My IE11 seems to be hijacked. I keep getting messages indicating that my system is at threat and to call an 855 number. MBAM detects something called PUP.Optional.Multiplug. I have quarantined the results several times and they keep coming back. I have also been getting several bluescreen crashes while in IE11. My google searches also get replaced by "SoftCoup" results.

I had to download Safari on a different computer and then install it on my computer in order to make this post. IE11 is completely useless right now.

Sorry I could not be more specific...lots of strange things are happening to my computer right now.

Thanks in advance for any assistance.

==========================================================================

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 8105 Mb
Graphics Card: Intel(R) HD Graphics 4600, -1984 Mb
Hard Drives: C: Total - 228706 MB, Free - 105974 MB;
Motherboard: Intel Corporation, DH87RL
Antivirus: Microsoft Security Essentials, Updated and Enabled

Hi,
Last time I posted it was due to some BSODs - The hard drive in my 6mo laptop was failing, and thanks to you lot I got it diagnosed and sent off to Asus for repair. I've had the repaired laptop around 6 months and it was a fresh install - but it's recently been somewhat sluggish. I'd like to think I'm reasonably savvy but everything just seems to take a little too long than what I'd expect for a reasonably fresh laptop. AVAST has always been running and up to date and hasn't reported anything.

Can any of you take a quick look over this HJT log and let me know if there's something wrong, or whether i'm simply expecting too much of the laptop and need to invest in some more ram. It seems to always be running at ~80% ram and opening apps can take really quite a long time sometimes. I thought 4gb of ram was quite good!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 3981 Mb
Graphics Card: Intel(R) HD Graphics 4000, -2041 Mb
Hard Drives: C: Total - 454969 MB, Free - 94827 MB; D: Total - 953634 MB, Free - 372234 MB;
Motherboard: ASUSTeK COMPUTER INC., S400CA
Antivirus: avast! Antivirus, Updated and Enabled



HJT Log


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:25:06, on 27/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\Asus\AppData\Roaming\Dashlane\DashlanePlugin.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asus\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Asus\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Asus\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui
O4 - HKLM\..\Run: [ATLauncher] "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Asus\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [f.lux] "C:\Users\Asus\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FCA810C0E252261B949A7B9F364CE16A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIYE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2010 Series"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Dropbox.lnk = C:\Users\Asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD19AE9-B428-432D-96E1-9B779C763669}: NameServer = 8.8.8.8
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @oem2.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem2.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem2.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:\postgreSQL\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem3.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 15132 bytes









Thanks a lot!

I just installed and ran this free anti malware program. It detected 90 problems that Adwcleaner didn't see.

Why did I run this program? I was tricked into letting "clickforsupport" remotely scan my computer to locate my forgotten wifi password. Clickforsupport is a scam, and wanted to charge me for locating my wifi password when in reality, the password was located on a label on the bottom of my modem.

Any opinions on this anti malware program?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Starter, Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 3 Mb
Hard Drives: C: Total - 229003 MB, Free - 194868 MB;
Motherboard: TOSHIBA, PAV10 DDR2
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

I WAS ON FB and had a post shared by a friend ..it was from horrificvideo.com/byby..tried to view it and it said i needed to logon to fb from their link..red flag..but i am not computer savvy..i didi that ..but before video started i saw that it was child sexual content and immediately tried to delete it..the little arrow for deletion would not even give me the option to delete..it came up save this video..so i went to help(i was on my android phone( and help said to log on from a computer to delete it..which i did. uh oh..still would not delete..page stopped responding..faded..came back..i did a force stop because i could not close the window..took several tries to get it deleted..BUT too late i realized that my free AVG had not even run the scan, which i always wait for....now computer is just not acting right..very slow to respond to commands, but i have been having trouble for a few weeks on this anyway..i had installed antimalwarebyte free version not sure that is the right name..but it seemed to give me trouble too so I had uninstalled it and tried to uninstall microsoft office student 2007 because I don't use it..I have open office..I just have a big mess and no money and need help..I am trying to put in job applications online and cannot afford for my computer to go down..please help..i did a restore and it seemed to work great for a few days..honestly I think it was the antimalware that screwed it up even more..oh wait..I also installed 10bituninstaller because i had accidentally installed the dreaded ask toolbar..I think THAT is what gave me the worst problem because it was not completely uninstalling..and when I tried to uninstall THAT..oh lord...please help..computer is slow to start..slow to shut down..pages stop responding..slow to act on a command..freezes..etc

Yesterday I installed DvdVideosoft and when about finishing, I started to see lots of antivirus messages against Adware.
When installation was finished I started to see Winlogon.exe "Bad image" messages, reporting problems with sysapcrt.dll.
This message also appeared when I started DvdVideosoft, when logging off, booting and logging in.
I found the solution in this forum, I have downloaded DDS.exe and ComboFix.
I ran only DDS.exe and got the reports dds.txt and attach.txt bellow.
I have F-Secure antivirus and I am very happy with it.
Now it is disabled and the only fence I have is Windows Defender, which I cannot disable even as administrator.
May I run ComboFix now in the Administrator account?

Very grateful for your support.


My system:
===============================
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz, x64 Family 6 Model 23 Stepping 7
Processor Count: 4
RAM: 2045 Mb
Graphics Card: NVIDIA GeForce 8500 GT, 512 Mb
Hard Drives: C: Total - 476935 MB, Free - 256169 MB;
Motherboard: Gigabyte Technology Co., Ltd., EP35-DS3L
Antivirus: F-Secure Anti-Virus for Workstations 9.11, Disabled
=========================================

DDS.txt file:

====================================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16584 BrowserJavaVersion: 10.51.2
Run by Administrador at 11:37:53 on 2014-10-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.1033.18.2046.273 [GMT 0:00]
.
AV: F-Secure Anti-Virus for Workstations 9.11 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.11 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Settings Manager\smdmf\smdmfu.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=513&src=hmp
uProxyServer = proxy.ist.utl.pt:3128
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -
uURLSearchHooks: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV_.dll
uURLSearchHooks: WiseConvert 1.1 Toolbar: {ddfcc212-9d54-48b7-a0d0-a5023ddb5b79} - c:\program files\wiseconvert_1.1\prxtbWis0.dll
mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -
mURLSearchHooks: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV_.dll
mURLSearchHooks: WiseConvert 1.1 Toolbar: {ddfcc212-9d54-48b7-a0d0-a5023ddb5b79} - c:\program files\wiseconvert_1.1\prxtbWis0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV_.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\users\administrador\appdata\local\linkey\ieextension\iedll.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: WiseConvert 1.1 Toolbar: {ddfcc212-9d54-48b7-a0d0-a5023ddb5b79} - c:\program files\wiseconvert_1.1\prxtbWis0.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -
BHO: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: DVDVideoSoft Toolbar: {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -
TB: Ask Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -
TB: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV_.dll
TB: WiseConvert 1.1 Toolbar: {ddfcc212-9d54-48b7-a0d0-a5023ddb5b79} - c:\program files\wiseconvert_1.1\prxtbWis0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [PMCRemote] <no file>
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [EPSON Product Registration Reminder] c:\windows\temp\RegModule.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 212.55.154.174 212.55.154.190
TCP: Interfaces\{6BB920ED-644D-4AEF-8FD4-A957EA48D35D} : DHCPNameServer = 212.55.154.174 212.55.154.190
AppInit_DLLs= c:\users\admini~1\appdata\local\linkey\ieexte~1\iedll.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrador\appdata\roaming\mozilla\firefox\profiles\hcbuui0f.de fault\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=513&src=hmp
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=513&src=ds&p=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\autodesk\autodesk design review browser add-on v1.2\npADRdwf.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2009-06-23 21:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-12-20 44240]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files\settings manager\smdmf\smdmfmgrc2.cfg [2014-10-27 34192]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2008-12-20 13536]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2008-12-20 220896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 SmdmFService;SmdmF Service;c:\program files\settings manager\smdmf\SmdmFService.exe [2014-10-27 3572240]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [2008-12-17 1121536]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2008-12-20 145856]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2008-12-20 184032]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2012-1-6 60352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-12-17 47624]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-9 8576]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-10-27 21:06:40 -------- d-----w- c:\users\administrador\appdata\local\Opera Software
2014-10-27 21:06:29 -------- d-----w- c:\users\administrador\appdata\roaming\Opera Software
2014-10-27 20:58:33 -------- d-----w- c:\users\administrador\appdata\local\Linkey
2014-10-27 20:57:40 -------- d-----w- c:\program files\Free Codec Pack
2014-10-27 20:57:27 -------- d-----w- c:\users\administrador\appdata\roaming\FirefoxToolbar
2014-10-27 20:57:14 -------- d-----w- c:\programdata\smdmf
2014-10-27 20:57:14 -------- d-----w- c:\program files\Settings Manager
2014-10-27 20:56:56 -------- d-----w- c:\program files\common files\DVDVideoSoft
2014-10-27 20:56:55 -------- d-----w- c:\users\administrador\appdata\roaming\RHEng
2014-10-27 20:56:55 -------- d-----w- c:\program files\DVDVideoSoft
2014-10-24 14:50:34 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32d0edca-b139-4482-912e-54b3c63664ff}\mpengine.dll
2014-10-15 22:54:02 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 22:54:02 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 22:54:02 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 22:51:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 22:40:20 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-15 22:37:02 66560 ----a-w- c:\windows\system32\packager.dll
.
==================== Find3M ====================
.
2014-10-02 14:53:02 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-23 22:45:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 22:45:10 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 11:38:49,37 ===============

====================================================

ATTACH.txt file:

====================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17-12-2008 10:19:46
System Uptime: 28-10-2014 10:47:04 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3L
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2000/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 250,163 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1387: 22-09-2014 18:20:39 - Scheduled Checkpoint
RP1388: 23-09-2014 09:38:43 - Windows Update
RP1389: 25-09-2014 00:06:31 - Windows Update
RP1390: 27-09-2014 09:21:33 - Scheduled Checkpoint
RP1391: 27-09-2014 23:42:33 - Scheduled Checkpoint
RP1392: 30-09-2014 08:20:12 - Windows Update
RP1393: 01-10-2014 23:21:37 - Scheduled Checkpoint
RP1394: 02-10-2014 17:28:32 - Scheduled Checkpoint
RP1395: 04-10-2014 09:26:03 - Windows Update
RP1396: 05-10-2014 21:48:57 - Scheduled Checkpoint
RP1397: 07-10-2014 15:18:35 - Windows Update
RP1398: 14-10-2014 15:09:53 - Windows Update
RP1399: 15-10-2014 23:36:19 - Windows Update
RP1400: 16-10-2014 19:24:22 - Scheduled Checkpoint
RP1401: 17-10-2014 23:13:04 - Scheduled Checkpoint
RP1402: 20-10-2014 19:19:57 - Scheduled Checkpoint
RP1403: 21-10-2014 16:14:43 - Windows Update
RP1404: 26-10-2014 13:17:58 - Scheduled Checkpoint
RP1405: 27-10-2014 19:29:46 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
802.11g Wireless PCI Adapter
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader 9.5.5
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Apple Application Support
ArcSoft PhotoImpression 6
Ask Toolbar
Audacity 2.0.3
Autodesk Design Review 2012
Autodesk Design Review Browser Add-on v1.2
AutoUpdate
Bitvise Tunnelier 4.31 (remove only)
Borland C++ 5.02
calibre
CodeBlocks
Compatibility Pack for the 2007 Office system
DiscAPI (Studio 10)
DivX
DWG TrueView 2010
DWG TrueView 2012
Dynamic Energy Saver 1.0 B8.0128.1
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON PERFECTION V200 PHOTO Manual
EPSON Scan
EPSON Scan Assistant
ExpressPCB
F-Secure Anti-Virus for Workstations
F-Secure Anti-Virus for Workstations - Virus & Spy Protection
FFmpeg v0.6.2 for Audacity
FLV Runner Toolbar
Free Studio version 2014
GlassFish Tools Bundle For Eclipse 1.2
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.63
GSview 4.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IRS - Modelo 3 v1.0.18
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 51
Java Auto Updater
LightScribe System Software 1.10.19.1
Linkey
LiveUSB Creator (remove only)
MATLAB R2008a
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XML Parser
Microsoft_VC100_CRT_SP1_x86
MiKTeX 2.9
Modelo 22 1.0.8.0033
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mustek MDC 3500
Nero 7 Essentials
neroxml
Nikon File Uploader 2
Nikon Message Center 2
Nokia Connectivity Cable Driver
Nokia Suite
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Display Control Panel
NVIDIA Graphics Driver 314.22
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.12.12
NVIDIA Update Components
Opera Stable 25.0.1614.63
PC Connectivity Solution
Picture Control Utility
Pidgin
Pinnacle TVCenter Pro
PrimoPDF -- brought to you by Nitro PDF Software
PVSonyDll
Qstarz Travel Recorder PC Utility V4.3
QuickTime
RAPID (Studio 10)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Settings Manager
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
SmartSound Quicktracks Plugin
Spelling Dictionaries Support For Adobe Reader 9
Studio 10
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
ViewNX 2
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
Windows Live Sign-in Assistant
WinEdt
WinPcap 4.1.1
Wireshark 1.2.6
WiseConvert 1.1 Toolbar
.
==== Event Viewer Messages From Past Week ========
.
28-10-2014 10:53:40, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28-10-2014 10:53:40, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
28-10-2014 10:50:15, Error: F-Secure Gatekeeper [1] -
28-10-2014 10:47:25, Error: EventLog [6008] - The previous system shutdown at 10:46:17 on 28-10-2014 was unexpected.
27-10-2014 20:59:35, Error: Service Control Manager [7030] - The SmdmF Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
22-10-2014 20:35:10, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013F7ECD115 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

====================================================

Computer seems slow...I ran task manager and find 10 instances of dllhost.exe 32 runing at the same time? Some of these are showing 562,000 memory use and others 707,190 use...lots of hard drive spin. I scanned with MalwareBytes, Norton, and Microsofts Malacious Software tool....all show nothing?

Unfortunatly I can not run and download anything as my browser (on my laptop) has been hijacked. I believe it came in on an very real looking AVG update. Once the update was completed the next site I went to, the browser was hijacked by a page demanding money be paid to it. I am sending this from my main computer. Is there a program to put on a USB stick that I can run on my laptop to clean this up?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8174 Mb
Graphics Card: AMD Radeon HD 6450, 1024 Mb
Hard Drives: C: Total - 939866 MB, Free - 794760 MB; D: Total - 13999 MB, Free - 6596 MB; J: Total - 953865 MB, Free - 224326 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: Norton Internet Security, Updated and Enabled

I open the Windows Task Manager and under the Processes Tab, I see the following: kxjjjdgf.exe which is described as a Google Chrome file.
This file is shown about 12 times and all are actively and continuously changing and using CPU resources.

I want to stop these files and uninstall/delete them.

I have selected them one at a time and clicked on the End Process button. The file immediately re-appears and no matter how often I click the end process button, the files re-appear.

I installed the Google Chrome browser and uninstalled it several times using Revo Pro uninstaller: no change. I have run CCleaner several times: no change. I opened WinPatrol PLUS, and under the Active Tasks, the file is shown. I selected it and clicked the Kill Task button to no avail. I selected it and right clicked the mouse button, selected the Delete File on Reboot, and then re-booted the computer. The file is unchanged.

I have tried to start the computer in Safe Mode by holding down the F8 button at start, but the computer will not start in safe mode. I have turned off the power to the computer, and upon re-start, I get the normal Windows start, not the screen which tells me computer was shut down abnormally.

I opened the Control Panel and under Uninstall or change a program, Google Chrome is not shown, nor is this file shown. At the Windows Start button, I typed this file name into the Search programs and files area, and get no information. The file is shown in the following location:
C/Users/Carl C Prescott/AppData/LocalLow/Adblock Plus for IE/otalkpo/grozfwmogzyy.

I tried to delete it from this location, but get the message that it is in use and must be closed first.

Any suggestions on how to rid this file from my computer? Thanks, CCP

got a lot of malware on the still working account too. please help get rid of it and hopefully fix it.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Quad Core i7-960, 3.2 GHz, x86 Family 6 Model 26 Stepping 5
Processor Count: 1
RAM: 4096 MB
Graphics Card: Gigabyte AMD Radeon HD 6850, 1.0 GB
Hard Drives: C: Size-150GB/68.4 Free; D: Size-150GB/36.5 Free; F: Size-200GB/90Free; G: Size 400GB/145.6 Free
Motherboard: Gigabyte G1 Guerrilla
Antivirus: AVG Anti-Virus Free Edition 2012, Updated: Yes, On-Demand Scanner: Enabled

Hello, a few months ago I started having a problem with Internet Explorer continuiing to run in the background and freezing and being extremely slow. This seemed to coincide with when Microsoft stopped supporting Windows XP, i.e. no more security updates. Anyway, I figured it was just a Microsoft thing, so I started using Chrome and the same thing happened with it, and so I started using Mozilla Firefox and it does the same thing. Sometimes I will have all three of them running and task manager will not be able to shut them down, and there will be several instances of both Chrome and Internet Explorer running and usually one big one memory usage for Firefox. Anyway, I will have to restart my computer to clear them out because it slows my computer to a crawl. I tried running each of them with out any plugins but they still act up, and I have not found any malware or viruses on my computer. (Other than the usual cookie crap, that is) I am thinking about wiping everything and buying Windows 7 hoping that will solve this problem. But until I can afford to buy Windows 7, I would be very appreciative if you could offer some advice as to what the problem might be and how to fix it.

Thank you so much for your time,
Linda

I finished building a new PC a month or so ago, and recently, I've had problems connecting to the internet. All of my other PC and devices connect fine. I have a gigabit wired connection and a 1.3GB wireless AC connection. Sometimes I can access the internet, with either network adapter, but after a short period of time, I lose my connection. This happens simultaneously with both adapters. When I right click on my connection in the bottom corner (I'm running Windows 7 Ultimate x64) and select troubleshoot connection, it comes back with the following error, "Windows could not automatically detect his network's proxy settings." In the Network and Connection window, usually there would be an X between my PC and my router or between my router and the globe (WAN), but it shows that I have a connection.

I was also just installing the driver/software for my Lamptron CM615 watercooling/fan controller, which I'm supposed to be able to monitor remotely, and during the installation, I got an error saying "The InstsllShield Engine (iKernel.exe) could not be installed. IKernel.exe could not be copied to C:\Program Files (x86)\Common Files\InstsllShield\Engine\6\Intel 32. Make sure that you have the appropriate privileges to copy files to this folder. (0x20)"

So apparently, I've lost some of my privileges as Admin too. I've deleted my partition, reinstalled the OS on my C drive, which is a pair of Samsung 840 Pros 256GB setup in RAID0, but this continues to happen. I'm guessing that maybe some of the drivers/software for my PC could be infected, and this is why it keeps coming back. I've never been infected with Malware before, but after reading up on some of the articles, this is the only thing I can think of as the problem. Please give me some advice on if it is or not. I work from home and this is my work PC, so I haven't been able to get any work done. I'm running McAfee Internet Security, but I guess it's possible for some things to get past. Please advise. I don't know where to go from here. Thanks.

Sent from my SAMSUNG-SM-G900A using Tapatalk

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E6600 @ 3.06GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4061 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1806 Mb
Hard Drives: C: Total - 596378 MB, Free - 40577 MB;
Motherboard: Acer, WG43M
Antivirus: AVG AntiVirus 2015, Updated and Enabled


The computer is running very slow, i believe its been infected or hijacked by spyware and malware.
at this time i have run avg 2015 and removed all found infections, i also ran malwarebytes and removed all infections, i ran superantispyware and also removed all threats. i ran ccleaner and removed all old registry entries temp files etci just ran i in the standard default configurtration. this morning i woke up and found that malwarebytes found some of the same infections it found yesterday again, prob still runing in memory and not able to be removed with the current list of programs i have used.

below i attached the log from malwarebytes that it produced this morning.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/29/2014
Scan Time: 2:55:07 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CommanderKaiser

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474781
Time Elapsed: 57 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 28
PUP.Optional.MySearch.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "140305_b");), ,[49cdb763413b2f07693d3a2cab5a718f]
PUP.Optional.MySearch.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (wordURLPromptDeclined", 1);
user_pref("browser.sta), ,[8a8c8793403c95a15c4a69fd07fe827e]
PUP.Optional.MySearch.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (archywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("extensions.shownSelectionUI", true);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_prelugin.state.npconduitfirefoxplugin", 0);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("network.protocol), ,[62b43ddd047854e2cdd9372fc73ea25e]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), ,[45d1c555f48866d01d9293d3a65f50b0]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (earchywordURLPromptDeclined", 1);
user_pref("browser.startup.p), ,[e82e59c181fbd95dded1d690d92c3fc1]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (RLPromptDeclined", 1);
user_pref("browser.startup), ,[1ff7bb5fc0bcf93d5d52cd99a0656d93]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (.searchywordURLPromptDeclined", 1);
user_pref("brows), ,[8a8c44d617656ec87f3070f647be0bf5]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (archywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("extensions.shownSelectionUI", true);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_prelugin.state.npconduitfirefoxplugin", 0);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("browser.newtab.url", "");
), ,[d44268b27606b680337c590dec19bf41]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (update", false);user_pref("browser.newtab.url", "");

user_pref("extensions.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "367344870");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyD0EtCtC0C0E0Bzy0A0EtN0D0Tzu0SzzyEyBtN1L2XzutB tFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0CtC0DyDzyyB0 BtGtCyDtB0DtGzz0DzytBtGyE0F0EyDtGtCyB0CyCyCyEtDzyyCyDzzzy2QtN1M1F1B2Z1V1N2Y 1), ,[878f5dbd1765ff378e215a0c44c1659b]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (e", false);user_pref("browser.newtab.url", "");

user_pref), ,[14020317fc8082b47d32283e41c41be5]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (rdURLPromptDeclined", 1);
user_pref("browser.startup.p), ,[50c6dc3e7606999d743b9acc52b3d52b]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (chywordURLPromptDeclined", 1);
user_pref("browser.sta), ,[1df925f5e6961d1997184b1b8f7641bf]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (rchywordURLPromptDeclined", 1);
user_pref("browser.sta), ,[ea2c9c7e4339af877b34273fe223e41c]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (chywordURLPromptDeclined", 1);
user_pref("browser.startup.page",), ,[4dc951c944384ee8238c2541867fbf41]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (PromptDeclined", 1);
user_pref("browser.startup.page", 1);
), ,[23f3f228b3c92a0ce2cde97d0104c937]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (dURLPromptDeclined", 1);
user_pref("browser.startup.page",), ,[81958694daa2b0869718f670ec19b947]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (ordURLPromptDeclined", 1);
user_pref("browser.startup.pa), ,[0610051523594aecded13a2c65a00ef2]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (ywordURLPromptDeclined", 1);
user_pref("browser.startu), ,[70a6f6244b31dd5904ab76f01de851af]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (chywordURLPromptDeclined", 1);
user_pref("browser.s), ,[14022ceee4981224c7e8f86eb94c857b]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (earchywordURLPromptDeclined", 1);
user_pref("browser.star), ,[a373f4265e1e69cd1e91ee7832d3d42c]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (wordURLPromptDeclined", 1);
user_pref("browser.s), ,[6da9c3572f4d3ff75f50273f9372c43c]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (r.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pre), ,[0f079c7e413b5dd9d9d66bfb28ddf20e]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (
user_pref("browser.startup.page", 1);
user_pref("), ,[86904bcfa1dbde58ab0476f0867f6d93]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (earchywordURLPromptDeclined", 1);
user_pref("browser), ,[37df57c3502c83b3bef15b0bfc097987]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (archywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("extensions.shownSelectionUI", true);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_prelugin.state.npconduitfirefoxplugin", 0);
user_pref("browser.searchywordURLPromptDeclined", 1);
user_pref("browser.startup.page", 1);
user_pref("network.protocol-h), ,[25f147d3dca0ae885d527de9c04509f7]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (ser.startup.page", 1);
user_pref("network.), ,[d83ebe5cafcd79bdbff03c2a778e8977]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=ir_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyD0EtCtC0C0E0Bzy0A0EtN0D0 Tzu0SzzyEyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L 1Qzu2StDzyzy0D0ByByDtCtGzy0AyDyDtG0Azz0DtAtGyByDyEtDtGtAyEtA0FyD0ByB0FtCzz0 DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDtDtB0EzytBzztG0B0BtCyCtGtC0FyC0BtGyE0EyCtC tGyDtD0AtB0DtDtB0D0FyB0FtA2Q&cr=798050985&ir=");), ,[3dd9e634a2da7eb84f613a2c986d4eb2]
PUP.Optional.MySearchDial.A, C:\Users\CommanderKaiser\AppData\Roaming\Mozilla\Firefox\Profiles\lml85eie. default\user.js, Good: (), Bad: (("network.protocol-handler.warn-external.dnupdate", false);user_pref("browser.newtab.url", "");

user_pref("extensions.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "367344870");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyD0EtCtC0C0E0Bzy0A0EtN0D0Tzu0SzzyEyBtN1L2XzutB tFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0CtC0DyDzyyB0 BtGtCyDtB0DtGzz0DzytBtGyE0F0EyDtG), ,[33e31604f785171ffab60f57e520d52b]

Physical Sectors: 0
(No malicious items detected)


(end)

I thank you in advance for your assistance.

Just turn on my acer laptop and this message keeps popping up error computer at risk to call some # but when I did they want $170-$279 to help me which is to expensive for can't afford at the time being just lost job need laptop to help look for new job:( what can I do

I have suddenly been faced with items of advertising, etc., under the title of "Advance Elite". It does not appear in Programs & Features so that I could delete or uninstall it. I have no idea how it got there, but when I follow their suggestion as to how to remove it, it has no effect! Can anyone please suggest a way out of this. Thanks.

Hi all, have had great advice here in the past and am hoping for some more today.

I have a Trojan horse which is spotted by AVG but when it is healed and rebooted it returns.

Trojan Horse Crypt3.BAVF

C:\ProgramData7692d14f.dot

Any help with its removal greatly appreciated.

Kind regards,

Dan

I tried to download a user's manual for the Panasonic KX-T7453 phone system I am saddled with, so I could make better use of the expletive deleted. The site instead started loading various hijacking programs onto the unit. I Ran both ESET and HMP, separately. But I found that Mindspark has replaced Chrome - and with it access to my gmail account, and blocked access to gmail through chrome or IE.
We are NOT amused. I tried resetting the tabs and clearing the browsing history. I went to Control Panel (Win 7Pro SP1 64) and removed - or so one would have though - the indentifiable malefactors. Nothing has budged it one nanometer. Chrome and gmail both blocked/replaced. Need help, urgently.:mad:

Does anyone know what gtubrwkvzypn.exe is for?
It is located in folder:
C:\Users\John\AppData\LocalLow\ge4644\gejhmmbcmyg\rlltlvx

Norton says irt is not permorming any suspecious actions, but Nortonalso reports that it is using alot of process resources. Any info onthis would be appreciated.

John

email from soo.sutton66@powered word attachment has been opened on my imac unfortunately and macros enabled I need to know how to remove and check to see if any malware is still on the imac its running office with windows 2008 office for mac or if any malware has infected my machine


I need it for day to day use please help!


many thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) II X3 445 Processor, x86 Family 16 Model 5 Stepping 3
Processor Count: 3
RAM: 3039 Mb
Graphics Card: NVIDIA MCP61, 256 Mb
Hard Drives: C: Total - 476929 MB, Free - 447015 MB;
Motherboard: BIOSTAR Group, N68S3B
Antivirus: AVG Internet Security 2014, Updated: Yes, On-Demand Scanner: Enabled

whenever I need to use my friends computer I have no problems. I installed Mozilla firefox and now we both use it almost exclusively. However, today, when I logged in and started the browser, as soon as my requested website came up, all of a sudden there was bunches of ads, and pages beingloaded one after another all by themselves. It was like it was possessed! He plays a lot of games..i haven't been here in two weeks..it was working fine then..He purchased AVG..so I ran a full scan and it showed tracking cookies, adware, malware,trojans..help

it showed 59 threats that were not there 2 wks ago, so I am doing a backup and restore..my question is if avg says "secured " then why does it still happen when I am on firefox..it does not happen on IE..that has me baffled..I noticed that for some reason there were 2 icons on the desktop for mozilla..but only one progam had been installed..but i uninstalled Mozilla and re-installed it and it still does the same thing. I actually could not close it and had to turn off the entire computer and reboot.So I know I need antimalware..is there one for free that is safe?

Can you please help me trouble shoot this laptop? It is running horrible.
Specs:

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name NORDEMAN-PC
System Manufacturer Dell Inc.
System Model Inspiron 5720
System Type x64-based PC
Processor Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date Dell Inc. A18, 8/23/2013
SMBIOS Version 2.7
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name NORDEMAN-PC\NORDEMAN
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 6.00 GB
Total Physical Memory 5.86 GB
Available Physical Memory 4.20 GB
Total Virtual Memory 11.7 GB
Available Virtual Memory 9.92 GB
Page File Space 5.86 GB
Page File C:\pagefile.sys