Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe Virus [Solved]


  • This topic is locked This topic is locked

#1
AustinJG

AustinJG

    Member

  • Member
  • PipPip
  • 10 posts
I have this virus that duplicates svchost.exe over and over and I can't remove it with any scanners...i already tried resetting my computer back to factory condition and that did Not work. I'm scared and I really dont want to lose my computer to this virus, I dont have enough money to buy another one...please help. I will gladly follow all instructions to get this solved, please help me someone

It seems to be possibly "rooting" onto other programs, before i did the whole reset to my computer it "rooted" onto the program Steam (for games) and I had to remove that...now I believe its getting ahold of my NetGear wireless adapter. It keeps spreading (from what it seems) and will not go away at all. I can follow all instructions, provide more info if needed and everything. someone pleease help me!
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello AustinJG,

Welcome to Geekstogo.

svhost.exe is a system file, essential to the running of your computer. Having said that there are some infections out there that masquerade as svhost.exe which are bad and which we need to do something about.

Have you been to the preparation section?

You need to go there before you come here.Posted Image

If you read that thread you will learn how to download OTL and run the scans needed to help us assess your computers problem.

If your machine is in such a condition that you can't do this tell me.

Otherwise go to the link below.

http://www.geekstogo...-Log-t2852.html

Regards
emeraldnzl
  • 0

#3
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello AustinJG,

Welcome to Geekstogo.

svhost.exe is a system file, essential to the running of your computer. Having said that there are some infections out there that masquerade as svhost.exe which are bad and which we need to do something about.

Have you been to the preparation section?

You need to go there before you come here.Posted Image

If you read that thread you will learn how to download OTL and run the scans needed to help us assess your computers problem.

If your machine is in such a condition that you can't do this tell me.

Otherwise go to the link below.

http://www.geekstogo...-Log-t2852.html

Regards
emeraldnzl


OTL logfile created on: 10/8/2012 5:22:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 67.25% Memory free
7.60 Gb Paging File | 6.19 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270.69 Gb Total Space | 242.75 Gb Free Space | 89.68% Space Free | Partition Type: NTFS
Drive D: | 27.20 Gb Total Space | 1.16 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 17:22:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/09 23:43:02 | 000,316,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/07 15:02:24 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/10/07 15:00:52 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/10/07 15:00:52 | 000,142,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2012/10/07 15:00:51 | 002,625,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2012/10/07 15:00:50 | 000,391,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/07 15:00:32 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/07 13:26:49 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/07 13:26:41 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/07 13:22:00 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/07 13:22:00 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
MOD - [2012/10/07 13:21:48 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/07 13:21:40 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/07 13:21:36 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/07 13:21:32 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/10/07 13:21:30 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/07 13:21:24 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/07 13:21:20 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 11:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/09 18:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/07 13:16:36 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/17 03:01:28 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012/08/17 03:01:26 | 000,022,528 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012/08/17 03:01:22 | 000,110,592 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/09 18:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/09 17:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/28 18:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD B3 F7 BA AD A4 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Austin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Austin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02E1940E-D548-441B-A48A-811F2551CB41}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C1DD3B-AB74-4EFF-B83E-7AB395E18404}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 17:22:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
[2012/10/08 02:58:47 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Austin\Desktop\tdsskiller.exe
[2012/10/08 02:49:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/07 23:01:02 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/07 23:01:02 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/07 23:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/07 23:01:00 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/07 23:01:00 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/07 23:01:00 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/07 23:00:59 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/07 23:00:59 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/07 23:00:53 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/07 23:00:53 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/07 23:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/07 23:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/07 22:52:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/07 22:46:03 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Malwarebytes
[2012/10/07 22:45:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/07 22:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/07 22:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/07 22:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/07 20:51:44 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\LolClient
[2012/10/07 18:40:43 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/10/07 18:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/10/07 16:11:54 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/10/07 15:35:24 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Synaptics
[2012/10/07 15:32:42 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Unity
[2012/10/07 15:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/10/07 15:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2012/10/07 15:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2012/10/07 15:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2012/10/07 15:21:47 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/10/07 15:21:47 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/10/07 15:21:47 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012/10/07 15:21:47 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/10/07 15:21:47 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012/10/07 15:21:47 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/10/07 15:21:47 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2012/10/07 15:14:10 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Unity
[2012/10/07 15:14:00 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Apps
[2012/10/07 15:13:59 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Deployment
[2012/10/07 15:12:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/10/07 15:12:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/10/07 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Macromedia
[2012/10/07 14:12:32 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Adobe
[2012/10/07 14:12:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/10/07 14:12:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/07 14:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/10/07 13:49:27 | 000,000,000 | ---D | C] -- C:\League of legends
[2012/10/07 13:48:29 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\PMB Files
[2012/10/07 13:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/10/07 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/10/07 13:39:43 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\raidcall
[2012/10/07 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2012/10/07 13:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2012/10/07 13:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2012/10/07 13:24:04 | 000,000,000 | ---D | C] -- C:\Users\Austin\Desktop\Ewokese
[2012/10/07 13:19:17 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Razer
[2012/10/07 13:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/10/07 13:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/10/07 13:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/10/07 13:17:15 | 008,757,248 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM108.dll
[2012/10/07 13:17:15 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa108.dll
[2012/10/07 13:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/10/07 12:23:55 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/10/07 12:23:53 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2012/10/07 12:23:53 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2012/10/07 12:23:53 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/10/07 12:23:53 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2012/10/07 12:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2012/10/07 12:23:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/10/07 12:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2012/10/07 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\InstallShield
[2012/10/07 12:18:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/07 12:17:31 | 000,000,000 | R--D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/10/07 12:17:31 | 000,000,000 | R--D | C] -- C:\Users\Austin\Searches
[2012/10/07 12:17:31 | 000,000,000 | R--D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/10/07 12:17:31 | 000,000,000 | -H-D | C] -- C:\Users\Austin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/07 12:17:23 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Identities
[2012/10/07 12:17:21 | 000,000,000 | R--D | C] -- C:\Users\Austin\Contacts
[2012/10/07 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\VirtualStore
[2012/10/07 12:17:12 | 000,000,000 | --SD | C] -- C:\Users\Austin\AppData\Roaming\Microsoft
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Videos
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Saved Games
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Pictures
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Music
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Links
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Favorites
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Downloads
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Documents
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\Desktop
[2012/10/07 12:17:12 | 000,000,000 | R--D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\AppData\Local\Temporary Internet Files
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Templates
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Start Menu
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\SendTo
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Recent
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\PrintHood
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\NetHood
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Documents\My Videos
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Documents\My Pictures
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Documents\My Music
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\My Documents
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Local Settings
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\AppData\Local\History
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Cookies
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\Application Data
[2012/10/07 12:17:12 | 000,000,000 | -HSD | C] -- C:\Users\Austin\AppData\Local\Application Data
[2012/10/07 12:17:12 | 000,000,000 | -H-D | C] -- C:\Users\Austin\AppData
[2012/10/07 12:17:12 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Temp
[2012/10/07 12:17:12 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Microsoft
[2012/10/07 12:17:12 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Media Center Programs
[2012/10/07 12:17:04 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/10/08 17:22:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Desktop\OTL.exe
[2012/10/08 17:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 17:19:27 | 3062,059,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 02:59:23 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Austin\Desktop\tdsskiller.exe
[2012/10/08 02:41:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 02:41:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 02:38:13 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/08 02:38:13 | 000,659,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/08 02:38:13 | 000,120,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/08 00:46:44 | 000,000,699 | ---- | M] () -- C:\Windows\Cm108.ini.imi
[2012/10/08 00:42:57 | 000,000,338 | ---- | M] () -- C:\Windows\Cm108.ini.cfl
[2012/10/08 00:42:56 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012/10/08 00:42:53 | 000,000,152 | ---- | M] () -- C:\Windows\System\Cm108.ini
[2012/10/07 23:01:02 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/07 23:00:59 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/10/07 23:00:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/07 22:48:35 | 000,000,033 | ---- | M] () -- C:\Users\Austin\AppData\Roaming\mbam.context.scan
[2012/10/07 22:45:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 18:42:36 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/10/07 15:22:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/10/07 15:14:45 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/10/07 15:14:45 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/10/07 13:39:42 | 000,001,007 | ---- | M] () -- C:\Users\Austin\Desktop\RaidCall.lnk
[2012/10/07 13:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/10/07 13:27:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
[2012/10/07 13:23:07 | 000,291,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/07 13:16:46 | 000,772,430 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/07 13:16:37 | 000,001,353 | ---- | M] () -- C:\Windows\cm108.ini
[2012/10/07 13:16:36 | 008,757,248 | ---- | M] (C-Media Corporation) -- C:\Windows\SysWow64\CM108.dll
[2012/10/07 13:16:36 | 001,310,720 | ---- | M] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10864.sys
[2012/10/07 13:16:36 | 000,389,120 | ---- | M] () -- C:\Windows\SysNative\CM108.cpl
[2012/10/07 13:16:36 | 000,315,392 | ---- | M] (C-Media Electronics Inc.) -- C:\Windows\System\fltr108.dll
[2012/10/07 13:16:36 | 000,200,704 | ---- | M] (C-Media) -- C:\Windows\SysWow64\cmpa108.dll
[2012/10/07 13:16:36 | 000,143,360 | ---- | M] () -- C:\Windows\Vmix108.dll
[2012/10/07 13:16:35 | 000,804,352 | ---- | M] () -- C:\Windows\SysNative\Cmeau108.exe
[2012/10/07 13:16:35 | 000,359,424 | ---- | M] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012/10/07 13:16:35 | 000,002,029 | ---- | M] () -- C:\Windows\Cm108.ini.cfg
[2012/10/07 13:03:49 | 000,001,437 | ---- | M] () -- C:\Users\Austin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/07 13:03:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/10/07 12:58:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/07 12:58:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/07 12:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2012/10/07 12:23:53 | 000,000,946 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk

========== Files Created - No Company Name ==========

[2012/10/07 23:01:02 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/07 23:00:59 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/10/07 23:00:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/07 22:48:35 | 000,000,033 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\mbam.context.scan
[2012/10/07 22:45:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 18:42:36 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/10/07 15:22:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/10/07 15:21:47 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/10/07 15:14:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/07 15:14:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/10/07 15:12:18 | 3062,059,008 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/07 13:39:42 | 000,001,007 | ---- | C] () -- C:\Users\Austin\Desktop\RaidCall.lnk
[2012/10/07 13:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/10/07 13:27:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
[2012/10/07 13:17:16 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM108.cpl
[2012/10/07 13:17:16 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2012/10/07 13:17:15 | 000,804,352 | ---- | C] () -- C:\Windows\SysNative\Cmeau108.exe
[2012/10/07 13:17:15 | 000,000,338 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012/10/07 13:17:15 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012/10/07 13:17:01 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012/10/07 13:17:01 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2012/10/07 13:17:01 | 000,000,699 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2012/10/07 13:17:01 | 000,000,152 | ---- | C] () -- C:\Windows\System\Cm108.ini
[2012/10/07 13:17:00 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini
[2012/10/07 13:16:45 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/07 13:03:49 | 000,001,437 | ---- | C] () -- C:\Users\Austin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/07 13:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/07 12:58:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/07 12:58:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/07 12:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2012/10/07 12:23:53 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/10/07 12:23:53 | 000,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/07 12:17:37 | 000,001,409 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/10/07 12:17:33 | 000,001,443 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/10/07 12:17:12 | 000,000,290 | ---- | C] () -- C:\Users\Austin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/07 12:17:12 | 000,000,272 | ---- | C] () -- C:\Users\Austin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 21:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/07 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\LolClient
[2012/10/07 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\raidcall
[2012/10/07 15:35:24 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Synaptics
[2012/10/07 15:32:42 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Unity

========== Purity Check ==========



< End of report >
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello AustinJG,

There should have been an Extras.txt generated at the same time as the OTL.txt. Would have been saved in the same place. Please post it when you return.

Now

Nothing to much leaping out at me there.

I see you used TDSSKiller. What reason led you to use that one?

Turning to the multiple running of svchost.exe, see this link . It explains about svchost and why you often see multiple instances of it running.

Next

  • C:\Windows\SysNative\drivers\npf.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 2

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [] File not found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [ResetHosts]
    [emptyflash]
    [emptyjava]
    [CreateRestorePoint]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.
So when you return please post
  • Extras.txt
  • Virscan report
  • OTL fix.txt
  • and tell me about TDSSKiller

  • 0

#5
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello AustinJG,


Well the virusscan.org thing did not seem to work, could not find the file and when the OTL got finished it only left otl.int and did not leave an OTL.fix but i'll post both of those anyways (there are 2 OTL.ints) and I was reading a similar post like this and someone used tddskiller and there was an exact file that was the same that he had and he was told to delete it and so did i, i forget the name of hte file though but it only found 1 file at the time...i thought that would fix it but i was wrong but anyways heres what I was able to get out of all of those steps...

OTL Extras logfile created on: 10/8/2012 5:22:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 67.25% Memory free
7.60 Gb Paging File | 6.19 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270.69 Gb Total Space | 242.75 Gb Free Space | 89.68% Space Free | Partition Type: NTFS
Drive D: | 27.20 Gb Total Space | 1.16 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C0DA038-0AA3-44A4-B721-778570566D97}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{98ECC7C8-42D5-4BD4-9F77-BCDD5416D8D8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E9DA4E6-796A-482A-8F44-91F3FDB8D7BA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D1DD082E-C095-43EF-8422-B952B4545DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D348B560-7EC2-4459-ADCF-6BB43C26CDF6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media CM108 Like Sound Driver" = USB PnP Sound Device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"RaidCall" = RaidCall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2012 2:58:47 AM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 2:58:47 AM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 3:20:04 AM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 3:37:50 AM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 5:19:45 PM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 5:20:15 PM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 5:20:24 PM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 5:22:09 PM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 5:22:09 PM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/8/2012 5:22:09 PM | Computer Name = Austin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 10/8/2012 1:08:51 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/8/2012 1:09:21 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056

Error - 10/8/2012 1:14:02 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
3 time(s).

Error - 10/8/2012 1:14:20 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated
unexpectedly. It has done this 2 time(s). The following corrective action will
be taken in 300000 milliseconds: Restart the service.

Error - 10/8/2012 2:30:19 AM | Computer Name = Austin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 10/8/2012 2:30:20 AM | Computer Name = Austin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 10/8/2012 2:30:20 AM | Computer Name = Austin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 10/8/2012 2:31:32 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7000
Description = The WSWNDA3100 service failed to start due to the following error:
%%2

Error - 10/8/2012 2:33:54 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7000
Description = The WSWNDA3100 service failed to start due to the following error:
%%2

Error - 10/8/2012 5:20:00 PM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7000
Description = The WSWNDA3100 service failed to start due to the following error:
%%2


< End of report >


[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799


[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

did not leave an OTL.fix


Should be in a notepad where you save OTL.

If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL fix log is saved in a text file at

C:\_OTL\MovedFiles

Well the virusscan.org thing did not seem to work


Maybe you got the forum software got in the way, try copying and pasting the file path from the quote box below into the panel in VirScan:

C:\Windows\SysNative\drivers\npf.sys


See how you go. :)

When you return then please post
  • OTL log from the fix
  • VirScan results

  • 0

#7
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

did not leave an OTL.fix


Should be in a notepad where you save OTL.

If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL fix log is saved in a text file at

C:\_OTL\MovedFiles

Well the virusscan.org thing did not seem to work


Maybe you got the forum software got in the way, try copying and pasting the file path from the quote box below into the panel in VirScan:

C:\Windows\SysNative\drivers\npf.sys


See how you go. :)

When you return then please post
  • OTL log from the fix
  • VirScan results


Well the virscan still won't work for me, "can't find file" although I found the file but it won't upload for some reason but i found the otl notepad






========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Austin\Desktop\cmd.bat deleted successfully.
C:\Users\Austin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Austin
->Flash cache emptied: 4744 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Austin

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_184339
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Well the virscan still won't work for me


No problem, let's try another site and a different file but from the same program.

Please go to Virus Total

Click on the button Choose File

Copy/paste this file and path into the white box beside File Name in the window that pops up:

C:\Windows\SysWow64\Packet.dll

Press Scan it- this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Also when you come back please tell me as much as you can about the svchost problem. Is it just that you are seeing it running multiple times or is it being flagged to you somehow?
  • 0

#9
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Well the virscan still won't work for me


No problem, let's try another site and a different file but from the same program.

Please go to Virus Total

Click on the button Choose File

Copy/paste this file and path into the white box beside File Name in the window that pops up:

C:\Windows\SysWow64\Packet.dll

Press Scan it- this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Also when you come back please tell me as much as you can about the svchost problem. Is it just that you are seeing it running multiple times or is it being flagged to you somehow?


It's was scene multiple times and before i did the reset to factory thing, it was being flagged by avast but i dont have avast working anymore and it would freeze up my computer at times and then it would restart it multiple times. it wouldn't let some programs run either...um my brother tried fixing it (with little knowledge of the virus/svchost) he went in with a CD before windows started (used ubunto or whatever its called) to delete the svchost and replaced it with one from my other computer because file assassin/malware/avast could not detect it or delete it, spent 1-2days trying to remove it but we couldn't so we ended up doing the reset to factory thing and that still didn't remove it. we made a partition to keep a folder of mine with notepads of important information I wanted to keep but that was about it, maybe it "rooted" onto the partition and got back onto the computer after the whole reset?? I'm very unsure but anyways heres the virustotal scan... said it detected 0/42 or something



nProtect

-

20120816



CAT-QuickHeal

-

20120814



McAfee

-

20120817



K7AntiVirus

-

20120816



TheHacker

-

20120816



VirusBuster

-

20120816



F-Prot

-

20120817



Symantec

-

20120817



Norman

-

20120816



TotalDefense

-

20120816



TrendMicro-HouseCall

-

20120817



Avast

-

20120816



eSafe

-

20120816



ClamAV

-

20120817



Kaspersky

-

20120816



BitDefender

-

20120817



ViRobot

-

20120816



Emsisoft

-

20120817



Comodo

-

20120817



F-Secure

-

20120817



DrWeb

-

20120817



VIPRE

-

20120816



AntiVir

-

20120816



TrendMicro

-

20120817



McAfee-GW-Edition

-

20120816



Sophos

-

20120817



Jiangmin

-

20120816



Antiy-AVL

-

20120816



Microsoft

-

20120817



SUPERAntiSpyware

-

20120816



AhnLab-V3

-

20120816



GData

-

20120817



Commtouch

-

20120817



ByteHero

-

20120814



VBA32

-

20120814



PCTools

-

20120813



ESET-NOD32

-

20120816



Rising

-

20120815



Ikarus

-

20120816



Fortinet

-

20120816



AVG

-

20120817



Panda

-

20120816

Edited by AustinJG, 08 October 2012 - 05:54 PM.

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

It's was scene multiple times and before i did the reset to factory thing, it was being flagged by avast but i dont have avast working anymore and it would freeze up my computer at times and then it would restart it multiple times. it wouldn't let some programs run either...um my brother tried fixing it (with little knowledge of the virus/svchost) he went in with a CD before windows started (used ubunto or whatever its called) to delete the svchost and replaced it with one from my other computer because file assassin/malware/avast could not detect it or delete it, spent 1-2days trying to remove it but we couldn't so we ended up doing the reset to factory thing and that still didn't remove it. we made a partition to keep a folder of mine with notepads of important information I wanted to keep but that was about it, maybe it "rooted" onto the partition and got back onto the computer after the whole reset??


That is helpful, thank you.

We will see if there is a rootkit there. If it is a partition one, then it is difficult to find and wouldn't show up in the normal scans.

Now

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post the log (Result.txt) in your next reply.

When you return please post
  • aswMBR log
  • Result.txt

  • 0

Advertisements


#11
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

It's was scene multiple times and before i did the reset to factory thing, it was being flagged by avast but i dont have avast working anymore and it would freeze up my computer at times and then it would restart it multiple times. it wouldn't let some programs run either...um my brother tried fixing it (with little knowledge of the virus/svchost) he went in with a CD before windows started (used ubunto or whatever its called) to delete the svchost and replaced it with one from my other computer because file assassin/malware/avast could not detect it or delete it, spent 1-2days trying to remove it but we couldn't so we ended up doing the reset to factory thing and that still didn't remove it. we made a partition to keep a folder of mine with notepads of important information I wanted to keep but that was about it, maybe it "rooted" onto the partition and got back onto the computer after the whole reset??


That is helpful, thank you.

We will see if there is a rootkit there. If it is a partition one, then it is difficult to find and wouldn't show up in the normal scans.

Now

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post the log (Result.txt) in your next reply.

When you return please post
  • aswMBR log
  • Result.txt


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-08 20:44:01
-----------------------------
20:44:01.726 OS Version: Windows x64 6.1.7600
20:44:01.726 Number of processors: 4 586 0x2505
20:44:01.728 ComputerName: AUSTIN-PC UserName: Austin
20:44:02.480 Initialize success
20:44:02.600 AVAST engine defs: 12100801
20:44:09.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:44:09.661 Disk 0 Vendor: WDC_WD3200BEKT-75PVMT0 01.01A01 Size: 305245MB BusType: 11
20:44:09.679 Disk 0 MBR read successfully
20:44:09.681 Disk 0 MBR scan
20:44:09.684 Disk 0 Windows 7 default MBR code
20:44:09.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:44:09.697 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 277191 MB offset 206848
20:44:09.725 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 27849 MB offset 567894016
20:44:09.731 Disk 0 scanning C:\Windows\system32\drivers
20:44:13.004 Service scanning
20:44:23.750 Modules scanning
20:44:23.757 Disk 0 trace - called modules:
20:44:23.767 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:44:24.097 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800526d060]
20:44:24.102 3 CLASSPNP.SYS[fffff8800188d43f] -> nt!IofCallDriver -> [0xfffffa8004fb73f0]
20:44:24.106 5 ACPI.sys[fffff88000f3c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004fe1060]
20:44:24.707 AVAST engine scan C:\Windows
20:44:26.291 AVAST engine scan C:\Windows\system32
20:45:17.338 AVAST engine scan C:\Windows\system32\drivers
20:45:21.053 AVAST engine scan C:\Users\Austin
20:47:13.222 AVAST engine scan C:\ProgramData
20:47:20.778 Scan finished successfully
20:47:33.753 Disk 0 MBR has been saved successfully to "C:\Users\Austin\Desktop\MBR.dat"
20:47:33.758 The log file has been saved successfully to "C:\Users\Austin\Desktop\aswMBR.txt"


ListParts by Farbar Version: 02-10-2012
Ran by Austin (administrator) on 08-10-2012 at 20:48:18
Windows 7 (X64)
Running From: C:\Users\Austin\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 3893.61 MB
Available physical RAM: 2647.3 MB
Total Pagefile: 7785.37 MB
Available Pagefile: 6330.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:270.69 GB) (Free:242.6 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:27.2 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 103 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 270 GB 101 MB
Partition 3 Primary 27 GB 270 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 270 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 27 GB Healthy

======================================================================================================

****** End Of Log ******
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Well I am not seeing anything there.

Let's do this:

Please run the following scan for me.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    /md5start
    svchost.exe
    /md5stop

  • Click the None button at the top.
  • Click the Run Scan button.
Post the log it produces in your next reply.
  • 0

#13
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Well I am not seeing anything there.

Let's do this:

Please run the following scan for me.

Open OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    /md5start
    svchost.exe
    /md5stop

  • Click the None button at the top.
  • Click the Run Scan button.
Post the log it produces in your next reply.


OTL logfile created on: 10/8/2012 9:05:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 69.16% Memory free
7.60 Gb Paging File | 6.21 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270.69 Gb Total Space | 242.55 Gb Free Space | 89.60% Space Free | Partition Type: NTFS
Drive D: | 27.20 Gb Total Space | 1.16 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

Computer Name: AUSTIN-PC | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< End of report >
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again AustinJG,

Question: Did the svchost problem become noticable to you after you installed Malwarebytes? Tell me when you come back.

For now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#15
AustinJG

AustinJG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello again AustinJG,

Question: Did the svchost problem become noticable to you after you installed Malwarebytes? Tell me when you come back.

For now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


C:\TDSSKiller_Quarantine\08.10.2012_02.48.48\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.48.48\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.48.48\tdlfs0001\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.48.48\tdlfs0001\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.48.48\tdlfs0002\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.48.48\tdlfs0002\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.59.24\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.10.2012_02.59.24\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

Oh and I noticed the "threats" and my computer restarting without me telling it to along with my mouse being "turned off" and all that stuff when I had Avast working before I did the factory reset. Avast was saying there were 2 threats or something over and over again it would pop up on my screen. malwarebytes did not notice anything and the scans on both malware and avast did not notice anyting although avast knew something was trying to attack me and tried blocking it I suppose but nothing seemed to work

Edited by AustinJG, 08 October 2012 - 08:45 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP