I'm using Windows 7. Firefox, I.E. and Google Chrome keeps crashing. I've had malware removed several times by my internet providers techs however, it still crashes. I'm told maybe it could be dust in the computer or that I need to not leave it on all day and night. Please give simple instructions. Thank you :(

in order to assist the malware experts who will help you, please read here and follow the instructions closely.

thanks,

v

Hello,

I turned on my Dell Latitude D620 this morning and it went to blue screen and stated it had to check the disks. That went through and started up only to have this pop-up "Services.exe - Bad Image" "The application or DLL C:\Windows\system32\MSVCP60.dll is not a valid image. Please check this against your installation diskette." and all there is is a black screen. I left it alone for a while and the blue Windows login screen appeared and I typed the password only to get another little popup which had a timer on it so I could not get everything down, but I think I got the important stuff, "services.exe terminated expectantly status code 1073741792" and it shuts down only to restart to the black screen again. I have AVG and SUPERAntiSpyware on it, so what is this and how can a novice like me fix it?

Thank You For Your Time!

Emily

I am not sure if I did the GMER file right. That is a post of the quick scan.

Tom

Every time I restart my computer "Host Process for Windows stopped working and was closed" error occurs within a few minutes. After that, my computer usually freezes and windows explorer restarts. I've tried many things to stop this, but that has become difficult. Many times, when i try to open a program I'll get an error saying "cannot receive control messages at this time" or "pipe state invalid".

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:17 PM, on 5/15/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Owner\Desktop\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-oc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-4043539977-1489486048-1306555544-1000\..\Run: [BitTorrent] "C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-4043539977-1489486048-1306555544-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.snapon.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A35511B6-86A4-416A-83A8-C979D9DABCB0}: NameServer = 8.8.8.8,4.2.2.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe

--
End of file - 5015 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86 DSREPAIR
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 10.51.2
Run by Owner at 20:09:47 on 2014-05-15
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-oc
uProxyOverride = <local>;*.local
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BitTorrent] "c:\users\owner\appdata\roaming\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: //www.snapon.com/
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{A35511B6-86A4-416A-83A8-C979D9DABCB0} : NameServer = 8.8.8.8,4.2.2.1
TCP: Interfaces\{A35511B6-86A4-416A-83A8-C979D9DABCB0} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Garmin Core Update Service;Garmin Core Update Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? FontCache;Windows Font Cache Service
S? Seagate Dashboard Services;Seagate Dashboard Services
S? Seagate MobileBackup Service;Seagate MobileBackup Service
S? VST_DPV;VST_DPV
S? VSTHWBS2;VSTHWBS2
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-10 16:46:03 107736 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-05-06 01:28:09 411552 ----a-w- c:\windows\system32\drivers\lzdocymn.sys
2014-05-06 01:03:57 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-06 01:03:57 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-06 01:03:57 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-06 01:03:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-28 02:29:10 -------- d-sh--w- C:\found.000
2014-04-27 22:11:49 -------- d-----w- C:\MATS
2014-04-27 21:26:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-27 05:09:39 107736 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2014-05-15 23:08:45 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 23:08:45 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 09:35:32 212 ----a-w- c:\users\owner\appdata\roaming\uninstall.bat
2014-03-26 21:42:48 410784 ----a-w- c:\windows\system32\drivers\usideewd.sys
2014-03-14 10:14:49 410784 ----a-w- c:\windows\system32\drivers\hslccxuf.sys
2014-03-13 21:17:00 410784 ----a-w- c:\windows\system32\drivers\gpyyefhv.sys
2014-03-13 21:13:20 410784 ----a-w- c:\windows\system32\drivers\iiknlxzu.sys
2014-03-13 21:13:02 410784 ----a-w- c:\windows\system32\drivers\dlrttouy.sys
.
============= FINISH: 20:10:29.98 ===============

.
==== Installed Programs ======================
.
Adobe Flash Player 12 Plugin
Adobe Flash Player 13 ActiveX
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arduino
Audacity 2.0
Audiosurf
Autodesk Inventor Professional 2012 English Language Pack
BitTorrent
Bonjour
Bridge Building Game
Canon Easy-PhotoPrint EX
Canon MG5200 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Cisco Connect
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elevated Installer
eReg
FARO LS 1.1.406.58
FFmpeg v0.6.2 for Audacity
Free Studio version 2013
Free YouTube to MP3 Converter version 3.12.12.827
Garmin Express
Garmin Express Tray
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
ImgBurn
iTunes
Java 7 Update 51
Java Auto Updater
LAME v3.99.3 (for Windows)
LG USB Modem driver
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft WSE 3.0 Runtime
Notepad++
OpenSSL 0.9.8l Light (32-bit)
PowerISO
QuickTime 7
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SoundCloud Downloader
swMSM
TmNationsForever
TrackMania 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
VLC media player 2.1.1
WinRAR 5.01 (32-bit)
.
==== End Of File ===========================

I've been able to start the GMER scan, but it cannot finish before an error involving a "e7y765ov.exe"

There are group policy restrictions imposed on AVG and Microsoft Security Essentials, usually this is due to an infection. There are also several suspicious services running and you have an Adware infection.

I can see the item causing the error at boot up which we can deal with after checking for infections.

First thing to do is uninstall one of the Anti Virus programs as you should never have more than one due to a high risk of conflicts occurring and the extra demand on system resources. It can also reduce your security level. Tell me which one you have taken out.

Then please run these three scans and post all the logs:


SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.





SCAN 2
Please download RKill
There are three buttons to choose from with different names on, select the first one and save it to your desktop.

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7, right-click on it and select Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please Copy & Paste the entire log in your next reply.
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
• If the tool does not run from any of the links provided, please let me know.

SCAN 3
DO NOT reboot the PC. Download Malwarebytes from here: Malwarebytes if you do not already have it and save the download to your desktop and install it. Once installed, open the program by double clicking on the icon and click on Update Now in the line where Database Version: is shown.

• Before you run the scan click on Settings and then Detection and Protection in the left pane.
• At the next window make sure there are check marks next to all three of the items below Detection Options.
• When done click on the Scan button and then make sure Threat Scan is selected, then click on the Scan Now button.
• Shut down all browsers and any running programs and leave the system undisturbed while the scan is running, it may take several hours to complete depending on the amount of data that is on your system.
• When the scan completes it will tell you and show a window with a list of the detected items. They should all show Quarantine under the Action column, check to make sure. Then click on the Apply Actions button, accept any prompts that appear and allow it to reboot if requested.
• When the system has finished booting back up open Malwarebytes again by double clicking on the icon. Then click on the History button at the top of the window.
• Click on Application Logs in the left pane. It will show a list of logs, you must find the Scan log, not the Protection Log, with todays date on it, it should be the one at the top of the list, click on the box at the beginning of the line so a check mark appears then click on View just above the list. When the next window opens click on Copy to Clipboard.
• Immediately come back here, right click inside the message box and select Paste, the log should appear. Add any other information asked for and submit the post.

Warning!
A bogus E=Mail has shown up in Comcast Xfinity form "Next Day Air Saver" supposedly from the USPS about a package that could not be delivered. DELETE IT AT ONCE! If you open it you will be infected and it is very difficult to get rid of.
The real USPS does NOT send EMails when they cannot deliver a package.

Malwarebytes has not removed the detections, they are all PUP's (potentially unwanted programs) and the scanner is only set to warn. Rootkit detection is also turned off.

Make these settings and run it again, then post the new log.

• Before you run the scan click on Settings and then Detection and Protection in the left pane.
• At the next window make sure there are check marks next to all three of the items below Detection Options.
• Also, under Non-Malware detections: set it to Treat detections as Malware.

Please also run Adwcleaner again and post the new log produced after the Clean and reboot.

I don't know if I'm in the right forum not being very techie but when I put Exentinf Class Damage into the search on this site I end up here. :confused:

My computer is running incredibly slow. I've done a defrag and then the Disk Cleanup. In the report for the Disk Cleanup I get "Exentinf Class Damaged" I've no idea what this means but perhaps it could also be the reason that my Serif CraftArtist 2 crashes when I try to print.

I should appreciate some help please :)

Many thanks

Oh yes, I'm afraid I will have to be spoon fed through anything I need to do - sorry.

My computer is infected with a virus requesting three hundred dollars and states I've been doing illegal activity. I've tried restoring my laptop in safe mode command prompt and also created a new user account but nothing has worked. Can u please help?

Hiya and welcome to Tech Support Guy :)

Sorry for the lateness in replying, these forums can get very busy. Are you still having this problem? If so, can you do the following:

Download Security Check from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

---------

Download OTL to your Desktop


(Vista or Win 7 => right click and Run As Administrator)

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Standard Output.
• At the top, check the box entitled Scan All Users
• Toward the bottom, check:
  All Users
  LOP Check
  Purity Check
• Under the Standard Registry box change it to All
  Do not change any settings unless otherwise told to do so.
• Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:
  
  
  Code:

  ---

  DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  ---

• Click the Run Scan button. The scan wont take long.
  A black box will appear, this is part of the custom scan, so don't be alarmed ;)
  IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES
  
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
  

Thanks

eddie

Just read a post about MalwareBytes' latest update; don't know if that had a bearing on my problem. I'd love to do a System Restore but cannot get there from here. ??:confused:

ontinued from above

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-17 20:55:54
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. 298.02GB
Running: isehhxe5.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\fwldqpob.sys

---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9D0B7AA0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9D0B857E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwClose [0x9D0FC85D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9D0C45C8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9D0C4614]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9D0C47AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9D0FC211]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9D0C4536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9D0C4658]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9D0C457E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9D0B8AB4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9D0C4768]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9D0B936C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9D0B7B06]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9D0FCF23]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9D0FD1D9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9D0BCB40]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9D0FCD8E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9D0FCBF9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9D0B76F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwMapViewOfSection [0x9D3187B2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9D0B7B6C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9D0BCF36]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9D0B9E54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9D0C45F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9D0C4636]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9D0C47D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9D0FC56D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9D0C455C]
SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) ZwOpenProcess [0xAF96D220]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9D0C46E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9D0C45A6]
SSDT \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) ZwOpenThread [0xAF96D388]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9D0C478C]
SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9D318556]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9D0FCA74]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9D0B9CC8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9D0FC8C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x9D0B981E]
SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwRenameKey [0x9D326526]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9D0FB857]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9D0B7BD2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9D0B7C38]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x9D0B91E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9D0B778C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9D0B795E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9D0FD02A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9D0B78EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x9D0B9536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x9D0B9698]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9D0B79E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0x9D0B9024]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x9D0B91C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9D0B7C9E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0x9D0B85DA]
Code \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) KeInsertQueueApc
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4B6C 12 Bytes [D2, 7B, 0B, 9D, 38, 7C, 0B, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [36, 95, 0B, 9D, 98, 96, 0B, ...]
.text ntoskrnl.exe!KeInsertQueueApc 804E5C2F 5 Bytes JMP AF96E360 \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576715 4 Bytes CALL 9D0BA501 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\spssys.sys section is writeable [0xBA71D2C0, 0x24932, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8FF6000, 0x29C9F0, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xAA3C9760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xA9510F80]
.text win32k.sys!EngFreeUserMem + 674 BF8099C2 3 Bytes JMP 9D0BE82C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 678 BF8099C6 1 Byte [DD]
.text win32k.sys!EngFreeUserMem + 35D1 BF80C91F 3 Bytes JMP 9D0BE70A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D5 BF80C923 1 Byte [DD]
.text win32k.sys!EngDeleteSurface + 45 BF80FDD6 5 Bytes JMP 9D0BE6BE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 44FC BF81F489 5 Bytes JMP 9D0BD19E \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF821B96 5 Bytes JMP 9D0BDC94 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82E3B0 5 Bytes JMP 9D0BD2FE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82F52E 5 Bytes JMP 9D0BE9A2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 2E84 BF839EBA 5 Bytes JMP 9D0BEBBC \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + B8FE BF842934 5 Bytes JMP 9D0BE5B2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + E0BA BF8450F0 5 Bytes JMP 9D0BDC76 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + F636 BF84666C 5 Bytes JMP 9D0BD39E \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 290F BF86910A 5 Bytes JMP 9D0BDD6C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4BED BF86B3E8 5 Bytes JMP 9D0BD7D6 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86B473 5 Bytes JMP 9D0BDAB0 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 584E BF86C049 5 Bytes JMP 9D0BD082 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AC2C BF871427 5 Bytes JMP 9D0BE75A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67EE BF878651 5 Bytes JMP 9D0BE8E4 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35E9 BF891936 5 Bytes JMP 9D0BD89C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4126 BF892473 5 Bytes JMP 9D0BDA6A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8AF55F 5 Bytes JMP 9D0BDD8A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B2C7D 5 Bytes JMP 9D0BEB14 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C1A6A 5 Bytes JMP 9D0BD4CE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + A5B0 BF8EAF87 5 Bytes JMP 9D0BDCB2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFA48 5 Bytes JMP 9D0BCF6C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1C17 5 Bytes JMP 9D0BD5B2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F1E97 5 Bytes JMP 9D0BD6FA \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914AE8 5 Bytes JMP 9D0BD286 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1CEC BF914D94 5 Bytes JMP 9D0BDE34 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF9156BC 5 Bytes JMP 9D0BD466 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F95 BF91803D 5 Bytes JMP 9D0BDBD0 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191B BF948590 5 Bytes JMP 9D0BEA66 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Dave\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\ctfmon.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[1648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[1648] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1928] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Dave\Application Data\Dropbox\bin\Dropbox.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2308] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[2788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[2868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2876] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[2948] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[3056] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3084] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[3120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[3120] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3204] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Documents and Settings\Dave\Desktop\isehhxe5.exe[5668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Dave\Desktop\isehhxe5.exe[5668] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\WINDOWS\system32\services.exe[840] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[840] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 2.1 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys (avast! TDI Filter Driver/AVAST Software)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
---- EOF - GMER 2.1 ----

That's it per instuctions:up:

The adware appears to be gone. Windows SP1 will still not install. It gives an error code 8007045D. Also, I still have many files under the root C: drive. Can I delete them?

I did use CCleaner's registry cleaner. I just read that this could cause issues.

4th bump...

Hi, you have another thread open for the same problem at Bleeping Computer: http://www.bleepingcomputer.com/foru...-malwarebytes/ As you are now receiving help here please close that thread, if you start to follow advice from two different Malware experts it will be highly confusing.

I can see a highly suspicious file still running on your system so it is likely you are still infected and most probably this is a Rootkit. Please read this warning:

We shall start with a couple of scans to get a full picture of what is on your system, FRST will flag up any serious infections. DO NOT run any other scans that I have not asked you to do as this can cause a lot of confusion in the log results, just follow my instructions.

Please run these in the order listed and make sure all logs requested are complete.

SCAN 1
NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.
Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name TFC - Temp File Cleaner by Old Timer.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.



SCAN 2
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.




SCAN 3
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button. DO NOT check any of the Optional Scan options unless requested.
• It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
• The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.

Hi, looks like we have quite a few issues to deal with so we will do a selection of scans to get a clear picture of what is on your system.

Take your time to get through this and run the scans in the order listed, not much will change until after I have reviewed the logs and issued further instructions, but Rkill might clear up your file associations. DO NOT run any other scans or make any changes to your system that I have not asked you to do as this can cause great confusion with the log results. Check all posts after you have submitted them and use the orange Edit button at the bottom of the post if you need to make any changes. Also, make sure when copying logs that you capture the entire log.

Please run these five scans in the order listed and post all six of the logs requested, FRST produces two logs:

NOTE: To avoid going over the character limit with posts please put each log in a separate reply.

SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.



SCAN 2
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button. DO NOT check any of the Optional Scan options unless requested.
• It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
• The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.

SCAN 3
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page, scroll down until you see these two icons: Select the 32bit (on the left) or the 64bit button to match the bit rate of your version of Windows.

• Quit all running programs.
• Start RogueKiller.exe by double clicking on the icon.
• Wait until Prescan has finished.
• Ensure all boxes are ticked under "Report" tab.
• Click on Scan.
• Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
• NOTE: DO NOT attempt to remove anything that the scan detects.

SCAN 4
Please download RKill
There are three buttons to choose from with different names on, select the first one and save it to your desktop.

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7, right-click on it and select Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please Copy & Paste the entire log in your next reply.
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
• If the tool does not run from any of the links provided, please let me know.

SCAN 5
DO NOT reboot the PC. Download Malwarebytes from here: Malwarebytes if you do not already have it and save the download to your desktop and install it. Once installed, open the program by double clicking on the icon and click on Update Now in the line where Database Version: is shown.

• Before you run the scan click on Settings and then Detection and Protection in the left pane.
• At the next window make sure there are check marks next to all three of the items below Detection Options.
• Also, under Non-Malware detections: set it to Treat detections as Malware
• When done click on the Scan button and then make sure Threat Scan is selected, then click on the Scan Now button.
• Shut down all browsers and any running programs and leave the system undisturbed while the scan is running, it may take several hours to complete depending on the amount of data that is on your system.
• When the scan completes it will tell you and show a window with a list of the detected items. They should all show Quarantine under the Action column, check to make sure. Then click on the Apply Actions button, accept any prompts that appear and allow it to reboot if requested.
• When the system has finished booting back up open Malwarebytes again by double clicking on the icon. Then click on the History button at the top of the window.
• Click on Application Logs in the left pane. It will show a list of logs, you must find the Scan log, not the Protection Log, with todays date on it, it should be the one at the top of the list, click on the box at the beginning of the line so a check mark appears then click on View just above the list. When the next window opens click on Copy to Clipboard. If the View button is greyed out click on the word 'Scan Log' so the line gets highlighted, the View button should then be available.
• Immediately come back here, right click inside the message box and select Paste, the log should appear. Add any other information asked for and submit the post.

My Latitude d630 keeps booting to the Dell splash screen going black and the splash screen again and again. My son was on Youtube on the other night and that was the last time it would boot up properly. I have tried to restart in safe mode , but the F8 key does nothing. I just need to get where I can remove any malware that may be on the laptop. The operating system is Windows 7. There has not been any hardware changes done recently. I do not have a recovery disc or the OS disc. I bought this used last year. I have performed the diagnostic and it came back as everything is fine.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz, x64 Family 6 Model 15 Stepping 2
Processor Count: 2
RAM: 2039 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 256 Mb
Hard Drives: C: Total - 76308 MB, Free - 39780 MB;
Motherboard: ASUSTeK Computer INC., P5GC-MX/1333
Antivirus: avast! Antivirus, Updated and Enabled

Avast has PDF Reader (by PDF Converter) that downloaded with Adobe Reader XI, in the quarantine chest as malware.gen. I want to remove it from the Control Panel and add\remove, CCleaner uninstall tool....can't remove it. Does anyone know a simple solution?

I have Online Armor, that I find excellent re downloads but MS downloaded a Service Pack at the same time and I expect I didn't read carefully what OA was telling me before I clicked on "Allow"