2012 19:37:07, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.

16/09/2012 19:34:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.

16/09/2012 19:33:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

16/09/2012 19:29:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

16/09/2012 19:29:58, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/09/2012 19:19:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

16/09/2012 13:13:17, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

16/09/2012 13:08:17, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

16/09/2012 13:08:17, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

16/09/2012 08:37:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

16/09/2012 07:11:35, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

16/09/2012 07:10:54, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

16/09/2012 07:06:03, Error: Application Popup [1060] - \??\C:\Users\HousePC\AppData\Local\Temp\kedshbxq.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

16/09/2012 07:04:51, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

16/09/2012 07:04:51, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

16/09/2012 06:52:39, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..

16/09/2012 06:52:35, Error: Service Control Manager [7023] -

16/09/2012 06:52:33, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

16/09/2012 06:52:33, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

16/09/2012 06:52:33, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

16/09/2012 06:16:31, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.

16/09/2012 06:16:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2012 06:16:31, Error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

16/09/2012 06:15:49, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846

16/09/2012 06:15:14, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

16/09/2012 06:14:59, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.

16/09/2012 06:14:59, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The system cannot find the file specified.

16/09/2012 06:14:53, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.

16/09/2012 06:14:53, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.

16/09/2012 06:13:22, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Element not found.

16/09/2012 06:13:22, Error: Microsoft-Windows-DHCPv6-Client [1004] - Error occurred in stopping the Dhcpv6 client service. ErrorCode is 0x32.ShutDown Flag value is 0.

16/09/2012 06:13:22, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x490. ShutDown Flag value is 0

16/09/2012 06:13:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

16/09/2012 06:12:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfewfpk Psched Tcpip Wanarpv6 WfpLwf

16/09/2012 06:12:51, Error: Service Control Manager [7023] - The Server service terminated with the following error: The request is not supported.

16/09/2012 06:12:42, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2012 06:12:40, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2012 06:12:40, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

16/09/2012 06:12:40, Error: Service Control Manager [7001] - The IP Helper service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2012 06:12:40, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.

16/09/2012 06:12:39, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: The system cannot find the file specified.

16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.

16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.

16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.

16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/09/2012 06:12:39, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: The system cannot find the file specified.

16/09/2012 06:00:05, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

15/09/2012 16:44:36, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

.

==== End Of File ===========================

ATTACH LOG

Share this post


Link to post
Share on other sites

RogueKiller V8.0.4 [09/19/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : HousePC [Admin rights]

Mode : Scan -- Date : 09/20/2012 18:29:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : DscIhece (C:\Users\HousePC\AppData\Local\umkvwevn\dscihece.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3599475045-2592845502-126183622-1000[...]\Run : DscIhece (C:\Users\HousePC\AppData\Local\umkvwevn\dscihece.exe) -> FOUND

[sTARTUP][sUSP PATH] dscihece.exe @HousePC : C:\Users\HousePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dscihece.exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$c2b00cb4dd03ee471e951501606c1771\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3599475045-2592845502-126183622-1000\$c2b00cb4dd03ee471e951501606c1771\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$c2b00cb4dd03ee471e951501606c1771\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3599475045-2592845502-126183622-1000\$c2b00cb4dd03ee471e951501606c1771\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS ATA Device +++++

--- User ---

[MBR] 2edc0ff9c67fb79551bbf300a137fc64

[bSP] 89db72b057502aab5700853c8127b0c9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 750 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1617920 | Size: 953078 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

ROGUEKILLER LOG

Share this post


Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Share this post


Link to post
Share on other sites

hey and thanks for your help, just with that first post you have helped me, this is how to delete this malware :

1. in task manager delete the process, when windows command processor keeps popping up, close that too.

2. scan using Hijackthis and delete the syswow64 process.

3. run Roguekiller and then delete the "zeroaccess" malware it detects.

This should fix the problem, whomever has the windows command processor virus, however its not guranteed clean, but to assure you are clean from anything, run CCleaner 35 guttermen passes and also renable your security afterwards.

even though you stated not to delete it, it seems to have worked, but ofcourse some part of the rootkit can remain, all i can do is hope for the best, this seems like a possible fix.

thanks again for your help.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.