[Guide] How to SCAN and SECURE your PC - Part I

(Locked)

MVP - WoW, Diablo III
85 Draenei Shaman
5070
This is part I of the Guide, which is now locked. However, part II can be found here:

http://eu.battle.net/wow/en/forum/topic/1820913657

On our original forums, a regular poster named Magekíd (Now Logicaly) wrote an excellent guide on how to remove keyloggers from your PCs. It received over 440,000 views and almost 4000 replies and it has been an extremely valuable source of help to players who have found their accounts compromised. As Magekíd is now only an occasional visitor to the forums, I am reposting our combined advice into one thread for this forum, so that the community can still benefit from our help and advice and so that I can keep it updated with necessary changes.


Introduction


This guide will help you clean up your PC. Not just keyloggers, but also other malicious software.

First of all, a note: Hijackthis is a tool, used for finding infections in your computer. Please note: THIS IS NOT A SCANNER. It shows both malicious rules, but also LEGIT rules. Do not fix rules in Hijackthis yourself!

You are also permitted to post your logfile in this thread. Please do bear in mind that this thread is posted BY the community FOR the community. So do expect replies from regular posters and MVP’s but you cannot expect a blue post.

Before posting a Hijackthis log, please do the following steps upfront. I know this is a lot of work, but that way most malware is already deleted and your logfile can be looked at faster.
Please remember: Follow ALL steps, including step 9

Note: Vista/Win. 7 users must run installations and the downloaded programs as Administrator. You can do this by right-clicking the program and selecting Run as Administrator (The screenshot shows it for Hijackthis, You must use this for every program we use here)
Screenshot: http://www.plaatjesupload.nl/bekijk/2010/11/21/1290333674-890.jpg
Edited by Nephadne on 24/04/2011 16:30 BST
MVP - WoW, Diablo III
85 Draenei Shaman
5070
The Nine Steps


1. Download CCleaner here: http://www.piriform.com/ccleaner/download/standard - and install it.

2. Once it’s booted, press the button to Clean up your system. This can take a few minutes, depending on how much trash there is on your PC. Please read what is being removed, you might not want the program to remove your Internet History or saved passwords.
Note: CCleaner can ask you to install Google Chrome during the installation. Uncheck this option if you do not want the toolbar!
Screenshot: http://www.plaatjesupload.nl/bekijk/2010/11/21/1290335373-040.jpg

3. Download SUPERAntiSpyware (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe)and install it.
Afterwards, open the scanner and make sure it’s up-to-date. Press Scan Your Computer and then select Perform Complete Scan. Wait until the scan is complete. Once done, make sure everything is checked and press Next until everything is deleted/fixed. If it asks you to reboot, do so.
Screenshot: http://www.plaatjesupload.nl/bekijk/2010/08/04/1280913154-790.jpg:

4. Download Spybot Search & Destroy ( http://www.safer-networking.org/nl/mirrors/index.html ) and install it.
• During the installation, uncheck "Use Internet Explorer protection (SDHelper)" and "Use system settings Protection (TeaTimer)"
• After the installation, boot Spybot S & D. Search for updates first, and download them all.
• Click on the Immunize tab afterwards, followed by clicking the Immunize button. Wait until the operation has been completed.
• Then go to the Search and Destroy tab. Click on Check All after that and wait until things are done.
• Select all problems found, and repair the problems. Close Spybot afterwards.
Screenshot: http://www.plaatjesupload.nl/bekijk/2010/02/08/1265650645-650.jpg:

5. Download MBAM (MalwareBytes' Anti-Malware) ( http://www.malwarebytes.org/mbam-download.php ) - and install it. Make sure that at the end of the installation, Update MalwareBytes' Anti-Malware and Start MalwareBytes' Anti-Malware is checked.
• Select Full Scan and start scanning. When it is done, select everything and delete the found objects.
• A logfile will also open automatically. Save this logfile and post it together with your Hijackthis logfile.
The Logfile will automatically be saved at the Logs tab in MBAM.
Note: If MBAM found objects that can't be deleted, it will ask to reboot your computer. Allow this and restart your computer.
Screenshot: http://www.plaatjesupload.nl/bekijk/2010/02/08/1265650977-740.jpg

6. Do a full system scan with your virusscanner and remove all found infections.
If you do not have a virusscanner – GET ONE ASAP!!- , you can scan online with one of these scanners. (Use Internet Explorer to scan)

BitDefender: http://www.bitdefender.com/scan8/ie.html
Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Kaspersky: http://www.kaspersky.nl/scanner

Remove all infections found.

Restart your computer.

7. Download and run the Sophos Anti Rootkit cleaner from here:-
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Full instructions are on the page.

8. Use the Malicious Software Removal Tool from Microsoft. I would run it at least once a month. You can download it here:
32-bit: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356
64-bit: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=585d2bde-367f-495e-94e7-6349f4effc74

Once it is downloaded, simply follow the steps. Make sure you perform a Full Scan.
Screenshot: http://www.plaatjesupload.nl/bekijk/2010/11/21/1290336180-20.jpg

9. Download Hijackthis http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe - and install it.
• After the installation Hijackthis will open. Press Do a systemscan and save a logfile.
A notepad file will open. In the Notepad file, press CTRL + A to select everything, CTRL + C to Copy everything. Then press CTRL + V in a new reply in this thread

Also paste the MBAM log as well as the Hijackthis logfile.


Also: Please note: Doing this all, is NOT A GUARANTEE your computer is not infected. There is no scanner that has a 100% detection rate.
Edited by Nephadne on 24/04/2011 16:27 BST
MVP - WoW, Diablo III
85 Draenei Shaman
5070
Other Useful Links / Advice


Performing regular Windows Updates is vital to the security of your PC as a whole. This service is free and you should either set it on automatic or do it manually weekly.

Windows Update
http://windowsupdate.microsoft.com/

Make sure your software is up-to-date. Secunia is a tool used by a lot of people to detect if the software you are using is updated.

Secunia OSI
http://secunia.com/vulnerability_scanning/online/

If money is tight, there are two free antivirus software packages that you can use.

Microsoft Security Essentials - http://www.microsoft.com/security_essentials/
(Anti Spyware and Anti Virus in one package for Windows Xp or above)

AVG Free Edition - http://free.avg.com/gb-en/homepage
(Anti-Virus only for Windows 2000 or above)



Please note, only 1 antivirus solution should be running on your PC at any time, so pick the one suitable for your operating system rather than installing more than one. If your operating system supports Microsoft Security Essentials, that is our recommendation at this time.
Edited by Nephadne on 24/04/2011 16:22 BST
MVP - WoW, Diablo III
85 Draenei Shaman
5070
<Reserved>
MVP - WoW, Diablo III
85 Draenei Shaman
5070
<Reserved>
MVP - WoW, Diablo III
85 Draenei Shaman
5070
<Reserved>
MVP - WoW, Diablo III
85 Draenei Shaman
5070
Oh, thought this wouldn't post. Does this mean we can post our Hijackthis files here?


Yes, you can! :)

Err question, can I run Microsoft Security Essentials at the same time as my AV even though I should keep one av running at a time? <---- also applies to the Sophoes Anti-Rootkit

And does it replace Windows Defender? <----- security essentials only


Specific tools such as Anti Rootkit one time cleaners (i.e. sophos) are fine to be used in conjunction with your regular AV program. Microsoft Security Essentials IS an AV program and as such, you should not install it if you already have an active AV program installed.

I have quoted your questions as a CM will shortly remove your posts to maintain continuity of the guide.
Edited by Shammoz on 22/11/2010 18:40 GMT
85 Human Paladin
0
Err, I meant Malicious Software Removal heh. Though I'm a bit skeptical of the Microsoft Security Essentials, honestly. I don't know why, but from what I know their past security products weren't so great.
MVP - WoW, Diablo III
85 Draenei Shaman
5070
Err, I meant Malicious Software Removal heh. Though I'm a bit skeptical of the Microsoft Security Essentials, honestly. I don't know why, but from what I know their past security products weren't so great.


The Malicious Software Removal tool is also fine to run whilst you have an active AV scanner.

I can understand your reluctance to work with a Microsoft product for Anti Virus, lets face it , their browser is hardly reliable. However, I moved over to MSE about 6 months ago and actually requested some business acquaintances who work directly in the PC security field to try an infect my test PC... they failed... they failed hard.. despite their best efforts :)
Add to this the very low resources it uses and you have a winner to be honest.
- CS
85 Draenei Paladin
5925
Good post as always Shammoz!
85 Night Elf Druid
2745
dear sham,

i think... there are a couple of bits missing from your (otherwise excellent) post... in that, it looks like you've intended to include a couple of links to screenshots and to specific products people can use, and those links are not there...

apologies if you meant to do it that way or are halfway to remedying the situation, and thx for the guide ^^

(np's also if you wanna delete this for continuity.)
MVP - WoW, Diablo III
85 Draenei Shaman
5070
dear sham,

i think... there are a couple of bits missing from your (otherwise excellent) post... in that, it looks like you've intended to include a couple of links to screenshots and to specific products people can use, and those links are not there...

apologies if you meant to do it that way or are halfway to remedying the situation, and thx for the guide ^^

(np's also if you wanna delete this for continuity.)


Sadly there are still a few forum bugs.. including if you edit a post, it removes any links! I am putting them back in now, but thanks for the heads up :)
90 Night Elf Druid
9620
I still vote for this one to be stickied.
85 Night Elf Druid
4305
This is a very informative and helpful post indeed. If you can manage to keep this post updated, a lot of people will benefit from it. I hope this gets a stickied soon enough!
In the process of doing this (Step 2!)

Gonna take your advice and try the MS anti-virus


shall post number 9 when i get to it!
85 Human Priest
0
Shammoz: Do you want me to post my MBAM log and Hijackthis logfile in a reply here in a new reply?
as request a copy and paste

Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:42, on 24/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2317.0\mswinext.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2317.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2317.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2317.0\npwinext.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2317.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11689 bytes


Thats the Hijack this log MBAM to come
This thread is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]