Explore topic-wise InterviewSolutions in .

I recently removed my Charter Security Suite (F-Secure) from my computer and tried to reinstall it.  It ended up going into a loop trying to prepare the computer for installation.  After calling Charter, they said that I had Spy Assassin in my hpkey area in regedit.  I'm wondering how to fix the problem and make it so I can have my ISP's security suite installed.   Please HELP!

Thanks!Stephen Greene.....Go into the registry , use the search feature and search for "Spy Assassin "  remove any entries it FINDS ......( you will probably have to run search more than once as THER are probably multi entries .)

Be SURE to BACK up you registry before removing any entries just in case you foul up .

dl65  Thanks for the tip...I'll try it!

Running windows ME.  This error message keeps popping up from Microsoft Internet Explorer
Cannot FIND http://www.loadingwebsitecomnormalyyy65.html.  Make sure path or internet address is correct.
            ok
click ok then it goes to web results ( search page)
How do I get rid of this?
THANKS!!! :-/
AVG Free
-- Anti virus scanner
Adaware SE PERSONAL
-- Anti spyware scanner
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & DESTROY
-- Anti spyware scanner
ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

ok i have a message on my backround of my destop it WONT let change my backround its like its stuck there this is what it says

system stopped

system has been stopped due to a serious melfunction.
              sptware activity has been detected.

it is recommed to use spyware removel tool to prevent data loss.
       do not use before all spyware removed.

an behind that i CANT read it cause this blocked it but it something about securtiy alert an it was all blue. but i had a virus on my CPU that i got off just RECENT so i thought that had something to do with it but anyway people told me just run ad-ware an that should get rid of it but it didnt i am just confused an its annoyin sometimes i need help if u need any more info. just ask

thank youbilly.....  If you have win xp as an o/s ...I would suggest D/L M/S Antispyware ..........
http://www.microsoft.com/athome/security/spyware/software/default.mspx  
I would then shut off the system restore feature .
Then I would suggest rebooting into safe mode and do the following ....run a scan with your antivirus scanner then run a scan with antispyware .........and then run a scan with ad-Aware .......... when your done and have removed anything that was found reboot back into normal mode .

dl65  i have that anti spy ware on my cpu an it only has been detection BROWSER hi jacks any other suggestions u guys might have cause this backround message it does get annoyin after a while an every other help site does nt help any they just say the samething so any suggestions

thanks again   Quote

an it only has been detection browser hi jacks

any they just say the samething so any suggestions

What would make my Icons on my desktop just change out of no where?Did this happen on a re-boot!Download, install and CONFIGURE the following applications:

AVG Free
-- Anti virus scanner
Adaware SE Personal
-- Anti spyware scanner
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and PROFESSIONAL only.
Spybot Search & Destroy
-- Anti spyware scanner
ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Hey Everyone,
I ran a ROUTINE avg virus scan this a.m.....no virus found!
When I looked at the test results, the last five items listed were as follows:

C:WINDOWS/SYSTEM32/kernel32.dll
C:WINDOWS/SYSTEM32/wsock32.dll
C:WINDOWS/SYSTEM32/user32.dll
C:WINDOWS/SYSTEM32/shell32.dll
C:WINDOWS/SYSTEM32/ntoskrnl.exe

At the top of the page under "results" all the way down has "ok" listed, but when it GOT to these last five items, instead of "ok" it says "change" and then under "status" for these last five items it says "changed".  

Is this something to be alarmed about?  I did recently remove the 40gb hdd and replaced it with a new 80gb, and then reloaded os xp-sp2. I was WONDERING if this may be the cause of the "changed" status.?

Any feed back would be greatly appreciated!
Thanks

run a spysweeper......program like adaware/spysweeper etc......these references seem to point to IE.??.... or .some program maybe trying  to alter your registry.......Here are descriptions of those processes... Also, YOU DO HAVE A VIRUS!!!

ntoskrnl.exe --- http://www.processlibrary.com/directory/files/ntoskrnl/index.php

kernel32.dll  --- TROJAN! http://www.processlibrary.com/directory/files/kernel32/index.php

wsock32.dll  --- http://www.processlibrary.com/directory/files/wsock32/index.php

user32.dll  --- http://www.processlibrary.com/directory/files/user32/index.php

shell32.dll  --- TROJAN! http://www.processlibrary.com/directory/files/shell32/index.php

Remove the trojans as soon as possible!

[glb]Flame[/glb]http://www.majorgeeks.com/downloads31.html   Thank-you for your responses....I'm currently have
AVG
Spybot
Ad-Aware SE
CCleaner
CW Shredder

on my pc.  I ran AVG----no virus came up
Spybot--also clean
While I was running Ad-Ware, AVG popped up and said it detected a Trojan HORSE.  I quarantined it and let the scan finish then went into Vault and deleted it.  Re-ran everything and all came up clear.  Is there a specific file to look for in Registry, H-Keys that would determine if it is actually gone?  Seems like thats where I went one other time when I got a virus and deleted the file.

Thanks for your help!your ok.......avg///and the rest have scanned the reg....clean bill of health.....go surfing.......mind the water is hot THANK-YOU MERLIN_2!

I feel much better now!
Really appreciate the help!no problem........we aim to please...the family forum of the net.....You should install a firewall as well. Quote

When the System Areas Test detects a change, the Accept changes button is made available. Click it if you want the amended object to be incorporated in the System Areas Test database. If you do not accept the changes then AVG Free will alert you the next time you run the System Areas Test again.

kernel32.dll  --- TROJAN!
shell32.dll  --- TROJAN!

ok.. heres my problem.

my stupid friends downloaded all kinds of crap on my computer, and it installed over 6000 infected files on my computer. spyware, adware.. all that. i deleted and quarantined all infected files, and in about an hour, they would all come back.. so compaq told me my best option was to restore the computer

after restoring the computer, it goes into the "new computer setup" and halfway through that, it FREEZES..

i've tried putting in all the factory cards etc, but it STILL goes to that screen when i restore the pc.. i dont know if this can be fixed.. it might be screwed.

oh, and i already tried restoring it again.. same prob..

any help would be lovely tho..Restore?! LOL  Here's the BEST option.. Go buy a REAL operating system CD, and Fdisk the drive, and install the operating system from the CD... Not from those crap restore CDS...

[glb]Flame[/glb]Take the following steps:

1. Format Hard Disk Drive
2. Reinstall Windows XP
3. Take security measures before connecting to the Internet.

Make use of the following (free) programs:

AVG Free
-- Anti virus scanner
Adaware SE Personal
-- Anti spyware scanner
Microsoft Antispyware
-- Anti spyware scanner. Windows XP HOME and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options
But go out and BUY Windows XP. No more of this restore stuff...

[glb]Flame[/glb]Sometimes, the restore DISKS contain a full and legit copy of an operating system. Don't judge a book by it's cover. In this case, the CD.

Hello all! I recently saw in the newspaper that having two firewalls OR virus protection applications could be dangerous, becuase they will ocnflict with each other... Is this true, or just the usual crap that they put in the newspapers?

[glb]Flame[/glb]ZoneAlarm firewall asks you wheter it should disable the Windows XP firewall or not. To the user it may be dangerous as they may receive conflicting error reports when SOMETHING has been blocked or is asking for PERMISSION to connect to the Internet but what danger could there be for the actual software?What I mean is this... The new computer cam with McAfee Virus scan... I'm going to install norton, but do not want to UNINSTALL McAfee, becuase it raised *censored* on my old computer... So If I leave Norton and McAfee on at the same TIME, will they conflict? The paper says that they might weaken each other, making you less secure. Will that happen with Norton and McAfee if they are both on at the same time?

[glb]Flame[/glb]You can E-mail both technical support sides to see what they know.

I myself use only one software firewall and a hardware firewall. Bound to be compatible.I would ask Notron support, but those pigs charge you for the chat...    Oh Well, I can always ask Dell and Gateway... I'll keep everyone posted as to the results...

[glb]Flame[/glb] Quote

What I mean is this... The new computer cam with McAfee Virus scan... I'm going to install norton, but do not want to uninstall McAfee, becuase it raised *censored* on my old computer... So If I leave Norton and McAfee on at the same time, will they conflict? The paper says that they might weaken each other, making you less secure. Will that happen with Norton and McAfee if they are both on at the same time?

[glb]Flame[/glb]

You should try the AVG & Sygate combination, I'm sure you'd never go back to Norton or McAfee.
A lot of people swear by ZoneAlarm too but I find it a little confusing to use.

did a bunch of scans and cant GET rid of this crap. i did virus scans and i got this:
     C:\RECYCLER\S-1-5-21-1808560551-582679745-3550151506-1009\Dc52.zip>setup.exe (Win32.Alcan.C worm)
     C:\RECYCLER\S-1-5-21-92293205-724865188-1590635369-1009\Dc181.zip>setup.exe (Win32.Alcan.A worm)

it SAYS its DELETED but its not cuz when i restart its back.steve t..... Make sure that you have you folder options set to show hidden files ..........You should then be able to rescan and hopefully remove the pests .....


dl65  Operating System? Quote

it says its deleted but its not cuz when i restart its back.

I just installed windows XP. An upgrade from ME. I cannot start Norton Internet Security now. Do I need to re-install Norton?You SHOULD, yes.

[glb]Flame[/glb]ThanksSure! Come on back if you have any other questions!

[glb]Flame[/glb]you should stuck with WINME..
my two cents worth!I did not want to buy a new OS. ME was GIVING me problems. I have been told that ME is not a good OS and that I should upgrade. I was not AWARE of any problems with XP and Norton.Don't worry, Merlin's getting old.

Thanks.
I still cannot use Norton IS. I have been in touch with Symantec and they provided some SOLUTIONS, None of which have worked yet. THe next step is to upgrade to Norton IS 2005.I suggest that you reinstall Norton if you have not yet done so. It may be damaged due to the upgrade from ME to XP.

What active protection are people using and why?
For me it's...

AVG: Free, low overheads, easy updates, no conflicts, simple to use, has a scary virus alert picture.
SYGATE: Free, simple to use, gives GOOD control & information.
WINPATROL: Free, simple to use, the barking dog.

Needless to say I have all the other anti-everything scanners but only the 3 above are active.What is WinPatrol?

I make use of the following:

Kaspersky Anti Virus 5.0 Personal Warez. Would SWITCH to AVG Free. But works too well for the time being.
Sygate Personal Allows for better CONFIGURATION than the free VARIANT of ZoneAlarm. PROGRAM control. Qtec Router filters out everything else.
Windows Antispyware Novelty application.
Qtec Router Firewall Nothing gets through.http://www.winpatrol.com
Make sure your sound is turned up to hear the dog bark.I will look into this application, thank you.

Has it worked succesfully for you?It works fine, easy access to hosts file, lock & unlock hosts file, alert when something tries to change the registry and don't forget the dog barks too.
Plus other stuff.It detects nothing out of the ordinary on my system. Useful tool to manually remove threats should scanners fail.I leave it running, is something tries to write to the registry it alerts you with a screen like spybot does.
You then get a choice to allow or disallow.Does it do so with all changes made in the registry?Only new startup changes I think, now I'm going to have to find out    I shall let you know when it detects change on this system.Right click on the dog to check out the toys.I had it neutered. Woof. Quote

I had it neutered. Woof.

I use mcafee security and there is a problem with the HELP file HELPCTR.EXE at C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE

Whenever i go to start/help/search online support
mcafee says a suspicious script has been detected.

And HELPCTR.EXE is causing lots of errors like this:
Whats wrong, should i just delete it?This sould NOT be CONSIDERED a suspicious script... See this link for INFORMATION... http://www.processlibrary.com/directory/files/HELPCTR/index.php ... The link will also give you removal instructions... I hope this helps!

[glb]Flame[/glb]I have just deleted it, if it wasnt realy a bad script it still caused errors...Alright. Happy computing! (Sounds cheezy eh? just trying it on. lol )

[glb]Flame[/glb]C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE   was a main part of the windows help PROGRAM........and mcfee no comment.....norton use to throw this message up also.......if it in the recycle bin resore it.....its not malicousIts gone now, i dont use it anyway, just wanted to see if it was something like a virus or not.

Hello, I have been having some problems with my navigators recently (safari and chrome). It all started when I downloaded several third-party apps to try to recover some important files I deleted accidentally. The apps were all safe, except for one that Google warned me about (I don't remember its name or where I downloaded it from, I was desperate at the moment).
Google said it could be malware and that it would try to add extensions to Chrome, however, I thought it was the general Google kind of warning.
However, now I am having troubles with an unwanted tab opening up every time, it doesn't lead to anywhere, it just opens and then closes automatically. I deleted and reinstalled Google Chrome, deleted all extensions, reset Chrome, ran Malwarebytes Anti-malware for mac (it found some issues at first, I got rid of them. Now when I run Malwarebytes it says it did not find any malware), none made a difference.
I deleted cookies and cache from Chrome, and now the unwanted tab won't OPEN, but there is always this warning on the top right "This page is trying to load scripts from unauthenticated fonts."
Another THING that worries me is that there are some files on Finder that did not APPEAR before (it looks like their opacity icon is down as if they were not real folders as if they were hidden). For example, when I open my external HD on Finder, there are 4 files like this (.com.apple.timemachine.donotpresent ; .fseventsd ; .Spotlight-V100 ; .Trashes ; this last one, .Trashes, has an arrow icon on the bottom right of the folder icon, as if it said the folder is being downloaded, also it won't let me open the .Trashes file, it says I have no permission to see its content).
I am worried because I work with this computer, I do freelance with video editing, so I am afraid it might damage my mac or storage devices, make me lose important work, or even get hold of important info as account passwords.
If you guys could help me, it would be the best thing ever hehe, I am really desperate about this.You are using a MAC with Apple OS.
As FAR as I know there isn't a nice automated way to provide t System RESTORE as it is in  Windows. Too bad.

So your best option is to restore from a backup you have made earlier.

If you do not have a backup, now is the time to make one. Bedsore you go an further, make a full backup. Hopefully it can be used to help fix the problem later or help if things go from bad to worse.

Hindsight. Anytime you are about to do anything that might make thugs go downhill, you need to have some kind of backup or recovery plan already in place.

If you have the time and resources, try this:
A. Get a new or used hard drive you trust.
B. Install the new drive  with the Mac OS you have.
C. Hook up your old drive as a external slave.
D. Try to get what you need from the  old drive. And do not erase the old drive until you are sure everything is working perfectly.

That is the best I can offer.
The alternative would be to take it to an expert technician who really knows what he is doing.

Hello

I have resurrected an old Acer Aspire D255 netbook to take on a trip instead of my laptop.
I am upgrading the memory from 1 to 2 gig ram, installed a 60 gig SSD, loaded WIN 7 32 bit Home Premium.  Everything except the 2 gig ram I had laying around my house collecting dust and with Win 7 it actually runs pretty good.

I am looking for an Antivirus program that uses a minimal amount of memory (2gig is not very much nowadays).  I wont be doing much with the netbook mainly surfing and some word processing, but will be connecting to public WiFi.  Will the new types of Antivirus automatically adjust to the amount of available memory?I recommend MicroSoft Security Essentials. It's lite weight and unobtrusive.

MicroSoft Security Essentials   All versions and all languages.Thank you so much for the app RECOMMENDATION and to this thread!

Hello,

I was visiting https://www.huggies.com.au, and had a message pop up at the bottom saying this website WANTED to run the following add-on: flash32_29_0_0_171.ocx. I left, and came back to the website, and had a similar message appear, except it says it want to run Adobe Flash Player.

This website should be safe, and I've seen this message asking for Flash Player add-on to run, but not the other. It also seemed odd that the popup changed what it was asking to run.

ThanksThe site opened for me with no problem so it's just SOMETHING program that is missing from your computer.Alright, thanks.You're WELCOME. I will lock this thread. If you need it re-opened, please send me a PM.

Hi! I really need to make sure, by tomorrow, that my wired connection and PC are safe when I give out wifi PW(I have to..)

If someone has wifi pass and access directly to network they can only access the wifi transmission part and if I don't send any traffic via wifi and if I disable the router page from wifi connection so they cant make changes, then my PC itself and its traffic is safe, while I'm on wire?

Say my router itself or other devices connected to it or wifi or anything related to the router is compromised, or someone knew default router page PW, the router was reconfig, ath.

So, I'd need to disable the  rotuer config page for no one to be able to make changes via wireless and sth about enabling wireless isolation? Is that the guest network part or is it sth ADDITIONAL? If I cant make a guest network can I still enable wireless isolation to isolate wireless form wired or ath else to protect wired from wireless.

So I did this:
I enabled hide network on SSID 1(my future to be protected network, tho i am on wire now and will use wire) and enabled it;s isolation. Should I have done that to SSID 1 or to SSID2? or both?
https://imgur.com/a/r06K1HM

SSID 2 I enabled. Should I have enabled isolation for it too? Or just it and not SSID 1?
https://imgur.com/a/tycZPsK

Is this a true guest network that would separate my pc and wire from wireless?

I cant really check as I have no other device I trust not compromised to check.
I have a ZTE ZXHN H108n router modem adsl

If I enable no changes to router page by wireless and isolation, my wired is safe? No other ways to get in or see my traffic or hurt my PC itself? If this isn't truly a guest network the multiple SSIDs, can I still isolate wireless from wired and keep wired and PC safe?

Thanks!!Best way to make wired safe is to have a separate wireless router for those using wifi that your giving the wifi password out to from that of the other router that the PC will be connected to. This will give you a hardware firewall between the 2 networks and isolation. This is the setup I use to be able to give people access to my wifi at home and have my stuff SECURE and isolated from the one that is SHARED with others.

Basically you have your modem with a router connected to that. Then have ANOTHER second router connected to a port on the first router. Put people onto this router second one in, if anyone gets onto that network they can only see traffic on that network, they cant see traffic on the first router where your PC is located . Your PC is connected to the first router and as secure as can be if in addition to this your running an up to date version of windows fully patched an firewall enabled without any exceptions that would make for exploits.

For about a year now, I have been finding files with photos of people and art. I don’t know if this is a malware from a game with a virus or just from social sites. I FOUND photos of a woman and her son in ONE file and PICTURES of cartoon characters in another. Please help!
what is your OS and AV software?what have you tried so far; scans?, INVESTIGATIONS?, do the folder names or file names bear any resemblance to anything connected to you?
it is interesting. The worst case scenario is that someone has a remote control of your device and messing with you or you have malware that works silently and these are the indicators of its activity.
Use some software for virus termination. Av or anti-malware tools can fully scan your PC and detect, remove threats.
Try itno response from the OP in over a month - reckon he has worked it out.

Hi all! I'm Tommy !
So I have Windows 10, 64-bit as the OS. Firefox is v. 33.0. Recently I have had a problem of getting a broken image icon on photos I upload to a certain Web site. I can see other people's, but not my own. Also, I've noticed that when I open the homepage, after a few seconds, it loads again. Here is  my OTL log:

OTL logfile created on: 7/31/2018 11:32:40 PM - Run 8
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Owner\Desktop
64BIT- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.23% Memory free
5.98 Gb Paging File | 4.68 Gb Available in Paging File | 78.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 929.56 Gb Total Space | 748.77 Gb Free Space | 80.55% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.75 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot MODE: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/25 07:11:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe สมัครufabet
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2012/07/20 15:32:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/25 07:10:48 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/25 06:58:33 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise TECHNOLOGY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/09/23 03:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REDIRECT Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 D4 5F 2D 44 D1 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/25 07:10:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/01/12 11:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/10/08 05:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967\extensions
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/09/25 07:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 07:11:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/07/05 11:08:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [ = exefile] -- "%1" %*
O37 - HKLM\...com [ = comfile] -- "%1" %*
O37 - HKLM\...exe [ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/15 06:29:17 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 06:29:17 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 06:29:17 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 06:29:17 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 06:29:16 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 06:29:16 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 06:29:02 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/15 06:29:02 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/15 06:29:02 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/15 06:29:01 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/15 06:28:58 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/15 06:28:56 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/15 06:28:55 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/15 06:28:55 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/15 06:28:54 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/15 06:28:54 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/15 06:28:51 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/15 06:28:50 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/15 06:28:50 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/15 06:28:50 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/15 06:28:49 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/15 06:28:49 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/15 06:28:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/15 06:28:49 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/15 06:28:48 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/15 06:28:48 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/15 06:28:47 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/15 06:28:47 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/15 06:28:47 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/15 06:28:47 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/15 06:28:47 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/15 06:28:46 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/15 06:28:46 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/15 06:28:45 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/15 06:28:45 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/15 06:28:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/15 06:28:45 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/15 06:28:45 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/15 06:28:45 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/15 06:28:44 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/15 06:28:44 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/15 06:28:44 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/15 06:28:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/15 06:28:43 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/15 06:28:43 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/15 06:28:43 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/15 06:28:43 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/15 06:28:43 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/15 06:28:42 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/15 06:28:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/15 06:28:42 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/15 06:28:42 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/15 06:28:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/15 06:28:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/15 06:28:41 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/15 06:28:41 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/15 06:28:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/15 06:28:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/15 06:28:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/15 06:28:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/15 06:28:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/15 06:28:40 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/15 06:28:40 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/15 06:28:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/15 06:28:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/15 06:28:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/15 06:28:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/15 06:28:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/15 06:28:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/15 06:28:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/15 06:28:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/15 06:28:32 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 06:28:31 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 06:28:31 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 06:28:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 06:28:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/15 06:28:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/15 06:28:29 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 06:28:29 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/15 06:28:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 06:28:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/15 06:28:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 06:28:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 06:28:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 06:28:26 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 06:28:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/15 06:28:25 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 06:28:25 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 06:28:25 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 06:28:25 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/15 06:28:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 06:28:23 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 06:28:23 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/15 06:28:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 06:28:22 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/15 06:28:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/15 06:28:21 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 06:28:21 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 06:28:21 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 06:28:20 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 06:28:19 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 06:28:19 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/15 06:28:19 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/15 06:28:19 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 06:28:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 06:28:18 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/15 06:28:17 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 06:28:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 06:28:17 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/15 06:27:43 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 06:27:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 06:27:37 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 06:27:32 | 003,722,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 06:27:32 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 06:27:31 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/15 06:27:31 | 001,113,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/15 06:27:31 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/15 06:27:31 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 06:27:30 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 06:27:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 06:27:30 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/15 06:27:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 06:27:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/03 14:09:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Firefox Data
[2014/10/01 05:22:58 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/10/01 05:22:58 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 07:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/15 06:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/15 06:52:57 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 06:52:57 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 06:52:25 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/15 06:52:25 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/15 06:52:25 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/15 06:48:12 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/10/15 06:47:04 | 000,298,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/15 06:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/15 06:46:44 | 2409,082,880 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/13 12:46:51 | 001,785,387 | ---- | M] () -- C:\Users\Owner\Documents\George's writings corrected.pdf
[2014/10/13 12:46:37 | 001,771,720 | ---- | M] () -- C:\Users\Owner\Documents\George's writings corrected.odt
[2014/10/13 06:18:54 | 000,016,005 | ---- | M] () -- C:\Users\Owner\Documents\Celebrity Deaths 2014.odt
[2014/10/13 06:07:15 | 000,031,750 | ---- | M] () -- C:\Users\Owner\Documents\Comaprative Analysis of Daniel and Revelation.odt
[2014/10/13 05:55:48 | 017,076,224 | ---- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/10/13 05:55:48 | 011,357,184 | ---- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2014/10/12 05:13:54 | 000,012,849 | ---- | M] () -- C:\Users\Owner\Documents\Weight 2014.ods
[2014/10/09 22:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/09 22:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/09 22:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/07 08:58:52 | 000,000,142 | ---- | M] () -- C:\Windows\funcrd95.ini
[2014/10/06 14:41:36 | 000,014,472 | ---- | M] () -- C:\Users\Owner\Documents\Columbus Day weekend sale.odt
[2014/09/30 09:29:20 | 000,022,573 | ---- | M] () -- C:\Users\Owner\Documents\George's writings.odt
[2014/09/27 06:20:42 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2014/09/25 18:46:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/25 18:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/25 18:31:02 | 002,108,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/25 06:58:32 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/25 06:58:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/24 22:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/24 21:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/18 21:55:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/18 21:40:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/18 21:40:03 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/18 21:39:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/18 21:38:27 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/18 21:36:57 | 005,829,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/18 21:30:58 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/18 21:27:09 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/18 21:26:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/18 21:25:09 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/18 21:18:02 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/18 21:14:28 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/18 21:06:47 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/18 21:01:47 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/18 21:01:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/18 21:01:03 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/18 21:00:45 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/18 20:59:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/18 20:58:03 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/18 20:53:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/18 20:51:24 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/18 20:50:16 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/18 20:49:31 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/18 20:42:57 | 000,731,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/18 20:42:56 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/18 20:40:12 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/18 20:36:23 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/18 20:32:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/18 20:18:55 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/18 19:59:26 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/18 19:52:24 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/17 22:00:42 | 003,241,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
 
========== Files Created - No Company Name ==========
 
[2014/10/13 12:46:47 | 001,785,387 | ---- | C] () -- C:\Users\Owner\Documents\George's writings corrected.pdf
[2014/10/10 05:11:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/10/02 10:03:05 | 001,771,720 | ---- | C] () -- C:\Users\Owner\Documents\George's writings corrected.odt
[2014/09/30 08:32:47 | 000,022,573 | ---- | C] () -- C:\Users\Owner\Documents\George's writings.odt
[2014/09/18 13:20:12 | 000,031,750 | ---- | C] () -- C:\Users\Owner\Documents\Comaprative Analysis of Daniel and Revelation.odt
[2013/02/03 07:17:16 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.Owner.ini
 
========== Alternate Data Streams ==========
 
Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

I have finished my trial PERIOD and now I want to register the program with my key. But where do I enter this licence key ?You should CONTACT AVG.
follow the below steps:
1.Open AVG PC Tuneup icon on your desktop.
2.click on help and then Activate product.
3.Enter the Licence Number and click next.
4.Click on FINISH

Let's say there is a virus called virus.exe in a zip file, extracting it will trigger the antivirus and av will quarantine it. If I disable my antivirus (which somehow also disables windows defender), EXTRACT virus.exe (without double clicking or running the exe) and upload it to virustotal for a scan, will my computer still get infected?

There's no guarantee that your AV will catch it. Windows Defender is your AV. Use this method of scanning that file.
This may not work if the file is zipped.
Why don't you let your AV quarantine it?

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs POSTED for each one)

1. Copy and paste the following file path into the Suspicious FILES to scan box on the top of the page.

CODE: [SELECT]Insert File Path
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.Superdave.

Hi, this came up while I was looking at the TV guide.
Is this a scam or do I really have a VIRUS?

This is the website they came from.  http://secureservice.onesysutil.live/lp/acsh1/?pxl=WAD4123_WAD4027_RUNT&utm_campaign=wadcsh&utm_pubid=1806387-2919733628-0&utm_source=wadcsh&x-at=Firefox&x-context=15468644150248076099069148262668746

I run my virus protections regularly & have nil results.

Windows 10 with SAS, and I regularly use Superdaves & evilfantasies reference to other virus protection programs.

Thank you. ImnoGuruIt's a scam.Any warnings that come through your browser with a URL are scams and click bait to try to INFECT in many cases. When you see these its best to close the browser and then reopen browser. However some browsers try to bring you back to where you where but give you the option to restore recently closed pages etc. When you see the message to restore or go back to the last page or session select NO and chose to open a new session. One step further is to wipe out the browser history for say the last 2 hours or any amount of time you chose so that the bad URL is flushed from the history so no way you can accidentally go back to it and have it display it again from accidentally going back to it through history.

If browser gets hit with a hijacker though sometimes it removes your ability to close the browser through normal means such as it displays a warning full screen or a pop up that takes control and no ability to close it or minimize it. If you ever see one of these then its best to press CTRL + ALT + DELETE and select to go to task MANAGER and then locate the open browser session and tell it to kill or end that task or ENTIRE process tree for that browser. It then exits the browser and you can then run Malwarebytes on your system and remove any browser hijacker.

One good thing to do is make sure you always have 2 browsers on your system. So that if one browser gets infected you can use the other that is not infected to look up a solution to fixing the problem on the other infected browser. Having Edge or Internet Explorer DEPENDING on Windows version plus another browser of choice such as Firefox which is the browser of my choice, I have had a hijacker take Firefox hostage and by my ability to launch Edge browser I was able to download and install Malwarebytes through edge on that system and then fix the issue with Firefox taken hostage by hijacker. The hijacker my Firefox got hit with I was at facebook just reading what people posted for christmas and then somehow an rogue ad server served up a FBI warning claiming adult content on system and call this number immediately in an audio loop to correct the problem. The method of using Edge to download and install Malwarebytes to this system and then run full scan of malwarebytes caught the problem and fixed the problem with Firefox. Had I not had this Edge browser as an alternate browser I would have had to use another computer and put malwarebytes on a thumb drive and then install it off the thumb drive which if I only have 1 computer like many people do, I would have been in trouble with a lack of means of getting malwarebytes onto my computer to fix it.I knew in my heart it was a scam BC_Programmer because Im very active on running regular scans from other sources that I trust.
Short of the 500 or so gathered from Malwarebytes, nothing of any significance ever shows up, just the trackers. No PUP's, Trojans, hijackers or downloaded files. I did see at one point that Malwarebytes notifications, displayed 1 item added to the start menu, but I couldnt find anything untoward. That was some time ago, say 2 months ago. Everything in the start menu has been there since I got this computer. There are a couple I dont know what they are or do, but they are pretty insignificant. Energy Star & Bonjour by name. Energy Star is just a program that rates products energy comsumption.

That was the other reason I figured it was a virus potential DaveLembke, it came from a browser. Of all things it was my TV guide that it took over. So something advertised on the TV Guide page may have triggered it.

Certainly good advice to clear out the history otherwise it has the potential to continually return & I've seen this on a mates home computer. It was too hard to tell him how to get out of it remotely, so I had to go there to fix his computer. ( Lucky he was fairly local then ). So hard to deal with when the op doesn't have a clue, dinner was nice though. LOL.

All clean now then. Thanks for your confirmation.
ImnoGuru. It's a scam they show you message like this and ask to install some programs. If you install those programs, they might stole  your personal or anythings with your PC.

As per the subject:

Can a disk that's been set to offline in disk management be infected by a virus?

(As far as I know, the disk is not SEEN in PC as a mapped letter drive e.g. D:/
however, it can easily be turned on in disk management)

Current situation:
Host OS running windows 10
Guest OS running windows 8.1 (can be upgraded to 10 if relevant) - Through a windows to go USB

Host OS disks have been deactivated in disk management when booted into Guest OS
Guest OS cannot access Host disks unless I go to disk management and turn the drives online
If guest OS is infected with a virus (testing suspicious files), can the Host OS offline/unmounted disks be infected?

(This process involves no physical detaching of the drives as it is a tedious solution if deemed unnecessary)
(Please also do not SUGGEST SIMPLY not to TEST this at all. I would like to know HYPOTHETICALLY what level of risk this involves)

I have been informed that Evil Fantasy or SuperDave may be able to help with this question.

Thank youMore information about that topic here.

What are they ? Which one(s) should i have ?You can learn more here.Thanks for info, SuperDave. I do have Ad BlockPlus -like it, it does the job.Maybe it's ENOUGH, I don't have annoying ads popping up anymore. Probably could use more protection of some kind. We NEVER can be over protected, can we !Download Security Check by screen317 from the following link and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to ACCESS the INTERNET, ALLOW it to do so.

A Google search goes to web sites that want to give me even more malware.
IMO, any program that will not uninstall is likely malware -Am I right?

Anyway, here is a You Tube Video:
How To Fully Remove CHROMIUM Malware
Quote

This is a tutorial on how to completely remove the "Chromium" malware. This is not the only method, but I found this to be the most effective. ...

IMO, any program that will not uninstall is likely malware -Am I right?

Question: Why did my AV program not find it?

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

• Delete Tracing Keys
• Reset Winsock

The reason I think I am being hacked is my phone has been changing settings on it's own apps that i never downloaded got downloaded and some can't be removed my battery dies way to quick it burns up when I only playing music or using maps. I tried to change my settings back to normal but they just change back when i not looking at my phone another strange thing is my resume that I made from scratch had someone else number on it I no longer receive texts or calls from certain people at certain days and TIMES even email has been ACTING up my passwords have been changing and I am just fed up I NEED advice to counter this. I think they got in thru my home internet I have spectrum and I change my Passwords and the SSI Name ID but my sister and brother give away my PASSWORD to my neighbors which makes me mad

Quote from: Tovino77 on June 27, 2019, 06:07:13 AM

The reason I think I am being hacked is my phone has been changing settings on it's own apps that i never downloaded got downloaded and some can't be removed my battery dies way to quick it burns up when I only playing music or using maps. I tried to change my settings back to normal but they just change back when i not looking at my phone another strange thing is my resume that I made from scratch had someone else number on it I no longer receive texts or calls from certain people at certain days and times even email has been acting up my passwords have been changing and I am just fed up I need advice to counter this. I think they got in thru my home internet I have spectrum and I change my Passwords and the SSI Name ID but my sister and brother give away my password to my neighbors which makes me madhttps://solitaire.onl/ 9apps.ooo/ https://bluestacks.vip/

recently my friend TOLD me about his file was....deleted but the capacity of its USB device remain constant. but he CANT see his old files all of his files. then i noticed when i check his USB Flashdrive i noticed there is "found.. named folder and " all files listed as .chk file format.

Please need help... my conclusion.. is could it be possible to RECOVER all files deleted or.. moved to a c ertain file format .chk?

please... my friends... is an office clerk he need to recover all files
are there enough possible method? to recover those fiiles?


THank you in ADVANCE...


  This may help:
http://www.ericphelps.com/uncheck/
Basically the files on his USB drive were corrupted and SCANDISK ATTEMPTS to recover all existing file fragments.

Received an email from "here my own email Yahoo", and ACTIVE when you pass the MOUSE over, to "here my own email yahoo, as from"
After READING the email, i went to my acc. yahoo, and changed my PASSWORD.
I ALSO did a scan with my ZoneAlarm and Malwarebytes Anti-Malw. and SuperAntispyware, and all was clear.
What happened for someone to be able to use my Yahoo email address to sent to me an email? Did he/she was able to open my Yahoo email Account?
What should i do now ?
Help, help 
Best regards, Your E-mail account was hacked and you did the correct thing in changing your password. Just make you have a strong password. It should include numbers and letters.

Hi! My laptop is becoming increasingly slow as if there is a virus. Firefox keeps asking me whether I can to stop a script, GOOGLE chrom says about a PLUGIN that has crashed but in general sometimes I think it has frozen all together.

I just for that on a screen a while ago

resource:///components/nsSessionStore.js:402

Any idea as to what it is and above all what I can do for my computer to run properly?

thanks,
 Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and TRANSFER any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and LAUNCH Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

I was wondering if you would mind helping me (I am very anxious for my problem)

Today on a COMPUTER (without any especial AntiVirus) which is in a public place for everyone I checked my Gmail account by IE and I received a bunch of strange emails. by opening of one of them I was diverted to another person's email and then when I tried to sign in with my username, gmail said you are trying to use your old password. you password has been changed for 33 days. So I was frustrated because even I did not know the security questions; I could not sign in for around 2-3 hours and after that when I tried my password (This time in my personal Computer with ESET Smart security) I could sin in; once I signed in, I changed my password and now I would like to know whether this email address is safe anymore or not? Can I still use this email address KNOWING I have changed my password? Also I would like to know whether there is a risk of getting a keylogger after being hacked? Is keylogger installed on the system or email? When I got hacked I was with a public computer, so this means that if any keyloggers have been installed, they have been installed in that public computer? Right?and Now that I'm USING the email address in my personal computer there is no risk of having a keylogger? Am I right?

In general, also could you please let me know whether using this email is safe or nor?
Also, could you please confirm whether ESET Smart security is anti keylogger as well or not?
Thank you very much

I look forward to hearing from you. Quote

Today on a computer (without any especial AntiVirus) which is in a public place for everyone I checked my Gmail account by IE and I received a bunch of strange emails. by opening of one of them I was diverted to another person's email and then when I tried to sign in with my username, gmail said you are trying to use your old password. you password has been changed for 33 days. So I was frustrated because even I did not know the security questions; I could not sign in for around 2-3 hours and

The problem I'm having pertains to a virus/malware problem, I guess. I used the procedure listed here http://tinyurl.com/5sjq6 by myself. I don't have the patience for forums, sadly. The efforts were in vain, end I eventually ended up messing up my hosts file like an idiot. I reversed it by using a system restore point, but now I can't install any PROGRAMS. The only "error" I RECEIVE is a "Access is Denied." However, I'm sole user of this system (so I use an administrator account), went as FAR as TRYING to take "ownership" of my ENTIRE C:\* Drive. But, the problem persists.

The AVG on my netbook suddenly doesn't work this morning. The TRAY icon doesn't show up, and when I click the Start Menu shortcut to the AVG User Interface, nothing happen. Same thing when I try to launch from the installed directory.

So I run the installer and choose for repair, but it shows error message half way and said it couldn't continue. I run the installer again and choose remove instead, still same, error message half way.

How can I manually remove it and REINSTALL?

Thanks.download and run the un-installer utility from here http://www.avg.com/us-en/utilities

Once AVG is un-installed download AVAST or AVIRA as they are better than AVG, not as many false possitives and they use less system resorces.

BB

If the AVG un-install utility does not work use Revo un-installer from here  http://www.revouninstaller.com/revo_uninstaller_free_download.htmlGive your computer a treat and download MSE. It will appreciate it.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 BIT Download
Microsoft Security Essentials for Windows XP
Everything is good and red posts. But that's a very good BALANCE. Quote from: bacon buttie on January 29, 2012, 03:10:09 AM

download AVAST or AVIRA as they are better than AVG, not as many false possitives and they use less system resorces.

Hello everyone,

I am using MSE for my AV. My Internet is disconnected right now. I know I am not infected, but just in case I would like to scan all external drives, and my internal drives which are connected via USB. I WENT into the MSE settings, and under Advanced I checked the box for the removable drives. I did a full scan, and I also did a Custom scan, but my result scanning time are coming back way too fast. I even have a lot to scan. I wanted to do a full scan on everything including any devices that are attached. HONESTLY, I don't mind the slow wait until MSE is finished scanning. Maybe MSE is not setup the right way?Go into Setting and chose Advanced. Check the box for external devices. Quote from: SuperDave on February 01, 2012, 05:06:29 PM

Go into Setting and chose Advanced. Check the box for external devices.

I have AVG Tune UP, and I have CC Cleaner. Should I get rid one of them? Or both of them? Or keep them both?

do I need something in replace that would work with MSE without a conflict?

i have ESET NOD 32 (subscription) and ccleaner (the free one).    i had xoft spy SE for a long time but i have let my subscription lapse.   is that something i need STILL, or do i have enough security coverage?    i RUN the ccleaner about twice a week and the ESET about every 2 weeks.  i use this machine as a toy....games mostly and e-mails occasionally.   what do you recommend for me?ccleaner has nothing to do with system security.

You need a good AV (NOD is FINE I guess) and either MalwaerBytes or SUPERANTISPYWARE (or both - the free versions). I also use SpywareBlaster. And of course the most important facet of security is smart computing (don't open links or attachments in emails unless you are certain you know what they are, don't download anything unless you are 100% certain it is safe, etc).

This is probably a super basic question, but I hope that someone can answer for me.

I'm about to reformat my PC and reinstall Vista, which means reinstalling everything. One thing I'm never quite certain about is what order to do everything in. When I finish installing the OS, it prompts me to go online and validate it and update it and all that, but I need to have an antivirus up and running before I do that, don't I?
My assumption is that an unprotected PC shouldn't go online for even one MINUTE, so when do I install the antivirus and update it?

And one last thing: do the folks around here have recommendations for the best set-up of free security measures? We don't have a ton of money and stuff like AVG is what I rely on. What is the minimum stuff I should install on my machine in order to have some hope of surfing safely?

Thanks very much!When I reinstalled Vista I couldn't authenticate my verison of Windows right away.  I had trouble getting the network adaptor working.  But, you have the option to verify Windows later.  Just look at all the options the boxes give you.  And I think connnecting to Microsoft is probably safe.  Also, you will probably have to install updates before you can install your AV.  I use Trend Micro and I had to wait until service pack two was installed before I could install my AV.  But, like I said, I think doing this with microsoft is safe.  Now I wouldn't go looking for coupons online right away to use at L.L. Bean, that might get you into trouble.

Anyone please correct me or post that I'm wrong. Quote

I'm about to reformat my PC and reinstall Vista, which means reinstalling everything. One thing I'm never quite certain about is what order to do everything in. When I finish installing the OS, it prompts me to go online and validate it and update it and all that, but I need to have an antivirus up and running before I do that, don't I?
My assumption is that an unprotected PC shouldn't go online for even one minute, so when do I install the antivirus and update it?

And one last thing: do the folks around here have recommendations for the best set-up of free security measures? We don't have a ton of money and stuff like AVG is what I rely on. What is the minimum stuff I should install on my machine in order to have some hope of surfing safely?

For those of us who have Norton Antivirus, what would be the best procedure  in view of the recent theft of their source code?  If we decide to download a different antivirus program, do we download it, GO off line, turn off Norton (or delete it), RUN the new program and then go back on line to get the updates for the new program?  Of the free antivirus programs, which one(s) are the most effective?  I am definitely paranoid when it COMES to security.  Thank youWow, paranoid is right .

Relax. I suggest you read the following and then find something ELSE to worry about
http://www.livehacking.com/2012/01/09/hackers-steal-source-code-to-norton-antivirus/Thank you, Allan.  I had read that one and wasn't too, too concerned, until I read this more recent article from Symantec:
http://www.computerworld.com/s/article/9223495/Symantec_backtracks_admits_own_network_hacked
.....and that is when the paranoia set in.   I'm confused. How does the theft of their source code POSE an ISSUE?

It's not the source code that does the detections. It's the various signatures.

I accidentally clicked on some stupid link and have had a fun few hours, I can only use my computer if I consistantly close iexplorer that is being run in the background every minute or so. In short the malware removed by desktop, blocked task manager and cleared all menus on my computer.  I could not update java, so if that matters I apologize.  This will be the second time you guys help me, thank you in advance I really appreciate your programs/knowledge!

here is what you want:

SAS log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2011 at 01:24 AM

Application Version : 5.0.1134

CORE Rules Database Version : 7863
Trace Rules Database Version: 5675

Scan type       : Complete Scan
Total Scan Time : 00:55:20

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned      : 400
Memory threats detected   : 0
Registry items scanned    : 72073
Registry threats detected : 0
File items scanned        : 313939
File threats detected     : 1

Adware.Tracking Cookie
   C:\USERS\DAVID CRAWFORD\APPDATA\ROAMING\MICROSOFT\
WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /BURSTNET ]

Malwarebits
Database version: 8033

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/28/2011 1:26:26 AM
mbam-log-2011-10-28 (01-26-26).txt

Scan type: Quick scan
Objects scanned: 198917
Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\
bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?
Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS1

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 1.6.0_27
Run by David Crawford at 1:33:29 on 2011-10-28
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.6135.4445 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4920F6E6-8FA3-454D-B1E3-C581542EF00E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4920F6E6-8FA3-454D-B1E3-C581542EF00E}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{657A4658-9B4B-42D3-A345-13D5A0769465} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{657A4658-9B4B-42D3-A345-13D5A0769465}\D69777962756C6563737 : DhcpNameServer = 207.164.234.193 67.69.184.135
TCP: Interfaces\{83C22A46-0A97-41D9-A178-1900485BAD99} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{964FC7CA-B89A-4F97-AA74-20E774E1F858} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BFF99BDE-572E-4784-AE37-2F49C0B3B569} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C59FF3F6-F7F6-4FE6-9A95-B149BA3742EE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C59FF3F6-F7F6-4FE6-9A95-B149BA3742EE}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C59FF3F6-F7F6-4FE6-9A95-B149BA3742EE}\D69777962756C6563737 : DhcpNameServer = 207.164.234.193 67.69.184.135
TCP: Interfaces\{C5CA6EF3-4BE2-4EF5-84A4-E8FD185F2152} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\David Crawford\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-20 92160]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-10-27 44768]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-20 656624]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-1-17 24635]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S4 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-2-1 65536]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
.
=============== Created Last 30 ================
.
2011-10-28 05:30:47   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D21EDB31-CD3E-4158-B096-B0FC27C48E0F}\offreg.dll
2011-10-28 04:00:27   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-10-28 04:00:24   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-28 03:58:37   --------   d-----w-   C:\Users\David Crawford\AppData\Roaming\SUPERAntiSpyware.com
2011-10-28 03:58:16   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-10-28 03:58:16   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-10-28 03:55:16   65368   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-10-28 03:55:16   601944   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-10-28 03:55:11   41184   ----a-w-   C:\Windows\avastSS.scr
2011-10-28 03:55:06   --------   d-----w-   C:\ProgramData\AVAST Software
2011-10-28 03:55:06   --------   d-----w-   C:\Program Files\AVAST Software
2011-10-28 03:47:22   9049936   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D21EDB31-CD3E-4158-B096-B0FC27C48E0F}\mpengine.dll
2011-10-07 18:43:45   --------   d-----w-   C:\Users\David Crawford\AppData\Roaming\Research In Motion
2011-10-07 18:41:28   31744   ----a-w-   C:\Windows\System32\drivers\RimSerial_AMD64.sys
2011-10-07 18:41:14   --------   d-----w-   C:\ProgramData\Research In Motion
2011-10-07 18:41:06   --------   d-----w-   C:\Program Files (x86)\Research In Motion
2011-10-07 18:41:06   --------   d-----w-   C:\Program Files (x86)\Common Files\Research In Motion
.
==================== Find3M  ====================
.
2011-10-05 10:39:53   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-09-26 22:39:04   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-09-17 17:42:53   627600   ----a-w-   C:\Windows\System32\deployJava1.dll
2011-09-06 03:07:02   3134976   ----a-w-   C:\Windows\System32\win32k.sys
2011-08-31 21:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:40:28   861184   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20   1197568   ----a-w-   C:\Windows\System32\wininet.dll
2011-08-20 05:41:16   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23   482816   ----a-w-   C:\Windows\System32\html.iec
2011-08-20 03:26:38   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46   75776   ----a-w-   C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46   288256   ----a-w-   C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46   104960   ----a-w-   C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23   72704   ----a-w-   C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23   59904   ----a-w-   C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23   204288   ----a-w-   C:\Windows\SysWow64\MSNP.ax
.
============= FINISH:  1:43:20.26 ===============

dds2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2009 1:21:38 AM
System Uptime: 10/28/2011 1:27:32 AM (0 hours ago)
.
Motherboard: DELL Inc. |  | 0X501H
Processor: Intel(R) Core(TM) i7 CPU         920  2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 750.259 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
X: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP367: 10/7/2011 5:37:22 PM - Windows Update
RP368: 10/11/2011 11:08:06 AM - Windows Update
RP369: 10/12/2011 10:27:27 AM - Windows Update
RP370: 10/13/2011 2:24:49 AM - Windows Update
RP371: 10/14/2011 10:42:02 AM - Windows Update
RP372: 10/18/2011 11:56:05 AM - Windows Update
RP373: 10/21/2011 11:37:33 AM - Windows Update
RP374: 10/25/2011 10:07:12 AM - Windows Update
RP375: 10/26/2011 4:16:27 PM - Windows Update
RP376: 10/27/2011 11:28:08 PM - Windows Update
RP377: 10/27/2011 11:29:16 PM - Windows Update
RP378: 10/28/2011 1:35:43 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Media Encoder 2.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
ATMA V 5.05
µTorrent
avast! Free Antivirus
BlackBerry Desktop Software 6.1
CCleaner
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Support Center (Support Software)
Diablo II
DirectXInstallService
EMC 10 Content
GoToAssist 8.0.0.514
Hero Editor V0.96
Hero Editor V0.96 (C:\Program Files (x86)\Hero Editor\diablo II\hero editor\)
Java Auto Updater
Java(TM) 6 Update 27
Junk Mail filter update
K-Lite Mega Codec Pack 5.4.4
KingAgnostic's Minecraft 1.1.2_01
League of Legends
Left 4 Dead 2
Livestream Procaster
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIRC
Mozilla Firefox 7.0.1 (x86 en-US)
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
OpenOffice.org 3.1
PokerStars
PokerStrategy.com Elephant
Portforward Static IP Address 1.0.45
PostgreSQL 8.3
PowerDVD DX
PremiumSoft Navicat Premium 8.2
Realtek High Definition Audio Driver
Remere's Map Editor
Roxio Activation Module
Roxio BackOnTrack
Roxio CENTRAL Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 5.1
Sonic CinePlayer Decoder Pack
SplitMediaLabs VH Screen Capture Driver (x86)
StarCraft II
Steam
Team Fortress 2
TeamSpeak 3 Client
Tibia
Tibia MULTI-ip changer
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Vegas Pro 9.0
Ventrilo Client
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.1.1
XAMPP 1.6.6a
XSplit
.
==== Event Viewer Messages From Past Week ========
.
10/28/2011 1:35:44 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
10/28/2011 1:28:54 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: [email protected]
10/28/2011 1:28:40 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
10/28/2011 1:28:35 AM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
10/27/2011 11:54:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/27/2011 11:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/27/2011 11:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/27/2011 11:45:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/27/2011 11:45:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/27/2011 11:45:21 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:45:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter spldr sptd Wanarpv6
10/27/2011 11:44:56 PM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
10/27/2011 11:43:12 PM, Error: Service Control Manager [7034]  - The PostgreSQL Database Server 8.3 service terminated unexpectedly.  It has done this 1 time(s).
10/27/2011 11:32:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/27/2011 11:31:21 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:31:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/27/2011 11:31:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/27/2011 11:30:52 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NETBIOS NetBT nsiproxy Psched rdbss RxFilter spldr sptd tdx vwififlt Wanarpv6 WfpLwf
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:28:46 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/27/2011 11:28:42 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

I havent restored to my old settings yet, and when I search something on google, whatever link I pick gets hijacked still.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Combofix log:

I hope I didnt do anything bad, but iexplorer was at about 450 mbs while it wrote logs and I ended it under the assumption that combofix wasnt the one using it..  I have no problem re-running the program if that could have affected the results.

My searches are still hijacked.

ComboFix 11-10-28.04 - David Crawford 10/28/2011  11:40:59.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.6135.4377 [GMT -4:00]
Running from: c:\users\David Crawford\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\David Crawford\AppData\Roaming\Minecraft.exe
c:\users\David Crawford\AppData\Roaming\Uninstal.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-28 to 2011-10-28  )))))))))))))))))))))))))))))))
.
.
2011-10-28 16:18 . 2011-10-28 16:18   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCBA32D9-AC22-4A4F-9AA3-EB763402364A}\offreg.dll
2011-10-28 16:13 . 2011-10-28 16:13   --------   d-----w-   c:\users\elephant\AppData\Local\temp
2011-10-28 16:13 . 2011-10-28 16:13   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-28 05:36 . 2011-10-18 06:27   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCBA32D9-AC22-4A4F-9AA3-EB763402364A}\mpengine.dll
2011-10-28 05:35 . 2011-08-15 05:08   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2011-10-28 05:35 . 2011-08-15 04:25   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-28 04:00 . 2011-10-28 04:00   --------   d-----w-   c:\programdata\Malwarebytes
2011-10-28 04:00 . 2011-10-28 04:00   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-28 03:58 . 2011-10-28 03:58   --------   d-----w-   c:\users\David Crawford\AppData\Roaming\SUPERAntiSpyware.com
2011-10-28 03:58 . 2011-10-28 03:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-28 03:58 . 2011-10-28 03:58   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-10-28 03:55 . 2011-09-06 20:45   254400   ----a-w-   c:\windows\system32\aswBoot.exe
2011-10-28 03:55 . 2011-10-28 15:30   --------   d-----w-   c:\programdata\AVAST Software
2011-10-28 03:55 . 2011-10-28 03:55   --------   d-----w-   c:\program files\AVAST Software
2011-10-07 18:43 . 2011-10-28 03:38   --------   d-----w-   c:\users\David Crawford\AppData\Roaming\Research In Motion
2011-10-07 18:41 . 2009-01-09 20:02   31744   ----a-w-   c:\windows\system32\drivers\RimSerial_AMD64.sys
2011-10-07 18:41 . 2011-10-07 18:41   --------   d-----w-   c:\programdata\Research In Motion
2011-10-07 18:41 . 2011-10-28 03:40   --------   d-----w-   c:\program files (x86)\Common Files\Research In Motion
2011-10-07 18:41 . 2011-10-07 18:41   --------   d-----w-   c:\program files (x86)\Research In Motion
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 10:39 . 2011-05-29 16:04   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 22:39 . 2010-05-02 17:04   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-09-17 17:42 . 2011-09-17 17:43   627600   ----a-w-   c:\windows\system32\deployJava1.dll
2011-08-31 21:00 . 2009-12-18 19:18   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-10 17:48 . 2011-08-10 17:48   375   ----a-w-   c:\users\David Crawford\AppData\Local\postgresinstall.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.

• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

dds.scr;C:\Documents and Settings\David Crawford\Desktop;Trojan.MulDrop3.6866;;
dds.scr;C:\Documents and Settings\David Crawford\DoctorWeb\Quarantine;Trojan.MulDrop3.6866;Incurable.Moved.;
dds.scr;C:\Users\David Crawford\Desktop;Trojan.MulDrop3.6866;;

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 11:40:33
-----------------------------
11:40:33.032    OS Version: Windows x64 6.1.7600
11:40:33.032    Number of processors: 8 586 0x1A05
11:40:33.032    ComputerName: DAVE  UserName:
11:40:35.032    Initialize success
11:41:51.612    AVAST engine defs: 11110102
11:42:13.542    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:42:13.552    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 3
11:42:13.552    Disk 0 MBR read error 0
11:42:13.552    Disk 0 MBR scan
11:42:13.562    Disk 0 unknown MBR code
11:42:13.562    MBR BIOS signature not found 0
11:42:13.562    Service scanning
11:42:13.982    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:42:14.522    Modules scanning
11:42:14.522    Disk 0 trace - called modules:
11:42:14.542    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006649334]<<
11:42:14.542    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006636060]
11:42:14.552    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006351050]
11:42:14.552    \Driver\iaStor[0xfffffa80062c5af0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006649334
11:42:16.672    AVAST engine scan C:\Windows
11:42:52.622    AVAST engine scan C:\Windows\system32
11:43:02.622    AVAST engine scan C:\Windows\system32\drivers
11:43:12.622    AVAST engine scan C:\Users\David Crawford
11:43:22.622    AVAST engine scan C:\ProgramData
11:43:22.622    Scan finished successfully
11:47:21.476    Disk 0 MBR has been saved successfully to "C:\Users\David Crawford\Desktop\MBR.dat"
11:47:21.482    The log file has been saved successfully to "C:\Users\David Crawford\Desktop\aswMBR.txt"

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click Fix to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 11:40:33
-----------------------------
11:40:33.032    OS Version: Windows x64 6.1.7600
11:40:33.032    Number of processors: 8 586 0x1A05
11:40:33.032    ComputerName: DAVE  UserName:
11:40:35.032    Initialize success
11:41:51.612    AVAST engine defs: 11110102
11:42:13.542    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:42:13.552    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 3
11:42:13.552    Disk 0 MBR read error 0
11:42:13.552    Disk 0 MBR scan
11:42:13.562    Disk 0 unknown MBR code
11:42:13.562    MBR BIOS signature not found 0
11:42:13.562    Service scanning
11:42:13.982    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:42:14.522    Modules scanning
11:42:14.522    Disk 0 trace - called modules:
11:42:14.542    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006649334]<<
11:42:14.542    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006636060]
11:42:14.552    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006351050]
11:42:14.552    \Driver\iaStor[0xfffffa80062c5af0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006649334
11:42:16.672    AVAST engine scan C:\Windows
11:42:52.622    AVAST engine scan C:\Windows\system32
11:43:02.622    AVAST engine scan C:\Windows\system32\drivers
11:43:12.622    AVAST engine scan C:\Users\David Crawford
11:43:22.622    AVAST engine scan C:\ProgramData
11:43:22.622    Scan finished successfully
11:47:21.476    Disk 0 MBR has been saved successfully to "C:\Users\David Crawford\Desktop\MBR.dat"
11:47:21.482    The log file has been saved successfully to "C:\Users\David Crawford\Desktop\aswMBR.txt"
14:09:23.186    Disk 0 MBR fix error
14:10:04.942    Disk 0 MBR has been saved successfully to "C:\Users\David Crawford\Desktop\MBR.dat"
14:10:04.947    The log file has been saved successfully to "C:\Users\David Crawford\Desktop\aswMBR.txt"

I have downloaded 7 zip which is a "exe.exe" file. I have HEARD that  files or softwares with "exe.exe" extensions are harmful. Is it true? If it so please let me KNOW any free SOFTWARE that unzip files and is without "exe.exe" extension.All Windows Applications are EXE files. Yes, but he WONDERS about it's filename which is also named "exe" (the same as the extension)begginer, why are you calling it a "7 zip" if it has the extension exe.exe?

What is it and where did you get it from?

(by the way "beginner" has ONE 'g' and two 'n's)

So I have added the wxWidgets patch and COMPILED bitcoind I also applied the bitcoin-4diff.txt patch. Downloaded 3.24.60 of namecoind and configured my bitcoin.conf file.

I ran bitcoind in testnet and namcoind in production mode.

Then called ran merged-mine-proxy and got...



      
   
Code:
./merged-mine-proxy -w 8330 -p http://pass:[email protected]:8337/ -x http://pass:[email protected]:9098



merkle size = 1
Unhandled error in Deferred:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 388, in errback
    self._startRunCallbacks(fail)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 455, in _startRunCallbacks
    self._runCallbacks()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 542, in _runCallbacks
    current.result = callback(current.result, *ARGS, **kw)
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1076, in gotResult
    _inlineCallbacks(r, g, deferred)
--- ---
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1018, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 349, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "./merged-mine-proxy", line 249, in update_auxs
    aux_block = (yield self.auxs[chain].rpc_getauxblock())
  File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1018, in _inlineCallbacks
    result = result.throwExceptionIntoGenerator(g)
  File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 349, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "./merged-mine-proxy", line 97, in callRemote
    resp = json.loads(resp)
  File "/usr/lib/python2.7/json/__init__.py", line 326, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 360, in decode
    OBJ, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 378, in raw_decode
    raise ValueError("No JSON object could be decoded")
exceptions.ValueError: No JSON object could be decoded
   
      



Here is a copy of my bitcoin.conf for the bitcoind...

      
   
Code:
# Run on the test network instead of the real bitcoin network.
testnet=1
# server=1 tells Bitcoin to accept JSON-RPC commands.
server=1

# You must set rpcuser and rpcpassword to secure the JSON-RPC api
rpcuser=bit
rpcpassword=pass

# How many seconds bitcoin will wait for a COMPLETE RPC HTTP request.
# after the HTTP connection is established.
rpctimeout=30

# Listen for RPC connections on this TCP port:
rpcport=8337

# You can use Bitcoin or bitcoind to send commands to Bitcoin/bitcoind
# running on another HOST using this option:
rpcconnect=127.0.0.1

# Set gen=1 to attempt to generate bitcoins
gen=0
   
      


Here is a copy of my settings for namecoind's bitcoin.conf

      
   
Code:
server=1
addnode=78.47.40.55:18334
rpcuser=bit
rpcpassword=pass
rpctimeout=30
rpcport=9098
rpcconnect=127.0.0.1
gen=0
paytxfee=0.00

Hi there. My Avira auto guard has switched itself off and is unable to get back on. I try to scan with it but I receive multiple error messages.

I thought MAYBE uninstall-reinstall but then it turns out the latest version isn't compatible with my system so I downloaded Avast instead. The same thing has happened with it, it's auto guard has shut and won't open and it won't scan properly.

TrendMicro house doctor won't open. The only thing that works is SpyBot which got rid of a trojan but it hasn't really improved my situation.

Even HijackThis won't work so I can't even post one of them. And to make matters harder I have a search engine redirect virus, too.

I'm utterly clueless. Please can someone help me! 

Edit - also in task manager 'svchost.exe' has ridiculously high mem usage (over 300k)Please visit this WEBPAGE for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Thanks a LOT for the reply, DragonMaster Jay.

Here's the log:




ComboFix 11-11-03.01 - UserXP 11/03/2011  13:36:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.44.1033.18.1012.756 [GMT 0:00]
Running from: c:\documents and settings\UserXP\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\92764206.ini
c:\documents and settings\UserXP\Application Data\PriceGong
c:\documents and settings\UserXP\Application Data\PriceGong\Data\1.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\a.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\b.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\c.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\d.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\e.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\f.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\g.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\h.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\i.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\J.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\k.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\l.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\m.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\n.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\o.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\p.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\q.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\r.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\s.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\t.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\u.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\v.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\w.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\x.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\y.xml
c:\documents and settings\UserXP\Application Data\PriceGong\Data\z.xml
c:\documents and settings\UserXP\Start Menu\Programs\1964.lnk
c:\windows\$NtUninstallKB6897$\1168079883
c:\windows\$NtUninstallKB6897$\257550935\
c:\windows\$NtUninstallKB6897$\257550935\L\loipyrpm
c:\windows\$NtUninstallKB6897$\257550935\loader.tlb
c:\windows\$NtUninstallKB6897$\257550935\U\00000001
c:\windows\$NtUninstallKB6897$\257550935\U\000000c0
c:\windows\$NtUninstallKB6897$\257550935\U\000000cb
c:\windows\$NtUninstallKB6897$\257550935\U\000000cf
c:\windows\$NtUninstallKB6897$\257550935\U\80000000
c:\windows\$NtUninstallKB6897$\257550935\U\800000c0
c:\windows\$NtUninstallKB6897$\257550935\U\800000cb
c:\windows\$NtUninstallKB6897$\257550935\U\800000cf
c:\windows\1474976015
c:\windows\system32\
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\lowsec
c:\windows\system32\UACkylvjkibeftbmppqb.db
c:\windows\$NtUninstallKB6897$ . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCMSTUB
-------\Legacy_UACd.sys
-------\Service_f59ea57
-------\Service_UACd.sys
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-03 to 2011-11-03  )))))))))))))))))))))))))))))))
.
.
2011-11-03 11:18 . 2011-11-03 11:18   102400   ----a-w-   c:\windows\RegBootClean.exe
2011-11-03 11:18 . 2011-11-03 11:18   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-11-03 11:07 . 2011-06-21 04:09   200976   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2011-11-02 23:31 . 2011-11-02 23:37   --------   d-----w-   C:\ea3a44c8c715befe6d44a5
2011-11-02 23:29 . 2011-11-02 23:29   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
2011-11-02 23:28 . 2011-11-02 23:28   --------   d-----w-   c:\windows\system32\XPSViewer
2011-11-02 23:28 . 2011-11-02 23:28   --------   d-----w-   c:\program files\MSBuild
2011-11-02 23:28 . 2011-11-02 23:28   --------   d-----w-   c:\program files\Reference Assemblies
2011-11-02 23:27 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-02 23:27 . 2008-07-06 12:06   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-02 23:27 . 2008-07-06 12:06   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-02 23:27 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2011-11-02 23:27 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2011-11-02 23:27 . 2008-07-06 10:50   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-02 23:27 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-02 23:27 . 2011-11-02 23:28   --------   d-----w-   C:\e0e0ec9797bb6e1d6c
2011-11-02 23:27 . 2008-07-06 12:06   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2011-11-02 23:27 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2011-11-02 23:18 . 2011-11-03 10:46   --------   d-----w-   C:\dd6e76892436c82b6336baa1b437
2011-11-02 22:49 . 2011-11-03 13:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-02 22:49 . 2011-11-02 22:49   --------   d-----w-   c:\program files\AVAST Software
2011-11-02 22:26 . 2011-11-02 22:26   --------   d-----w-   c:\windows\system32\KB905474
2011-11-02 22:24 . 2011-11-02 22:24   --------   d-----w-   c:\program files\MSXML 6.0
2011-11-02 22:14 . 2011-11-02 22:14   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-02 22:11 . 2011-11-02 22:11   --------   d-----w-   c:\program files\MSXML 4.0
2011-11-02 22:09 . 2011-11-02 22:24   --------   d-----w-   c:\windows\system32\CatRoot_bak
2011-11-02 21:59 . 2008-06-13 13:10   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2011-11-02 21:59 . 2010-05-06 10:41   599040   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2011-11-02 21:59 . 2010-05-06 10:41   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2011-11-02 21:59 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-11-02 21:58 . 2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe
2011-11-02 21:58 . 2009-10-23 14:27   3555328   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2011-11-02 21:58 . 2008-08-14 09:51   138368   -c----w-   c:\windows\system32\dllcache\afd.sys
2011-11-02 21:58 . 2009-12-31 16:14   352640   -c----w-   c:\windows\system32\dllcache\srv.sys
2011-11-02 21:58 . 2008-05-01 14:30   331776   -c----w-   c:\windows\system32\dllcache\msadce.dll
2011-11-02 21:57 . 2009-06-21 22:04   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2011-11-02 21:56 . 2010-02-24 12:31   454016   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-11-02 21:56 . 2010-06-14 14:30   743936   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-11-02 21:53 . 2009-06-05 07:42   655872   -c----w-   c:\windows\system32\dllcache\mstscax.dll
2011-11-02 21:53 . 2009-11-21 16:36   470528   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2011-11-02 21:50 . 2008-10-15 16:57   332800   -c----w-   c:\windows\system32\dllcache\netapi32.dll
2011-11-02 21:49 . 2009-07-31 04:57   1172480   -c----w-   c:\windows\system32\dllcache\msxml3.dll
2011-11-02 21:49 . 2008-04-21 10:02   215552   -c----w-   c:\windows\system32\dllcache\wordpad.exe
2011-10-30 12:11 . 2011-11-03 10:05   --------   d-sh--w-   c:\documents and settings\UserXP\Local Settings\Application Data\0f59ea57
2011-10-30 10:01 . 2011-11-02 07:54   --------   d-----w-   c:\documents and settings\UserXP\Application Data\MediaWmplay
2011-10-09 16:01 . 2011-11-02 20:44   --------   d-----w-   c:\documents and settings\UserXP\Application Data\Umovu
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 13:54 . 2011-04-10 17:00   218688   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-03 11:18 . 2011-04-05 19:21   20992   ----a-w-   c:\windows\system32\libusbd-nt.exe
2011-10-16 09:31 . 2011-05-26 10:07   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 21:44 . 2011-04-05 17:43   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51   3911776   ----a-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51   3911776   ----a-w-   c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKLM\~\startupfolder\C:^Documents and Settings^UserXP^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43   69632   ----a-w-   c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40   53248   ------w-   c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-12 20:27   133104   ----atw-   c:\documents and settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 07:00   166424   ----a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 07:00   141848   ----a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 07:00   137752   ----a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35   94208   ----a-w-   c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 06:39   16862720   ----a-w-   c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 21:49   148888   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 01:32   1044480   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/10/2011 5:00 PM 218688]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/5/2011 7:02 PM 33792]
S3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\drivers\AF9035BDA.sys [8/29/2009 8:49 AM 241792]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\Drivers\cam1690.sys --> c:\windows\system32\Drivers\cam1690.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [6/14/2010 12:59 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [6/14/2010 12:59 PM 8456]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/12/2009 10:06 PM 96856]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;\??\c:\program files\MAGIX\Samplitude_10_SE\mxasio.sys --> c:\program files\MAGIX\Samplitude_10_SE\mxasio.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-02 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\UserXP\Application Data\Mozilla\Firefox\Profiles\kklodkg8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-{A78E3A29-141E-D17E-F14A-470BBB3C36AD} - c:\documents and settings\UserXP\Application Data\Nymekos\atrycoe.exe
AddRemove-LibUSB-Win32_is1 - c:\documents and settings\UserXP\Desktop\LibUSB-Win32-0.1.10.1\unins000.exe
AddRemove-My ScreenCam - c:\progra~1\MYSCRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 13:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\libusbd-nt.exe
.
**************************************************************************
.
Completion time: 2011-11-03  13:59:35 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-03 13:59
.
Pre-Run: 80,291,270,656 bytes free
Post-Run: 83,088,691,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 89C837FA33A397959261353CF4BB002D
Please DOWNLOAD aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

My wife continues to use a computer with win ME. Up until very recently she has been using Avast. However they have just advised that Avast no longer supports ME. I have done extensive searching for an alternative. So far the only one i was able to find is "ClamWin". However it has a very major drawback--it will only scan folders manually selected. There is no real time scan option with it. Does anyone know of any usable real time anti virus SCANNER than will STILL work with Win ME? Thank you,truenorth
Please do NOT respond with she NEEDS to upgrade to a more recent O/S. She has other computers with XP and Win 7 on them but she still likes/wants to use the ME one as well.This might seem a bit reckless, but as long as all the important data is backed up, you could try and see what happens without an AV at all.

Windows 9x doesn't really show up as a prime target anymore, for new malware; (actually, in that sense, you would probably be able to live with just the unsupported AV product).

updates to an AV add new definitions so the product can find more viruses; while I have nothing to support this, I don't see windows 9x being a big target these days; Windows Vista and 7 are the new targets that malware authors would go after, and things written for NT aren't typically something that works the same on windows 9x, especially low level things like what a virus would typically do. The operating environments are similar but are full of gotchas (to that, I can definitely attest first-hand) that require due care and attention, neither of which are usually paid with your average malware program.

Another suggestion might be to go with clamwin and use task scheduler to schedule a full scan at some time where the machine won't be in use but might be on.
BC, Again i am indebted for your help. Your conclusion re the vulnerability (lack of) of her O/S was frequently put forth during my search on the internet for a usable alternative. I certainly concur with your logic. I cannot see any mileage for malicious virus creators to place any effort into an old O/S like ME. Her habit of use is to only use the wireless adapter when she needs to go on-line otherwise she removes it. Also that particular computer is very seldom used and when it is not it is turned off. I have read your reply to her and she also sees the wisdom of it and her fear level has diminished considerably. 
 On your suggestion re ClamWin. We of course are not familiar with it other than what i have read. However re the suggestion you made re the virus scans. I may have not understood what it does and doesn't do entirely. But i gathered the impression that the only thing that could be scheduled was the update function and scanning--but only insofar as a time. It seemed that the USER still had to manually select what was to be scanned at the time chosen at the actual moment of the scan. I could be mistaken about that. Thanks again,truenorth Quote from: truenorth on October 29, 2011, 02:53:16 PM

But i gathered the impression that the only thing that could be scheduled was the update function and scanning--but only insofar as a time. It seemed that the user still had to manually select what was to be scanned at the time chosen at the actual moment of the scan. I could be mistaken about that. Thanks again

hi guys,
i'm sure you guys know about this get-answers-fast.com thing, where after a few google searches it jumps to that horrible website.

in my feeble attempt to defend myself, i ran f-secure... (which i'm never really sure if it does anything). nothing was detected.
then i downloaded microsoft security essentials.  when i ran a quick scan nothing was detected. when i ran a full scan, it got stuck, and now i can't even cancel it. (i don't know if that is relevant at all)

i know you guys are geniuses... so please tell me what to do.

thank you so much for your time... and your good electronic will.

yinPlease visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.log is as follows... thanks! and i want to share with you a screen shot of some error messages which came up after combofix rebooted (3 errors: 1- there is a problem starting C:\ProgramData\MousePolicyPolicy.dll  2- RECYCLE Bin on C:\ is corrupted Do you wan to empty the Recycle Bin for this drive?  3- There was a problem starting C:\UserszyinzAppData\Local\Installer4632\Installer4632Update\Installer4632updt32.DLL The specified module could not be found

thanksthanksthanks!

ComboFix 11-10-27.05 - yin 10/27/2011  11:08:23.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.2171 [GMT -4:00]
Running from: c:\users\yin\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.11 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: F-Secure Client Security 9.11 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Client Security 9.11 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\autorun.inf
c:\program files\Setup.exe
c:\programdata\MousePolicyPolicy.dll
c:\users\yin\AppData\Local\Installer4632\Installer4632Update\Installer4632updt32.dll
c:\windows\IsUn0804.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-27 to 2011-10-27  )))))))))))))))))))))))))))))))
.
.
2011-10-27 15:16 . 2011-10-27 15:16   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-27 14:07 . 2011-10-27 14:07   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2011-10-27 00:10 . 2011-09-12 21:26   9049936   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-27 00:09 . 2011-10-27 15:17   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A45CB0-27D8-4226-9B5A-36007A5A3634}\offreg.dll
2011-10-27 00:09 . 2011-10-07 01:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A45CB0-27D8-4226-9B5A-36007A5A3634}\mpengine.dll
2011-10-27 00:06 . 2011-10-27 00:05   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15389EEF-C043-40D1-A8A2-12443A420514}\gapaengine.dll
2011-10-26 23:44 . 2011-10-26 23:44   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-10-26 23:43 . 2011-10-26 23:45   --------   d-----w-   c:\program files\Microsoft Security Client
2011-10-26 23:43 . 2010-04-09 11:06   374664   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-10-26 23:04 . 2011-10-26 23:43   --------   d-----w-   c:\users\yin\AppData\Roaming\GetRightToGo
2011-10-25 21:12 . 2011-10-26 13:03   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBBDCD4C-2B17-440D-B994-940C02ED2A8A}\offreg.dll
2011-10-25 21:12 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBBDCD4C-2B17-440D-B994-940C02ED2A8A}\mpengine.dll
2011-10-24 01:28 . 2011-10-26 04:00   --------   d-----w-   c:\users\yin\AppData\Roaming\FileZilla
2011-10-24 01:28 . 2011-10-24 01:28   --------   d-----w-   c:\program files (x86)\FileZilla FTP Client
2011-10-14 18:11 . 2011-10-14 18:11   --------   d--h--w-   c:\programdata\CanonIJEPPEX2
2011-10-14 18:11 . 2011-10-14 18:11   --------   d--h--w-   c:\programdata\CanonEPP
2011-10-14 18:09 . 2011-10-14 18:09   --------   d-----w-   c:\programdata\Canon IJ Network Tool
2011-10-14 18:09 . 2010-03-18 18:25   307200   ----a-w-   c:\windows\SysWow64\CNC5200L.dll
2011-10-14 18:09 . 2010-03-18 16:11   106496   ----a-w-   c:\windows\SysWow64\CNC5200U.dll
2011-10-14 18:09 . 2008-08-25 17:02   15872   ----a-w-   c:\windows\SysWow64\CNHMCA.dll
2011-10-14 18:07 . 2011-10-14 18:07   --------   d-----w-   c:\programdata\CanonIJMSetup
2011-10-14 18:01 . 2011-10-14 18:01   --------   d-----w-   c:\program files\Common Files\CANON
2011-10-14 18:01 . 2011-10-14 18:01   --------   d-----w-   c:\programdata\CanonIJWSpt
2011-10-14 17:59 . 2011-10-14 17:59   --------   d-----w-   c:\program files\Canon
2011-10-14 17:58 . 2011-10-14 17:58   --------   d--h--w-   c:\programdata\CanonBJ
2011-10-14 17:58 . 2010-04-07 04:00   87040   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\CNMPPAE.DLL
2011-10-14 17:58 . 2010-04-07 04:00   28672   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\CNMPDAE.DLL
2011-10-14 17:58 . 2011-10-14 17:58   --------   d--h--w-   c:\windows\system32\CanonIJ Uninstaller Information
2011-10-14 17:57 . 2010-04-07 04:00   361472   ----a-w-   c:\windows\system32\CNMLMAE.DLL
2011-10-14 17:57 . 2010-03-11 07:57   248320   ----a-w-   c:\windows\system32\CNMIUAE.DLL
2011-10-14 17:57 . 2011-10-14 17:57   --------   d-----w-   c:\windows\system32\STRING
2011-10-14 17:57 . 2010-02-05 09:37   37376   ----a-w-   c:\windows\system32\CNMN6UI.DLL
2011-10-14 17:57 . 2010-02-05 09:37   327680   ----a-w-   c:\windows\system32\CNMN6PPM.DLL
2011-10-14 17:55 . 2011-10-14 18:11   --------   d-----w-   c:\program files (x86)\Canon
2011-10-14 00:53 . 2011-08-20 05:40   1013248   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2011-10-14 00:53 . 2011-08-20 04:34   860672   ----a-w-   c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-10-14 00:53 . 2011-08-20 05:45   1197568   ----a-w-   c:\windows\system32\wininet.dll
2011-10-14 00:51 . 2011-08-17 05:32   613888   ----a-w-   c:\windows\system32\psisdecd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 10:22 . 2011-07-04 12:37   42672   ----a-w-   c:\windows\SysWow64\drivers\fsbts.sys
2011-02-23 01:55 . 2011-02-23 01:54   4772720   ----a-w-   c:\program files\BitTorrent-7.2.exe
2010-02-23 09:49 . 2011-06-26 23:03   549216   ----a-w-   c:\program files\AecSetup.dll
2010-02-10 00:16 . 2011-06-26 23:03   1049312   ----a-w-   c:\program files\PatchMgr.dll
2010-02-10 00:16 . 2011-06-26 23:03   47328   ----a-w-   c:\program files\AcSetup.dll
2010-01-14 14:40 . 2011-06-26 23:03   704360   ----a-w-   c:\program files\SetupAcadUi.dll
2010-01-14 14:40 . 2011-06-26 23:03   693096   ----a-w-   c:\program files\SetupUi.dll
2010-01-14 14:40 . 2011-06-26 23:03   108392   ----a-w-   c:\program files\LiteHtml.dll
2010-01-14 14:40 . 2011-06-26 23:03   544616   ----a-w-   c:\program files\DeployUi.dll
2010-01-14 14:40 . 2011-06-26 23:03   85352   ----a-w-   c:\program files\CIPUtil.dll
2010-01-14 14:40 . 2011-06-26 23:02   161640   ----a-w-   c:\program files\AcDelTree.exe
2010-01-14 14:37 . 2011-06-26 23:03   319248   ----a-w-   c:\program files\UPI.dll
2010-01-14 14:36 . 2011-06-26 23:03   375128   ----a-w-   c:\program files\MC3Res.dll
2010-01-14 14:36 . 2011-06-26 23:03   1764696   ----a-w-   c:\program files\MC3.dll
2010-01-14 14:36 . 2011-06-26 23:03   190688   ----a-w-   c:\program files\senddmp.exe
2009-11-19 23:07 . 2011-06-26 23:03   189800   ----a-w-   c:\program files\adlmutil.dll
2009-11-19 23:07 . 2011-06-26 23:03   1274728   ----a-w-   c:\program files\adlmPIT.dll
2009-10-29 04:18 . 2011-06-26 23:03   653120   ----a-w-   c:\program files\msvcr90.dll
2009-10-29 04:18 . 2011-06-26 23:03   569664   ----a-w-   c:\program files\msvcp90.dll
2009-10-29 04:18 . 2011-06-26 23:03   225280   ----a-w-   c:\program files\msvcm90.dll
2009-09-10 02:57 . 2009-09-10 02:57   289830672   ------w-   c:\program files\Setup Prerequisites 08.11.07.03_en.exe
2009-06-08 01:37 . 2011-06-26 23:03   3783672   ----a-w-   c:\program files\mfc90u.dll
2008-05-05 19:55 . 2011-06-26 23:03   319248   ----a-w-   c:\program files\UPI32.dll
2008-04-10 11:31 . 2011-06-26 23:03   1835888   ----a-r-   c:\program files\xerces-c_2_8_AEC.dll
2004-05-04 14:53 . 2011-06-26 23:03   1645320   ----a-w-   c:\program files\gdiplus.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-02-16 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2011-05-19 302832]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2011-05-19 1654512]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-27 1436424]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-07-06 61088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Okay, So I am quite stuck with this issue. I know that the System Idle Process is used when there's nothing to do and it will always be 99 around that. But the problem is that when I run a busy program or games which normally would instantly replace the CPU usage from System Idle Process. It doesn't now or it does only 50%, which makes my games lag and barely unplayable.

My computer spec isn't that stone and I think spec isn't the problem because the game I always run are just Warcraft III, Starcraft, Civilization etc..

I'm using WINXP SP3 with Intel Core 2 Duo 2.80 Ghz / 4 GB of RAM / Nvidia GeForce 9800GT

I have tried scanning with Malwarebytes(the first time I ever used antivirus since I formatted it) and it detected 9 infected files, mostly are the keygen and stuff, so I removed them and restarted, hoping my comp will be back just like normal but still bad luck. :/

Could it be my hardware problem ? Graphic card ? Fans ? getting old and dusty ?
or could it be any malware or virus ?

It just happened today for no reason. I am now can't get a decent Warcraft III game going because all the CPU goes to System Idle Process instead of the game. I'm currently so desperate right now and my school break is almost over. Any helps would be apreciated. Thx D:

If nothing could solve this then I think I will have to try my last trick, formatting my C: once again. D: D:

Edited. I have checked inside my case if all the fans are working properly and all the fans seem to work just fine
I used to face with this virus called KZipShell.dll, I got it from Chinese Online game called Dragonnest. The software was fake to be something similiar to WinRAR called KZip but the actual threat files is KZipShell.dll. It disabled my right clicking and deleting option until I can removed it manually by someway but I cannot remove the .dll file. I'm not sure if this got something to do with this issue because after I left the .dll  there everything works just fine ( it was about 2 months ago btw) until now.Hello.

Would you post the MBAM log please?

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.  No input is NEEDED, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results. Post only the contents of both logs. There is no way to attach.
• Close the program window, and delete the program from your Desktop.

Your computer has keygens, which are a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.


Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply