[Virus Removal] Is Your Computer Infected with Virus, Spyware or Other Malware?

If your computer system running slow and giving you random problems, it might be infected with some virus, spyware, adware, trojan or other malware programs. Don't worry, this topic will help you in removing all malicious software from your PC.

Just follow these simple steps:

STEP 1: Post Your HijackThis Log File Content

Download HijackThis tool from the link given below and scan your computer with it. It'll generate a log file, copy the content of the log file and post in your comment.

Download HijackThis Tool

STEP 2: Fix Suggested Entries in Safe Mode

Note down the suggested entries and boot your Windows in Safe Mode by pressing "F8" key at system startup and select "Safe Mode" option. If you can't boot into Safe Mode, check following topics:

Once you boot into Safe Mode, run HijackThis again, select all suggested entries and click on "Fix checked" button.

HijackThis_Fixing.png

Restart your computer and it'll remove the suspicious items from your computer system.

Don't forget to install a good antivirus and anti-spyware in your computer and scan your computer system regularly with the antivirus and anti-spyware for better protection.

[Top 5] Best Free Antivirus and Anti-Spyware Software for Windows

You can also use online scanners to scan your system for free:

Ultimate Collection of Best Free Online Virus Scanners

STEP 3: Fix Other Remaining Issues and Make Windows Faster

If you still face other problems such as Task Manager, Registry Editor, etc disabled, check out following topic to fix it:

[Help & Support] Frequently Asked Problems (FAQ) with Solutions

PS: Comments in this topic are deleted on regular basis to reduce database overhead. So don't think too much if your comment gets deleted.





Share this article: Facebook | Twitter | Google+ | Reddit | Tell a friend

Posted in: Troubleshooting


Other similar articles that may interest you


Comments

  • VG

    Older comments removed from the topic!

  • Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 5:58:50 PM, on 2/3/2016
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)

    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\WINDOWS\scout.exe
    C:\WINDOWS\system\lsass.exe
    C:\WINDOWS\pikachu.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\UniKey\UniKeyNT.exe
    C:\Program Files\AVAST Software\Avast\avastUi.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\user\Downloads\Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\userinit.exe
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [pikachu] C:\WINDOWS\pikachu.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

    --
    End of file - 4851 bytes

  • VG

    ^^ Fix following:

    O4 - HKCU\..\Run: [pikachu] C:\WINDOWS\pikachu.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

  • Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:22:00 PM, on 04-Feb-16
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17037)

    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\bdrad_000\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
    C:\Users\bdrad_000\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Users\bdrad_000\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
    C:\Users\bdrad_000\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe
    C:\Users\bdrad_000\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
    O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
    O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\bdrad_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\bdrad_000\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [f.lux] "C:\Users\bdrad_000\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
    O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
    O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
    O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
    O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8604 bytes

  • Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:55:03 AM, on 05/02/2016
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    CHROME: 48.0.2564.103
    FIREFOX: 43.0.4 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
    D:\xampp\mysql\bin\mysqld.exe
    C:\PROGRAM FILES\NET PROTECTOR 2013\npprtfrw.exe
    C:\PROGRA~1\NETPRO~1\WebProt.exe
    C:\PROGRAM FILES\NET PROTECTOR 2013\NPHOST.EXE
    C:\Documents and Settings\om\NPProt.exe
    D:\oracle\ora92\bin\agntsrvc.exe
    C:\WINDOWS\system32\cmd.exe
    D:\oracle\ora92\Apache\Apache\apache.exe
    D:\oracle\ora92\bin\dbsnmp.exe
    D:\oracle\ora92\bin\pagntsrv.exe
    D:\oracle\ora92\BIN\ENCSVC.EXE
    C:\WINDOWS\system32\cmd.exe
    D:\oracle\ora92\BIN\AGNTSVC.EXE
    C:\Program Files\Oracle\jre\1.1.8\bin\jre.exe
    D:\oracle\ora92\BIN\TNSLSNR.exe
    d:\oracle\ora92\bin\ORACLE.EXE
    C:\WINDOWS\system32\svchost.exe
    D:\oracle\ora92\Apache\Apache\apache.exe
    D:\oracle\ora92\jdk\bin\java.exe
    D:\oracle\ora92\jdk\bin\java.exe
    d:\oracle\ora92\bin\isqlplus
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    D:\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Net Protector 2013\EMAIL SCAN\EMAILSCN.EXE
    C:\PROGRAM FILES\NET PROTECTOR 2013\ZVMOUNT.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRAM FILES\NET PROTECTOR 2013\NPAV4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\backup_while_formatting\Program Files\WinZip\WZQKPICK.EXE
    D:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRAM FILES\NET PROTECTOR 2013\zvscan\ZVMonNT.exe
    C:\PROGRAM FILES\NET PROTECTOR 2013\APPCON\APCONSVC.EXE
    C:\Documents and Settings\om\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = dts.search-results.com/sidebar.html?src=ssb&appid=400&systemid=406&sr=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O1 - Hosts: þÿ#NPAV Site Blocker Start
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: MySafeProxy - {51420F88-4D4A-4042-9509-8D4E1307910E} - C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxy32.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Zero-V Virus Shield] "C:\Program Files\Net Protector 2013\EMAIL SCAN\EMAILSCN.EXE"
    O4 - HKLM\..\Run: [ZVMOUNT] "C:\PROGRAM FILES\NET PROTECTOR 2013\ZVMOUNT.EXE"
    O4 - HKLM\..\Run: [NPAV4] "C:\PROGRAM FILES\NET PROTECTOR 2013\NPAV4.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\om\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ZVMOUNT] C:\Program Files\Net Protector 2013\ZVMOUNT.EXE
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\backup_while_formatting\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD8C1A98-1FDE-4990-8B68-D42D4EFC30E9}: NameServer = 218.248.255.212,218.248.255.145
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B1546DE3-801D-4D90-8B30-A036CAF9AEBA}: NameServer = 218.248.245.1 218.248.255.209
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: NPAV Application Control (ApConSvc) - Biz Secure Labs Pvt Ltd - C:\PROGRAM FILES\NET PROTECTOR 2013\APPCON\APCONSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: MySafeProxy Monitor (MySafeProxyMonitor) - XTRM Group Ltd. - C:\Program Files\XTRM Group\MySafeProxy\Bin\MySafeProxyMonitor.exe
    O23 - Service: MySQL - MySQL AB - D:\xampp\mysql\bin\mysqld.exe
    O23 - Service: Net Protector Port Firewall - Biz Secure Labs Pvt. Ltd. - C:\PROGRAM FILES\NET PROTECTOR 2013\npprtfrw.exe
    O23 - Service: Net Protector Web Prototection - BIZ Secure Labs Pvt. Ltd. - C:\PROGRA~1\NETPRO~1\WebProt.exe
    O23 - Service: NPHost Service (nphost) - Biz Secure Labs Pvt Ltd - C:\PROGRAM FILES\NET PROTECTOR 2013\NPHOST.EXE
    O23 - Service: NPAV Antivirus Protection (NPVProt) - Biz Secure Labs Pvt Ltd. - C:\Documents and Settings\om\NPProt.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
    O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
    O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
    O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceORACLE - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
    O23 - Service: wampapache - Apache Software Foundation - d:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
    O23 - Service: Zero-V AntiVirus Protection (ZeroVProtect) - biz secure labs pvt Ltd. - C:\PROGRAM FILES\NET PROTECTOR 2013\zvscan\ZVMonNT.exe
    O24 - Desktop Component 0: (no name) - windowsnetworking.com/img/gifbasic/hub2sped.gif
    O24 - Desktop Component 1: (no name) - t2.gstatic.com/images?q=tbn:ANd9GcQCMMy75usWUKHig6mOkdPty_AxTFW3WQ4G2fwz5UAfpA1Q4KUn
    O24 - Desktop Component 2: (no name) - normankoren.com/Pines_Switz_pixellated.jpg

    --
    End of file - 10497 bytes

  • VG

    @Sagar
    Fix following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = dts.search-results.com/sidebar.html?src=ssb&appid=400&systemid=406&sr=0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
    O1 - Hosts: þÿ#NPAV Site Blocker Start
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE

    @Radu
    Fix following:

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

  • Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 3:52:49 PM, on 2/6/2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)

    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\puush\puush.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Mom\AppData\Roaming\WMPRWISE.EXE
    C:\Users\Mom\AppData\Roaming\Holynaesuh\vymeahahdy.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\Av\avgui.exe
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Windows\SysWOW64\svchost.exe
    C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Mom\AppData\Roaming\gfmfqmb.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Mom\Downloads\HijackThis.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearch.avg.com/?cid={4871CB46-C8E8-4BF3-BFDC-656D45B76AB7}&mid=b2ec12a41d1a47d29135d16b53e91fc2-cd2035d1a6b49da371691299b98807fbe4b73636&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 22:23:01&v=4.1.6.294&pid=wtu&sg=&sap=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
    O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
    O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
    O4 - HKLM\..\Run: [zsevice-455] C:\Users\Mom\AppData\Roaming\rmitche45.exe
    O4 - HKLM\..\Run: [] mshta javascript:nxwJk50ag="BvTxH";v6r=new%20ActiveXObject("WScript.Shell");oowTAWH32="vLUKJqGMM";JZ8WH3=v6r.RegRead("HKLM\\software\\Wow6432Node\\0f54e78348\\16beb287");boT45bve="LsFXFIXID";eval(JZ8WH3);kG8ssVC5="4BSDF1";
    O4 - HKLM\..\Run: [gatert-12010] C:\Users\Mom\AppData\Roaming\fbxcdqp.exe
    O4 - HKLM\..\Run: [verif-8746] C:\Users\Mom\AppData\Roaming\gfmfqmb.exe
    O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_785815D1937D5721DEAEA4D978D2B57B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [zsevice-34] C:\Users\Mom\AppData\Roaming\rmitche45.exe
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0116tb] "C:\ProgramData\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe" /PROMPT /CMPID=0116tb /mid=b2ec12a41d1a47d29135d16b53e91fc2-cd2035d1a6b49da371691299b98807fbe4b73636
    O4 - HKCU\..\Run: [] mshta javascript:H5yykifTG="gYY";m3C=new%20ActiveXObject("WScript.Shell");O5Qu0sYB="IMNX5T9zP";Xj0Cj=m3C.RegRead("HKCU\\software\\4e9235f37b\\32f543cb");gthsp23VU="78U3er";eval(Xj0Cj);h4fBlBY="SLKJIJSP8F";
    O4 - HKCU\..\Run: [] mshta javascript:onm2wiL="T6P5";w3M=new%20ActiveXObject("WScript.Shell");yCvAU6q4="817AiQj";CPPD4=w3M.RegRead("HKCU\\software\\0f54e78348\\16beb287");XkVA31gXYP="nhXkNG";eval(CPPD4);WlPNc3PER="wHMCb0LmqM";
    O4 - HKCU\..\Run: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
    O4 - HKCU\..\Run: [MSConfig] "C:\Users\Mom\qvuxocgh.exe"
    O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Users\Mom\AppData\Roaming\WMPRWISE.EXE
    O4 - HKCU\..\Run: [BrowserMe] C:\Users\Mom\AppData\Roaming\BrowserMe\ChromeUpdate.exe
    O4 - HKCU\..\Run: [Qofeymlauf] C:\Users\Mom\AppData\Roaming\Holynaesuh\vymeahahdy.exe
    O4 - HKCU\..\Run: [gatert-12010] C:\Users\Mom\AppData\Roaming\fbxcdqp.exe
    O4 - HKCU\..\Run: [verif-8746] C:\Users\Mom\AppData\Roaming\gfmfqmb.exe
    O4 - HKLM\..\Policies\Explorer\Run: [] mshta javascript:YDcqle5="nodY42mEom";A81A=new%20ActiveXObject("WScript.Shell");Dp5VeX0V="Y";L51jkh=A81A.RegRead("HKLM\\software\\Wow6432Node\\4e9235f37b\\32f543cb");UNrUhm43="8BDLawC4Y1";eval(L51jkh);GFVU1BS="kMyfpDRWh";
    O4 - HKLM\..\Policies\Explorer\Run: [] mshta javascript:YlI3os9s="Od";ty7=new%20ActiveXObject("WScript.Shell");C1CvPL3s="du";w9Qfn0=ty7.RegRead("HKLM\\software\\Wow6432Node\\0f54e78348\\16beb287");IzED5UM="2421caTMI";eval(w9Qfn0);wDCLHBr5="1ByS5WV";
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+glt.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+glt.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+glt.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: help_recover_instructions+nfu.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: help_recover_instructions+nfu.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+tjw.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+tjw.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+tjw.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+glt.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+glt.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+glt.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: help_recover_instructions+nfu.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: help_recover_instructions+nfu.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+tjw.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+tjw.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+tjw.txt (User 'Dylan')
    O4 - Startup: HELP_RECOVER_instructions+glt.html
    O4 - Startup: HELP_RECOVER_instructions+glt.png
    O4 - Startup: HELP_RECOVER_instructions+glt.txt
    O4 - Startup: HELP_RECOVER_instructions+tjw.html
    O4 - Startup: HELP_RECOVER_instructions+tjw.png
    O4 - Startup: HELP_RECOVER_instructions+tjw.txt
    O4 - Global Startup: HELP_RECOVER_instructions+glt.html
    O4 - Global Startup: HELP_RECOVER_instructions+glt.png
    O4 - Global Startup: HELP_RECOVER_instructions+glt.txt
    O4 - Global Startup: HELP_RECOVER_instructions+tjw.html
    O4 - Global Startup: HELP_RECOVER_instructions+tjw.png
    O4 - Global Startup: HELP_RECOVER_instructions+tjw.txt
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
    O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
    O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - C:\Program Files\Echobit\Evolve\EvoSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater40.2.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

    --
    End of file - 18686 bytes

  • VG

    ^^ Fix following:

    O4 - HKLM\..\Run: [zsevice-455] C:\Users\Mom\AppData\Roaming\rmitche45.exe
    O4 - HKLM\..\Run: [] mshta javascript:nxwJk50ag="BvTxH";v6r=new%20ActiveXObject("WScript.Shell");oowTAWH32="vLUKJqGMM";JZ8WH3=v6r.RegRead("HKLM\\software\\Wow6432Node\\0f54e78348\\16beb287");boT45bve="LsFXFIXID";eval(JZ8WH3);kG8ssVC5="4BSDF1";
    O4 - HKLM\..\Run: [gatert-12010] C:\Users\Mom\AppData\Roaming\fbxcdqp.exe
    O4 - HKLM\..\Run: [verif-8746] C:\Users\Mom\AppData\Roaming\gfmfqmb.exe
    O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
    O4 - HKCU\..\Run: [zsevice-34] C:\Users\Mom\AppData\Roaming\rmitche45.exe
    O4 - HKCU\..\Run: [] mshta javascript:H5yykifTG="gYY";m3C=new%20ActiveXObject("WScript.Shell");O5Qu0sYB="IMNX5T9zP";Xj0Cj=m3C.RegRead("HKCU\\software\\4e9235f37b\\32f543cb");gthsp23VU="78U3er";eval(Xj0Cj);h4fBlBY="SLKJIJSP8F";
    O4 - HKCU\..\Run: [] mshta javascript:onm2wiL="T6P5";w3M=new%20ActiveXObject("WScript.Shell");yCvAU6q4="817AiQj";CPPD4=w3M.RegRead("HKCU\\software\\0f54e78348\\16beb287");XkVA31gXYP="nhXkNG";eval(CPPD4);WlPNc3PER="wHMCb0LmqM";
    O4 - HKCU\..\Run: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
    O4 - HKCU\..\Run: [MSConfig] "C:\Users\Mom\qvuxocgh.exe"
    O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Users\Mom\AppData\Roaming\WMPRWISE.EXE
    O4 - HKCU\..\Run: [BrowserMe] C:\Users\Mom\AppData\Roaming\BrowserMe\ChromeUpdate.exe
    O4 - HKCU\..\Run: [Qofeymlauf] C:\Users\Mom\AppData\Roaming\Holynaesuh\vymeahahdy.exe
    O4 - HKCU\..\Run: [gatert-12010] C:\Users\Mom\AppData\Roaming\fbxcdqp.exe
    O4 - HKCU\..\Run: [verif-8746] C:\Users\Mom\AppData\Roaming\gfmfqmb.exe
    O4 - HKLM\..\Policies\Explorer\Run: [] mshta javascript:YDcqle5="nodY42mEom";A81A=new%20ActiveXObject("WScript.Shell");Dp5VeX0V="Y";L51jkh=A81A.RegRead("HKLM\\software\\Wow6432Node\\4e9235f37b\\32f543cb");UNrUhm43="8BDLawC4Y1";eval(L51jkh);GFVU1BS="kMyfpDRWh";
    O4 - HKLM\..\Policies\Explorer\Run: [] mshta javascript:YlI3os9s="Od";ty7=new%20ActiveXObject("WScript.Shell");C1CvPL3s="du";w9Qfn0=ty7.RegRead("HKLM\\software\\Wow6432Node\\0f54e78348\\16beb287");IzED5UM="2421caTMI";eval(w9Qfn0);wDCLHBr5="1ByS5WV";
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+glt.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+glt.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+glt.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: help_recover_instructions+nfu.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: help_recover_instructions+nfu.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+tjw.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+tjw.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 Startup: HELP_RECOVER_instructions+tjw.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+glt.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+glt.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+glt.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: help_recover_instructions+nfu.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: help_recover_instructions+nfu.txt (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+tjw.html (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+tjw.png (User 'Dylan')
    O4 - S-1-5-21-999856061-1689221346-1388803741-1000 User Startup: HELP_RECOVER_instructions+tjw.txt (User 'Dylan')
    O4 - Startup: HELP_RECOVER_instructions+glt.html
    O4 - Startup: HELP_RECOVER_instructions+glt.png
    O4 - Startup: HELP_RECOVER_instructions+glt.txt
    O4 - Startup: HELP_RECOVER_instructions+tjw.html
    O4 - Startup: HELP_RECOVER_instructions+tjw.png
    O4 - Startup: HELP_RECOVER_instructions+tjw.txt
    O4 - Global Startup: HELP_RECOVER_instructions+glt.html
    O4 - Global Startup: HELP_RECOVER_instructions+glt.png
    O4 - Global Startup: HELP_RECOVER_instructions+glt.txt
    O4 - Global Startup: HELP_RECOVER_instructions+tjw.html
    O4 - Global Startup: HELP_RECOVER_instructions+tjw.png
    O4 - Global Startup: HELP_RECOVER_instructions+tjw.txt

  • Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:58:31 PM, on 2/7/2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)

    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\ALi\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Users\ALi\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
    C:\Users\ALi\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\ALi\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yandex.ru/?win=214&clid=2210461
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\ALi\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

    --
    End of file - 7939 bytes

  • C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Bluetooth Suite\adminservice.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Launch Manager\LMutilps32.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\Windows\system32\NLSSRV32.EXE
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    C:\Program Files\SoftEther VPN Client\vpnclient.exe
    C:\Windows\system32\svchost.exe
    C:\Users\acer\AppData\Local\Torch\Update\TorchCrashHandler.exe
    C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    C:\Program Files\Join Air\AssistantServices.exe
    C:\Program Files\Atheros\Ath_WlanAgent.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    D:\GARENA\Garena Plus\ggdllhost.exe
    C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\wscript.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    D:\Steam\Steam.exe
    D:\GARENA\Garena Plus\ggdllhost.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Intel\STCServ\STCServ.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
    D:\Steam\Steam.exe
    D:\Steam\bin\steamwebhelper.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Users\acer\Downloads\HijackThis.exe
    C:\Windows\System32\svchost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,c:\program files\microsoft\watermark.exe,
    O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [setup] wscript.exe //B "C:\Users\acer\AppData\Local\Temp\setup.vbs"
    O4 - HKCU\..\Run: [setup] wscript.exe //B "C:\Users\acer\AppData\Local\Temp\setup.vbs"
    O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3463506425-2880549391-2295419564-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3463506425-2880549391-2295419564-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: setup.vbs
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O20 - AppInit_DLLs: C:\Windows\system32\nvinit.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
    O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
    O23 - Service: Layanan Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Layanan Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: ByteFence Security Real-time Protection (rtop) - Unknown owner - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - C:\Program Files\SoftEther VPN Client\vpnclient.exe
    O23 - Service: Intel(R) Common Connectivity Framework (STCServ) - Intel Corporation - C:\Program Files\Intel\STCServ\STCServ.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\acer\AppData\Local\Torch\Update\TorchCrashHandler.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files\Atheros\Ath_WlanAgent.exe

  • VG

    @Luthfi
    Fix following:

    F2 - REG:system.ini: UserInit=userinit.exe,c:\program files\microsoft\watermark.exe,
    O4 - HKLM\..\Run: [setup] wscript.exe //B "C:\Users\acer\AppData\Local\Temp\setup.vbs"
    O4 - HKCU\..\Run: [setup] wscript.exe //B "C:\Users\acer\AppData\Local\Temp\setup.vbs"
    O4 - Startup: setup.vbs
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    @nemo
    Fix following:

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

  • Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 16:56:44, on 10/02/2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17840)

    FIREFOX: 43.0.4 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Smadav\SM?RTP.exe
    C:\Users\ming\AppData\Roaming\shinypage\version_provider.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\LINE\LINE.exe
    C:\Program Files (x86)\Join Air\UIExec.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\ming\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = id.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmatomy_15_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Did%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0DyCyEtAyBzz0C0F0EtAtD0EyD0CtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByEtCyB0C0Dzy0DtGtAyEzytDtGyE0EtBzytGyB0F0AtBtG0A0B0FtByD0AyBtB0Ezy0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtByE0AyCtA0FtGyByD0CtAtGyE0Ezz0AtG0AtCzzyCtGyC0A0FyCyDyCzyyBtCtDtByE2QtN0A0LzuyE%26cr%3D905784860%26a%3Dwncy_mdaffmatomy_15_22%26os%3DWindows 7 Professional
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Updater - {282A71B8-D68D-4C5E-81F2-F393DBEFB2CF} - C:\Users\ming\AppData\Roaming\shinypage\spagehelper.dll
    O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [shinypage] "C:\Users\ming\AppData\Roaming\shinypage\shinypage-1.7.exe" /N
    O4 - HKCU\..\Run: [version_provider] "C:\Users\ming\AppData\Roaming\shinypage\version_provider.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [LINE] "C:\Program Files (x86)\LINE\LINE.exe" --booting
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_96F6830DC317A4D495B86FDBE4347F77] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\RunOnce: [vp] CMD /E:OFF /C REG ADD "HKCU\SOFTWARE\Microsoft\Windows\Currentversion\Run" /v "version_provider" /d ^"\"C:\Users\ming\AppData\Roaming\shinypage\version_provider.exe\" " /f
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Layanan Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Layanan Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Join Air\AssistantServices.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WPSHWPBC - Unknown owner - C:\Program Files (x86)\D-Link\DWA-132\WPSHWPBC.exe

    --
    End of file - 9894 bytes

  • VG

    ^^ Fix following:

    O2 - BHO: Updater - {282A71B8-D68D-4C5E-81F2-F393DBEFB2CF} - C:\Users\ming\AppData\Roaming\shinypage\spagehelper.dll
    O4 - HKCU\..\Run: [shinypage] "C:\Users\ming\AppData\Roaming\shinypage\shinypage-1.7.exe" /N
    O4 - HKCU\..\Run: [version_provider] "C:\Users\ming\AppData\Roaming\shinypage\version_provider.exe"
    O4 - HKCU\..\Run: [LINE] "C:\Program Files (x86)\LINE\LINE.exe" --booting
    O4 - HKCU\..\RunOnce: [vp] CMD /E:OFF /C REG ADD "HKCU\SOFTWARE\Microsoft\Windows\Currentversion\Run" /v "version_provider" /d ^"\"C:\Users\ming\AppData\Roaming\shinypage\version_provider.exe\" " /f
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Leave a Comment

(required)