#144 Log file assistance

v1.0_(example)
closed
None
6
2014-04-15
2013-09-11
Schalk
No

Hello.

Recently when I try to google something, Google tells me that they are detecting strange behavior from my IP, therefor I cannot search. It also constantly requires of me to fill in CAPTCHA's. So I followed their advice and tried, malarware, spybot, ad-aware and avg. I quarantined every file that these software programs suggested. But I still have the same problem. I have scanned my system with HiJack this. Hopefully you can help me analyze my log file.

Greatly appreciated.

1 Attachments

Discussion

  • Hi,

    Please delete the following entries:
    C:\Windows\system32\taskhostex.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={EFFD4AC4-7E4C-4C45-A671-F81AB7465A3A}&serp v=5

     
    • status: open --> pending
     
  • Schalk
    Schalk
    2013-09-13

    Thanks Loucif. I have deleted these items, but the problem still persists. Google keeps requiring Captcha...

     
  • Schalk
    Schalk
    2013-09-13

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 07:32:45, on 13/09/2013
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v10.0 (10.00.9200.16660)

    Boot mode: Normal

    Running processes:
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Webroot\WRSA.exe
    C:\Windows\System32\WScript.exe
    C:\Program Files\Google\Chrome\Application\29.0.1547.66\delegate_execute.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\schal_000\Desktop\Random desktop docs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\schal_000\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
    O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
    O4 - HKLM..\Run: [OmniPage Preload] C:\Program Files\Nuance\OmniPage18\OmniPage18.exe /preload
    O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] "C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
    O4 - HKLM..\Run: [PDFCreHook] C:\Program Files\Nuance\PDF Create 7\pdfcreate7hook.exe
    O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Create 7\RegistryController.exe
    O4 - HKCU..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
    O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent
    O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
    O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
    O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q
    O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\schal_000\AppData\Local\adawarebp" /s /q
    O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
    O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
    O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
    O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip..{045CFE5E-B734-4632-9D3E-1DC2053AC1DD}: NameServer = 192.168.0.252
    O17 - HKLM\System\CCS\Services\Tcpip..{9D6D81D0-BCD6-4BD5-B317-5DE6D2D77E35}: NameServer = 192.168.0.252
    O17 - HKLM\System\CS1\Services\Tcpip..{045CFE5E-B734-4632-9D3E-1DC2053AC1DD}: NameServer = 192.168.0.252
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

    --
    End of file - 8945 bytes

     
  • jeremy daudy
    jeremy daudy
    2013-11-24

    Please advise.....

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 1:17:18 PM, on 11/24/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16736)

    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Rundll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\kdcarver\Desktop\HijackThis.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\kdcarver\AppData\Local\GCC\Controller.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com/?

    appId=43C83B6C-C66A-43F0-BE23-103A294D8B54
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: WhiteSmoke New 1.2 Toolbar - {8f02605d-be4e-41ba-bd00-c39a59c46919} -

    C:\Program Files\WhiteSmoke_New_1.2\prxtbWhit.dll
    R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files\SaveSense

    \SaveSenseIE.dll
    O2 - BHO: SecretSauce - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files

    \SecretSauce\SecretSaucebho.dll
    O2 - BHO: CrossriderApp0045960 - {11111111-1111-1111-1111-110411591160} - C:\Program Files

    \Torntv V6.0\Torntv V6.0-bho.dll
    O2 - BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files

    \IminentToolbar\1.8.26.8\bh\iminent.dll
    O2 - BHO: ArcadeFrontier Addon - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - C:\Users\kdcarver

    \AppData\Local\ArcadeFrontier\ArcadeFrontier.dll
    O2 - BHO: WhiteSmoke New 1.2 - {8f02605d-be4e-41ba-bd00-c39a59c46919} - C:\Program Files

    \WhiteSmoke_New_1.2\prxtbWhit.dll
    O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files

    \Iminent\Iminent.WebBooster.InternetExplorer.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

    \Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files

    \Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: WhiteSmoke New 1.2 Toolbar - {8f02605d-be4e-41ba-bd00-c39a59c46919} - C:

    \Program Files\WhiteSmoke_New_1.2\prxtbWhit.dll
    O3 - Toolbar: Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files

    \IminentToolbar\1.8.26.8\iminentTlbr.dll
    O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -

    runkey
    O4 - HKCU..\Run: [BackgroundContainer] "C:\Windows\system32\Rundll32.exe" "C:\Users

    \kdcarver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

    (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL

    SERVICE')
    O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

    (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK

    SERVICE')
    O4 - HKUS\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1

    /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1

    /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default

    user')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    --
    End of file - 4370 bytes

     
  • Harold
    Harold
    2014-03-23

    Hi guys

    Please help.
    I'm also having the same problem about Google.
    But before that Google problems appear . My PC getting slower .
    My FPS dropped and I can't play my games better . I have 4gb RAM but when i open my PC it already took the 35% it . I remember last time i used my CPU meter it only took 18% of my ram and now it get 35% . Also, I'm having lag when i browse the internet .
    Please Help me. I'm really desperate so i use hijackthis.

    This is my log file . Please help

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:08:41 AM, on 3/23/2014
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)

    FIREFOX: 27.0.1 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Thunder Master\THPanel.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Users\harold\Downloads\Programs\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    O4 - HKLM..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
    O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM..\Run: [IMMON] "C:\Program Files\IM Magician\Vicamon.exe"
    O4 - HKLM..\Run: [IMMONSUPPORT] "C:\Program Files\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
    O4 - HKLM..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM..\Run: [RazerGameBooster] C:\Program Files\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
    O4 - HKCU..\Run: [uTorrent] "C:\Users\harold\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU..\Run: [THPanel] "C:\Program Files\Thunder Master\THPanel.exe" /A
    O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O17 - HKLM\System\CCS\Services\Tcpip..{85077281-FE48-49B7-9FDD-98ABDCDB885F}: NameServer = 121.1.3.172 121.1.3.89
    O17 - HKLM\System\CCS\Services\Tcpip..{A23AE250-A9C3-4A39-8DDC-4A5F1E43B584}: NameServer = 121.1.3.172 121.1.3.89
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (file missing)
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RzKLService - Razer Inc. - C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8529 bytes

     
  • Please open separate cases.

     
    • status: pending --> closed