# Question: Do I have a virus?



## kpeter02 (May 4, 2012)

Dear Sir:

When I do google searches, the top sites to list all are called www2 or www3 or www8... and all of them seem to be spam. Does this mean I have a virus? I am using Microsoft Security Essentials.


Kim


----------



## Mark1956 (May 7, 2011)

Hi Kpeter, I doubt very much that any infection will be able to influence a Google search. The number after the www is not unusual. As long as Google itself is not being redirected when you try to log into a site I doubt you have anything to be worried about.

Please post an example of what you are searching for exactly as you type it into the search box and give the details of the top three results, I can then repeat the search on my PC and see if there is much difference.


----------



## kpeter02 (May 4, 2012)

The searchterm is "hp deskjet 6122 driver"


*HP Deskjet 6122 Printer series - Download drivers and software ...*

h20000.www2.*hp*.com/bizsupport/.../ProductList.jsp?lang...
_HP Deskjet 6122_ Printer series *...* By downloading, you agree to the terms and conditions of the HP Software License *...* Choose your software/_driver_ language: *...*
Microsoft Windows 7 ... - Microsoft Windows 7 Home ... - Microsoft Windows Vista ...

*Software & Driver Downloads HP Deskjet 6122 Color Inkjet Printer ...*

h10025.www1.*hp*.com/ewfrf/wc/softwareCategory?product...lc...
(e.g. Deskjet D2680) *...* Software & _Driver_ Downloads - _HP Deskjet 6122_ Color Inkjet Printer *...* Download the latest _drivers_ to keep your HP product up-to-date.

*HP Deskjet 6122 Printer series - Download drivers and software ...*

h20000.www2.*hp*.com/.../SoftwareIndex.jsp?...8...
Sign up now for customized _driver_, security, patch, and support email alerts. Only receive updates on products you specify or own when you want them.


----------



## Mark1956 (May 7, 2011)

This is the result I got, which as you can see is identical so I don't think you have much to worry about. I will now mark this thread as solved, but you may post back if you have any questions.


*HP Deskjet 6122 Printer series - Download drivers and software ...*h20000.www2.*hp*.com/bizsupport/.../ProductList.jsp?lang...
_HP Deskjet 6122_ Printer series *...* By downloading, you agree to the terms and conditions of the HP Software License *...* Choose your software/_driver_ language: *...*
Microsoft Windows 7 ... - Microsoft Windows 7 (64-bit) - Microsoft Windows 7 (32-bit)

 


*Software & Driver Downloads HP Deskjet 6122 Color Inkjet Printer ...*
h10025.www1.*hp*.com/ewfrf/wc/softwareCategory?product...lc...
(e.g. Deskjet D2680) *...* Software & _Driver_ Downloads - _HP Deskjet 6122_ Color Inkjet Printer *...* Download the latest _drivers_ to keep your HP product up-to-date.



*HP Deskjet 6122 Printer series - Download drivers and software ...*
h20000.www2.*hp*.com/.../SoftwareIndex.jsp?...8...
Sign up now for customized _driver_, security, patch, and support email alerts. Only receive updates on products you specify or own when you want them.


----------



## Mark1956 (May 7, 2011)

Have you tried looking for the drivers on this site: http://www8.hp.com/uk/en/support-drivers.html

One final comment, the results you have posted from your search all appear to be links to the HP site and are not in any way suspicious.


----------



## kpeter02 (May 4, 2012)

Thanks. (The driver is not available; I must use my Windows Update, which is not working sadly). I have started a different thread on that topic though.


----------



## Mark1956 (May 7, 2011)

Ok, thanks for letting me know.


----------



## kpeter02 (May 4, 2012)

Sir... something else is wrong with my google. When I click on a link, it directs me to totally different page... usually an ad, or one time, something where my Kaspersky immediately picked up trojan viruses. I can't detect anything with Kaspersky, Superantispyware, or Malwarebytes.


----------



## Mark1956 (May 7, 2011)

Ok, I shall mark this thread as being in Progress sounds like you may have a redirect virus.

Please go Here, and follow the instructions to run DDS, then copy & paste the DDS.txt and Attach.txt logs directly into your next post.

Please also run a scan following these instructions and post the log.

Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:









Quit all running programs 
Start RogueKiller.exe 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## kpeter02 (May 4, 2012)

Thank you so much! Here is the txt files of the DDS. (I disabled all antivirus, hoping that would take care of the script blocker).

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by admin at 15:04:39 on 2012-09-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1732 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568
uSearch Bar = Preserve
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No File
uRun: [EPSON Stylus Photo R280 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\users\admin\appdata\local\temp\E_S3BE9.tmp" /EF "HKCU"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ASUS Sync Loader] "c:\program files\asus\asus sync\asusUPCTLoader.exe" -startup
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.130.270\AsusWSPanel.exe /S
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{1330A3E1-773D-4ABC-99F8-E3191FE64E73} : DhcpNameServer = 10.3.7.1
TCP: Interfaces\{1330A3E1-773D-4ABC-99F8-E3191FE64E73}\36F657E647279733 : DhcpNameServer = 66.192.125.46 66.195.66.45
TCP: Interfaces\{1330A3E1-773D-4ABC-99F8-E3191FE64E73}\36F657E647279743 : DhcpNameServer = 66.192.125.46 66.195.66.45
TCP: Interfaces\{1330A3E1-773D-4ABC-99F8-E3191FE64E73}\36F657E647279753 : DhcpNameServer = 66.192.125.46 66.195.66.45
TCP: Interfaces\{1330A3E1-773D-4ABC-99F8-E3191FE64E73}\36F657E647279763 : DhcpNameServer = 66.192.125.46 66.195.66.45
TCP: Interfaces\{DD886495-13B8-48FB-BE38-84DC52F79DF7} : DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{EFA6CE93-DE07-4EC3-8AA1-202873EC05FE} : DhcpNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{EFA6CE93-DE07-4EC3-8AA1-202873EC05FE}\65562796A7F6E602353484D2C4341313027356436302355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EFA6CE93-DE07-4EC3-8AA1-202873EC05FE}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F569777F-7B7F-4821-BC9F-E3713EA8AB02} : DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{F569777F-7B7F-4821-BC9F-E3713EA8AB02}\D4964636F68435 : DhcpNameServer = 10.3.7.1
TCP: Interfaces\{F569777F-7B7F-4821-BC9F-E3713EA8AB02}\D4F445F425F4C414D24383139393 : DhcpNameServer = 24.220.0.10 24.220.0.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\necubzgy.default\
FF - prefs.js: browser.search.selectedEngine - FreeMake Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2011-10-27 470528]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-4-19 1092160]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-8-21 245760]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-3-20 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [2008-3-20 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [2008-3-20 309784]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-18 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-29 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-3-20 98328]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-6-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-18 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-3-20 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-3-20 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-3-20 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-3-20 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [2008-3-20 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [2008-3-20 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [2008-3-20 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [2008-3-20 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [2008-3-20 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [2008-3-20 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-3-20 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-3-20 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-3-20 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-3-20 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-3-20 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-3-20 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-3-20 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-3-20 534040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-18 116648]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-6-18 802176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 113120]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2011-10-27 20480]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 603240]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-15 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-11-10 520040]
S4 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
.
=============== Created Last 30 ================
.
2012-09-18 18:56:25 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4808e33-7712-4989-ba36-066c0140bc87}\mpengine.dll
2012-09-14 22:10:32 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-09-14 22:10:31 96784 ----a-w- c:\windows\system32\Packet.dll
2012-09-14 22:10:31 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2012-09-14 22:10:31 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-09-14 22:10:31 281104 ----a-w- c:\windows\system32\wpcap.dll
2012-09-12 12:47:25 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:47:25 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:47:25 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:47:25 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:47:24 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:47:24 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-08 01:00:08 -------- d-----w- c:\users\admin\appdata\roaming\ASUS
2012-09-08 00:29:42 -------- d-----w- C:\temp
2012-09-08 00:04:40 -------- d-----w- c:\programdata\Splashtop
2012-09-08 00:04:17 -------- d-----w- c:\program files\Splashtop
2012-09-08 00:03:55 -------- d-----w- c:\users\admin\appdata\local\{BA5F88F1-D2F2-4E27-85A3-42F74C7F2FC2}
2012-09-08 00:03:42 -------- d-----w- c:\users\admin\appdata\roaming\ASUS WebStorage
2012-09-08 00:03:32 -------- d-----w- c:\programdata\ASUS WebStorage
2012-09-08 00:02:36 -------- d-----w- c:\users\admin\appdata\local\Downloaded Installations
2012-09-08 00:01:23 -------- d-----w- c:\program files\ASUS
2012-09-08 00:00:33 -------- d-----w- c:\program files\MSXML 4.0
2012-09-07 23:44:15 -------- d-----w- c:\users\admin\appdata\roaming\eCareme
2012-09-03 23:13:20 -------- d-----w- c:\program files\common files\ResearchSoft
2012-09-03 20:57:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 22:21:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-30 22:21:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-30 22:20:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 22:20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-30 00:50:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 21:05:33 -------- d-----w- c:\users\admin\appdata\local\Livescribe
2012-08-28 21:05:23 -------- d-----w- c:\programdata\Livescribe
2012-08-28 21:03:45 -------- d-----w- c:\users\admin\appdata\roaming\com.livescribe.LivescribeConnect
2012-08-28 21:03:32 -------- d-----w- c:\program files\common files\Livescribe
2012-08-28 21:03:22 -------- d-----w- c:\program files\Livescribe
2012-08-21 18:49:12 -------- d-----w- C:\Brother
2012-08-21 18:49:11 -------- d-----w- c:\program files\Browny02
2012-08-21 18:49:04 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-08-21 18:49:04 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-08-21 18:49:04 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-08-21 18:49:04 217088 ------w- c:\windows\system32\NSSearch.dll
2012-08-21 18:49:03 -------- d-----w- c:\program files\Brother
2012-08-21 18:49:02 180224 ------w- c:\windows\system32\BroSNMP.dll
2012-08-21 18:47:42 -------- d-----w- c:\programdata\Brother
.
==================== Find3M ====================
.
2012-09-08 23:42:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 20:57:43 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 20:57:43 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 23:32:43 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-07-26 23:32:43 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-07-26 23:32:38 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-07-26 23:32:37 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
============= FINISH: 15:05:06.95 ===============
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/13/2010 6:20:38 PM
System Uptime: 9/18/2012 2:48:41 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N32-SLI-Deluxe
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | SOCKET 939 | 2411/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 140 GiB total, 56.935 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 443 GiB total, 376.103 GiB free.
G: is FIXED (NTFS) - 489 GiB total, 486.948 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP229: 9/7/2012 5:56:29 PM - Windows Update
RP230: 9/7/2012 7:45:21 PM - Asus Pad PC Suite Install
RP231: 9/7/2012 8:02:40 PM - Installed ASUS Sync.
RP232: 9/7/2012 8:04:01 PM - Installed Splashtop Streamer
RP233: 9/8/2012 4:12:19 PM - Windows Update
RP234: 9/11/2012 10:20:54 PM - Windows Update
RP235: 9/12/2012 10:01:28 AM - Windows Update
RP237: 9/14/2012 5:45:31 PM - Removed Host OpenAL
RP239: 9/14/2012 6:09:33 PM - Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
RP241: 9/14/2012 6:10:21 PM - Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
RP242: 9/14/2012 6:11:02 PM - Device Driver Package Install: NETGEAR Inc. Network Protocol
RP244: 9/14/2012 6:13:16 PM - Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
RP245: 9/14/2012 6:13:44 PM - Device Driver Package Install: NETGEAR Inc. Network Protocol
RP246: 9/18/2012 2:55:53 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.4)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Android USB Drivers
ASUS Sync
ASUS WebStorage
Audible Download Manager
Belkin USB Wireless Adaptor
BitTorrentBar Toolbar
Bonjour
CANON USB Video Driver
Chessmaster 10th Edition
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
E-MU USB-MIDI Windows Drivers
E-muPatchMix DSP
EndNote X5
Epson Print CD
EPSON Printer Software
Foxit Reader
Freecorder 5
Freecorder Toolbar
Google Drive
Google Update Helper
HL-2240D
Host OpenAL
Internet TV for Windows Media Center
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 32
Kaspersky Internet Security 2012
Livescribe Connect
Livescribe Desktop
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Netflix in Windows Media Center
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Settings
PVSonyDll
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ResearchSoft Direct Export Helper
Rosetta Stone Version 3
Seagate DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sound Blaster X-Fi Go!
Splashtop Streamer
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Media Center Add-in for Flash
.
==== Event Viewer Messages From Past Week ========
.
9/16/2012 6:47:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x8757c024, 0xb2000000, 0x00070f0f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091612-24703-01.
9/16/2012 4:55:38 PM, Error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error The requested name is valid, but no data of the requested type was found..
9/16/2012 4:55:36 PM, Error: RemoteAccess [20152] - The currently configured authentication provider failed to load and initialize successfully. The requested name is valid, but no data of the requested type was found.
9/14/2012 7:22:05 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
9/13/2012 8:09:52 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
.
==== End Of File ===========================


----------



## kpeter02 (May 4, 2012)

Here is the Rogue Killer report:

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 09/18/2012 15:14:50

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Kim\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : -> KILLED [TermProc]
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Kim\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][RESIDU] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][RESIDU] Proxy : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][RESIDU] SR : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][RESIDU] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][RESIDU] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] a1942a651977f3a71aaca2fb313f1cbb
[BSP] 2ad07a4d5051b48313c994b486822ecf : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 453367 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928497664 | Size: 500499 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1500AHFD-00RAR5 ATA Device +++++
--- User ---
[MBR] 52b8bc142e63c6535be03b100a1558cb
[BSP] e2d5b9ad4e9bcda9e267e0fb16beaeaf : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 143087 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## Mark1956 (May 7, 2011)

Please uninstall the following programs:

BitTorrentBar Toolbar
Java(TM) 6 Update 32
Java Auto Updater
Freecorder 5
Freecorder Toolbar

If Spybot Search & Destroy is still in the list of programs please uninstall it. You should first check in the Task Manager to make sure the process Teatimer.exe is not running, if found disable it.

After a reboot please launch RogueKiller again, after the prescan completes hit the *Hosts fix* button and wait for it to show complete under Status. Then hit the *Scan* button, when that completes hit the *Delete* button, when that completes hit the *Report* button and copy the log into your next post.

When that is done please follow these instructions and post the log:

Please download and run this tool using Internet Explorer: ADWCleaner
Start the program and hit the Delete button and then post the log produced.
If you get an alert that stops the program downloading (with IE open) click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then download it again.


----------



## kpeter02 (May 4, 2012)

Sir: I will try to uninstall them, but I can't get rid of the BitTorrent bar for some reason. I uninstalled it a long time ago, but it keeps saying INSTALL.LOG file.


----------



## kpeter02 (May 4, 2012)

A quick update until I have time to look into it after classes. I tried to follow instructions for removing an UNINSTALL.LOG file by going into CMD, typing WMIC, Product get name. But I cannot see BitTorrent or Conduit on the list.

I also was unable to completely remove the BitTorrent Toolbar from my Add-on list in the browser. I did disable it. I can't completely remove add-ons, such as Freecorder, either. I can only disable them. Also, I am not sure how to uninstall the Java Auto Updater, as I can't see it in my All Programs.

I'll work on this later after class! But if you have suggestions into how to remove BitTorrent, it would be greatly appreciated! My friend had me download it and downloaded some songs for me, but I uninstalled in as I didn't want to use it. It seemed really messy to use it.


----------



## Mark1956 (May 7, 2011)

No need for 'Sir' please call me Mark .



> I am not sure how to uninstall the Java Auto Updater, as I can't see it in my All Programs.


If *All Programs* is where you are looking to uninstall the Java component and the other items you're in the wrong place. Add-ons and toolbars are not shown in the All Programs list. You need to go down this route:

Click on the Start button > Control Panel > Programs and Features, you should find all the items there.

_All you can do in the All Programs list is delete the entry from the list you cannot uninstall anything directly from there unless the program has a sub menu with an uninstaller listed._

Just list the items you cannot find or do not uninstall and we can deal with them later.

Please proceed with the instructions to run the RogueKiller fixes and deletions and then run ADWCleaner.

It is a wise choice to get rid of BitTorrent, the software itself is safe but downloading from any file sharing site is the easiest way to get your PC infected. Some forums will refuse to give any assistance until any/all Torrent clients are removed from your PC.


----------



## kpeter02 (May 4, 2012)

Dear Mark 

I tried to uninstall the items you told me about. I could not find the Java updater, nor could I find how to get rid of the BitTorrent. Also I only have the ADwCleaner log, as the Rogue Killer won't work now. It tells me it is out of date and needs to update. But when I get to the site, I cannot find the download link. It also is written in another language, so that could be the problem.

Here is the AdwCleaner log:

# AdwCleaner v2.002 - Logfile created 09/20/2012 at 07:29:14
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : admin - KIM-PC
# Boot Mode : Normal
# Running from : F:\users\Kim\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\necubzgy.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\BitTorrentBar
Folder Found : C:\Program Files\Freecorder
Folder Found : C:\Program Files\splashtop
Folder Found : C:\ProgramData\splashtop
Folder Found : C:\Users\admin\AppData\Local\Conduit
Folder Found : C:\Users\admin\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\admin\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\admin\AppData\LocalLow\Freecorder
Folder Found : C:\Users\admin\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Kim\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\Kim\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kim\AppData\LocalLow\Freecorder
Folder Found : C:\Users\Kim\AppData\LocalLow\PriceGong
Folder Found : F:\users\admin\My Documents\Freecorder
Folder Found : F:\users\Kim\My Documents\Freecorder

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\Software\BitTorrentBar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{523365CD-4AF8-493C-BB43-6C7FF67E0572}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A561749E-917F-4FF0-A2B4-C071880A7759}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4B85E6B-116C-419F-8BA2-37AD59139307}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F117F926-0DF1-482E-BD1A-17C434B2C204}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{523365CD-4AF8-493C-BB43-6C7FF67E0572}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Found : HKU\S-1-5-21-1861094159-367486252-1820720370-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default 
File : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\03jmgpw9.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\necubzgy.default\prefs.js

Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "FreeMake Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3214568");
Found : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q=[...]

*************************

AdwCleaner[R2].txt - [6006 octets] - [20/09/2012 07:29:14]
AdwCleaner[R1].txt - [6094 octets] - [20/09/2012 07:21:05]

########## EOF - \AdwCleaner[R2].txt - [6126 octets] ##########


----------



## kpeter02 (May 4, 2012)

It still shows Freecorder. But I do not know how to actually remove them from my Add-on list in the browsers. I could only disable them. I am having trouble figuring out how to completely remove them.


----------



## Mark1956 (May 7, 2011)

ADWCleaner has found the toolbars you are trying to remove. My instructions told you to hit the Delete button to run it, which you didn't do, so it hasn't removed anything. Launch it again and when the first window opens click on the Delete button and post the resulting log. The Java updater has not been detected as it is a safe item of software and we can remove it later.

When RogueKiller takes you to the site just click on the blue icon as you did when you first downloaded it.

Once this is all complete see if the problem has gone.


----------



## kpeter02 (May 4, 2012)

Thanks! Here is the log for AdwCleaner:

# AdwCleaner v2.002 - Logfile created 09/20/2012 at 15:33:20
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : admin - KIM-PC
# Boot Mode : Normal
# Running from : F:\users\Kim\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default 
File : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\03jmgpw9.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\necubzgy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R5].txt - [830 octets] - [20/09/2012 15:33:20]
AdwCleaner[S1].txt - [6928 octets] - [20/09/2012 15:17:47]
AdwCleaner[S2].txt - [1231 octets] - [20/09/2012 15:29:45]
AdwCleaner[R4].txt - [1196 octets] - [20/09/2012 15:29:28]
AdwCleaner[R1].txt - [6094 octets] - [20/09/2012 07:21:05]
AdwCleaner[R2].txt - [6193 octets] - [20/09/2012 07:29:14]
AdwCleaner[R3].txt - [6214 octets] - [20/09/2012 15:17:30]

########## EOF - \AdwCleaner[R5].txt - [1249 octets] ##########


----------



## kpeter02 (May 4, 2012)

Here is the RKreport:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 09/20/2012 15:39:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][BLPATH] HKCU\[...]\RunOnce : Report (\AdwCleaner[S2].txt) -> FOUND
[RUN][BLPATH] HKUS\S-1-5-21-1861094159-367486252-1820720370-1004[...]\RunOnce : Report (\AdwCleaner[S2].txt) -> FOUND
[TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] a1942a651977f3a71aaca2fb313f1cbb
[BSP] 2ad07a4d5051b48313c994b486822ecf : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 453367 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928497664 | Size: 500499 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1500AHFD-00RAR5 ATA Device +++++
--- User ---
[MBR] 52b8bc142e63c6535be03b100a1558cb
[BSP] e2d5b9ad4e9bcda9e267e0fb16beaeaf : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 143087 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


----------



## Mark1956 (May 7, 2011)

There is a list of logs created by ADWCleaner at the bottom of it's log which shows you have run it multiple times and the log you have posted does not show the deletions, it is not a problem but please try to follow the instructions more closely.

You have also not done as I asked with RogueKiller, it shows it has created three more logs since first run, the bad files have been removed but it does not appear that you have run the Host Fix. Please launch the program, hit the Scan button and on completion hit the *Hosts Fix* button followed by the Report button and then post the log.

Please also tell me how well the PC is running now.

NOTE: I see in other threads you opened that you have had some other problems, please confirm that those issues have been corrected and that Windows Update is now working.

There is a report in your logs on 16th September of a System crash that indicates a hardware error. Looking back at another thread you had you ran a memory test which failed, has that problem been resolved?

Please tell me about any/all existing problems with your PC and only deal with them in this thread.


----------



## kpeter02 (May 4, 2012)

Mark: I will try to get to this on Sunday. I have to get some work done for my paper in grad school at the moment. So I haven't dropped this thread, ok?

I will quick answer some of the questions I can at the moment. From the ADWCleaner, it comes up with a txt file before I can hit Delete. When I hit delete, it restarts my computer, and so I ran the log file again after I hit delete. But I will go back and review the instructions to see if I did something wrong.

I will do the Hosts Fix tomorrow, ok? I think I read the instructions wrong.

I do have some other problems. One guy was helping me but stopped. I haven't corrected the possible bad memory issues.

I will try to describe what has happened, but on Sunday, I will send you a more detailed one compiling some of my other posts. My friend partitioned my drives, when I asked him to add a new harddrive to my computer. Then I moved, and it worked fine for a while, but suddenly, I couldn't my OS to load. The power supply and lights/fan were running, but nothing went to my monitor. I took it to Best Buy to see if it was the power supply. He said it wasn't and reverted the RAM. It worked again for a while, but then I got some Bad Image popups (i will have to go back to see the exact wording) and not being able to find the F drive. And then it happened again. I looked to see what the problem could be. I reset all the connections (at least most of them), and I unplugged the floppy since I don't use it. And then it worked again. However, I started to get a few popups again, which made me fear it would happen again.

Then, the next problem that happened was that I totally lost all of my stuff on my drive! I mean, I hadn't even turned off the computer. It just all disappeared. Nothing on the F drive could be found (but I thought it was all on C... but I dont' understand the partitioning of the drives).

I restarted the computer, and it was all back.

I tried to run the Memory Scan that they sent me (I think called MEM something). But burned the tool to a disc, went to BIOS and changed the priority boot to the CD drive, and ran the scan. But in the middle of the scan, it said it was interrupted, and stopped working. It did show what I think were errors before it stopped. I tried again, and again it was interrupted in the middle.

My friend who partitioned my drives thinks it could be something with the power supply or wiring. He had me check to see if there were any frays or loose connections. I couldn't find any, but a load of wires from the power supply is covered by this covering that I am unable to look into.

So that is my main problem! It is a pain, because I am in grad school full time, and I have a learning disability, so working on the computer really takes a lot of time I need to be studying, since it takes me so much longer than normal people to do. I seriously would just love to do the quick easy ways to fix it, such as reformatting or buying new memory or a new power supply... and not messing with diagnostics. That would just be so much easier for me. But if you are willing to be patient with me, we can work through this more slowly. I just am not sure I can work on it every day, just to warn you. Thanks so much for helping me. I will get to this tomorrow about the things I missed in your instructions.


----------



## Mark1956 (May 7, 2011)

Ok, no problem with the delay and I appreciate your predicament.

I'm not clear on what you mean about reverting the RAM, please explain what was done.

As you are seeing crashes during the running of memtest there is clearly some hardware problem/s causing the issue, it could be the power supply, overheating or bad RAM. We can run some tests that may help track down the issue.

I am happy to help you all the way to diagnose what is going on with your PC.

You need not be concerned with ADWCleaner as the last scan results have come up clean so you don't need to run it again.

RogueKiller does need to be run again, launch the program and after the automatic Pre-scan has completed click on the Scan button, when it shows it has completed click on the Hosts Fix button. When that completes click on the Report button and post the log.

Please tell me if you have replaced the hard drive or simply had a new one added.
_______________________________________________________________

I'd like you to run this scan for me and post the log. This will quickly identify any major issue with the hard drive.

*Disk Check*

Click on *Start* then type *cmd* in the search box. A menu will pop up with *cmd* at the top, *right click* on it and select *Run as Administrator*. Another box will open, at the prompt type *chkdsk /r* and hit *Enter*._ *Note:* you must include a space between the *k* and the */*_
You will then see the following message:
*chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)*
Type *Y* for yes, and hit *Enter*. Then reboot the computer. 
*chkdsk* will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (_The *chkdsk* process may take an hour or more to finish, if it appears to freeze this is normal so *do not* interrupt it. On drives above 500GB it can take several hours._)
When the Disk Check is done, it will finish loading Windows.
Then follow this guide to find the *chkdsk* log. *NOTE:* You need to do the search for *wininit* not *chkdsk*.
Windows 7 Disk Check log
Once the log is in view then click on* Copy* in the right hand pane and select *"Copy details as text".*
You can then *right click* on the message box on this forum and select *Paste* and the log will appear, add any further information asked for and then click on *Submit/Post Quick Reply* and your done.


----------



## kpeter02 (May 4, 2012)

Dear Mark,

To answer your questions first: He only told me he reverted the RAM. I actually don't know exactly what he did. So that kind of sucks. But, the hard drive... it wasn't replaced, it was adding a new one. And then he partitioned the drives. I could ask him in more detail what that was, if you want me to.

When I try to do the chkdsk /r, it says the following:

The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>


----------



## kpeter02 (May 4, 2012)

Oh. I will also add the Roguekiller after I clicked on Fix Hosts.

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : HOSTSFix -- Date : 09/23/2012 12:52:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; 
RKreport[6].txt


----------



## Mark1956 (May 7, 2011)

Thanks for the information in respect of the hard drives and what you were told about the RAM being inverted, I have absolutely no idea what inverting the RAM could mean, but not to worry.

With the Disk Check, you are asking me a question about something that is clearly explained in the instructions I have given.



> You will then see the following message:
> *chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)* Type *Y* for yes, and hit *Enter*. Then reboot the computer.


The RogueKiller log shows the Hosts file has been reset so no problem with that.

Please post the log from running the Disk Check.


----------



## kpeter02 (May 4, 2012)

I'm sorry. My brain skipped it. Here is the wininit results then:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 9/23/2012 9:58:08 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Kim-PC
Description:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
276992 file records processed.

File verification completed.
965 large file records processed.

0 bad file records processed.

4 EA records processed.

120 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
337762 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
276992 file SDs/SIDs processed.

Cleaning up 22467 unused index entries from index $SII of file 0x9.
Cleaning up 22467 unused index entries from index $SDH of file 0x9.
Cleaning up 22467 unused security descriptors.
CHKDSK is compacting the security descriptor stream
30386 data files processed.

CHKDSK is verifying Usn Journal...
36153600 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
276976 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
14854365 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

146521087 KB total disk space.
86622396 KB in 165397 files.
96884 KB in 30389 indexes.
0 KB in bad sectors.
384343 KB in use by the system.
65536 KB occupied by the log file.
59417464 KB available on disk.

4096 bytes in each allocation unit.
36630271 total allocation units on disk.
14854366 allocation units available on disk.

Internal Info:
00 3a 04 00 d0 fc 02 00 d7 47 05 00 00 00 00 00 .:.......G......
6a 05 00 00 78 00 00 00 00 00 00 00 00 00 00 00 j...x...........
30 8e 2f 00 50 01 2e 00 28 1a 2e 00 00 00 2e 00 0./.P...(.......

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-24T01:58:08.000000000Z" />
<EventRecordID>93808</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Kim-PC</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
276992 file records processed.

File verification completed.
965 large file records processed.

0 bad file records processed.

4 EA records processed.

120 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
337762 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
276992 file SDs/SIDs processed.

Cleaning up 22467 unused index entries from index $SII of file 0x9.
Cleaning up 22467 unused index entries from index $SDH of file 0x9.
Cleaning up 22467 unused security descriptors.
CHKDSK is compacting the security descriptor stream
30386 data files processed.

CHKDSK is verifying Usn Journal...
36153600 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
276976 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
14854365 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

146521087 KB total disk space.
86622396 KB in 165397 files.
96884 KB in 30389 indexes.
0 KB in bad sectors.
384343 KB in use by the system.
65536 KB occupied by the log file.
59417464 KB available on disk.

4096 bytes in each allocation unit.
36630271 total allocation units on disk.
14854366 allocation units available on disk.

Internal Info:
00 3a 04 00 d0 fc 02 00 d7 47 05 00 00 00 00 00 .:.......G......
6a 05 00 00 78 00 00 00 00 00 00 00 00 00 00 00 j...x...........
30 8e 2f 00 50 01 2e 00 28 1a 2e 00 00 00 2e 00 0./.P...(.......

Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>


----------



## Mark1956 (May 7, 2011)

The hard drive appears to be ok, but this test is not 100% conclusive for disk health as it only tests the file structure.

Please download and install this temperature sensor software: CoreTemp
On the web page you need to click on *Core Temp 1.0 RC3* to start the download.

Reboot the PC and it should open a small window on the desktop the same as the one shown on the web page, tell me what temperatures it shows at the bottom of the box (next to Core#0, Core#1, etc) as soon as it appears, then also tell me what the temperature goes down to after the PC has been idle for about 10 minutes after boot up. Don't open any other programs or browser until you have made the second temperature check.


----------



## kpeter02 (May 4, 2012)

Hello Mark. I hope I read your instructions more carefully this time. I downloaded the CoreTemp. I had to unzip and install it. Then I rebooted and opened it up.

Initially, it said Max 57, Core 0= 46 (Min 43, Max 47); Core 1=41 (Min 41, Max 45)
After 10 minutes it said Max 57, Core 0=41 (Min 40, Max 47); Core 1=38 (Min 37, Max 45)

I hope I got what you were asking for. 

Kim


----------



## kpeter02 (May 4, 2012)

Oh. I didn't have any programs running, but there probably were background programs running, such as my Patchmix soundcard and Kaspersky, and I saw SuperAntiSpyware does some background. Should I turn them off and re-run it?


----------



## Mark1956 (May 7, 2011)

Your temperatures look fine.

Are you still getting redirects?

Please run this scan:

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.

Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*

Download Mirror #1
Download Mirror #2
Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*
*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.

Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.
_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair
*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## Mark1956 (May 7, 2011)

As stated in my introduction:



> If I get no reply from you for three days I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.


Three days have passed without a reply so I am now marking this thread as resolved. Take note that the clean-up is not complete so your PC may still be infected and/or vulnerable to further infection.

If you do wish to continue then please post back and let me know.

My spare time is limited for dealing with Malware problems so I will only subscribe to a certain number of threads at any one time to be sure I have sufficient time available to analyse logs without having to rush or delay my replies. All the time that I am waiting for replies is time I could be using to help someone else.


----------



## kpeter02 (May 4, 2012)

I am sorry... I didn't realize that you were not able to work on other problems during the delays... I thought the delays and slow pace might make me easier, not harder.

I am sorry. I will try to get to this every day. I have had a few hard days of school. I am going to do the DeFogger now. I see that you say it is very imp;ortant to save the other one to my desktop. My downloader defaults to putting it in the Download folder. Is it ok if I cut and paste it from there to my desktop, or do I need to download it directly to the desktop. I know sometimes things can get lost when you cut and paste something.

I do want to continue, Sir.


----------



## kpeter02 (May 4, 2012)

Ok. I figured out how to download directly to the desktop. No need to answer that question. I'm sorry again. I thought that you said it was ok that I take my time... and I misread you. I thank you so much for all of your time and effort in helping me. If you lived near me, I'd treat you to something.


----------



## kpeter02 (May 4, 2012)

Dear Sir:

I did what you instructed. I hope it worked.
ComboFix 12-09-27.03 - admin 09/27/2012 19:04:50.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1997 [GMT -4:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0AB41A8-EFC6-491E-9C20-5F5224804344}.xps
c:\users\admin\ia_remove.sh2304.tmp
c:\users\admin\ia_remove.sh5067.tmp
c:\users\admin\ia_remove.sh5727.tmp
c:\users\admin\ia_remove.sh9976.tmp
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{969EB496-6960-45E8-BAE9-F5AEA43878A9}.xps
c:\users\Kim\Documents\~WRL0005.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
f:\users\Kim\My Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 23:13 . 2012-09-27 23:16 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-09-27 23:13 . 2012-09-27 23:13 -------- d-----w- c:\users\Mcx1-KIM-PC\AppData\Local\temp
2012-09-27 23:13 . 2012-09-27 23:13 -------- d-----w- c:\users\Limited User\AppData\Local\temp
2012-09-26 00:50 . 2012-09-27 23:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD461F9A-00B2-4DD8-96BA-DA3166B4CD2F}\offreg.dll
2012-09-26 00:48 . 2012-09-26 01:07 -------- d-----w- c:\users\Kim\.android
2012-09-26 00:47 . 2012-09-26 00:47 -------- d-----w- c:\users\Kim\.appinventor
2012-09-26 00:29 . 2012-09-26 00:29 -------- d-----w- c:\users\Kim\AppData\Local\AppInventor
2012-09-25 20:15 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD461F9A-00B2-4DD8-96BA-DA3166B4CD2F}\mpengine.dll
2012-09-25 20:15 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 15:11 . 2012-09-23 15:11 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-09-14 22:10 . 2007-01-19 22:20 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-09-14 22:10 . 2010-02-03 15:20 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-09-12 12:47 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 12:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-08 01:09 . 2012-09-08 01:09 -------- d-----w- c:\users\Kim\AppData\Roaming\ASUS WebStorage
2012-09-08 01:01 . 2012-09-08 01:01 -------- d-----w- c:\users\Kim\AppData\Roaming\Outlook
2012-09-08 01:00 . 2012-09-09 21:28 -------- d-----w- c:\users\Kim\AppData\Roaming\ASUS
2012-09-08 01:00 . 2012-09-08 01:00 -------- d-----w- c:\users\admin\AppData\Roaming\ASUS
2012-09-08 00:29 . 2012-09-08 00:29 -------- d-----w- C:\temp
2012-09-08 00:03 . 2012-09-08 00:03 -------- d-----w- c:\users\admin\AppData\Local\{BA5F88F1-D2F2-4E27-85A3-42F74C7F2FC2}
2012-09-08 00:03 . 2012-09-08 00:03 -------- d-----w- c:\users\admin\AppData\Roaming\ASUS WebStorage
2012-09-08 00:03 . 2012-09-08 00:03 -------- d-----w- c:\programdata\ASUS WebStorage
2012-09-08 00:02 . 2012-09-08 00:02 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations
2012-09-08 00:01 . 2012-09-08 00:03 -------- d-----w- c:\program files\ASUS
2012-09-08 00:00 . 2012-09-08 00:00 -------- d-----w- c:\program files\MSXML 4.0
2012-09-07 23:44 . 2012-09-07 23:44 -------- d-----w- c:\users\admin\AppData\Roaming\eCareme
2012-09-06 00:20 . 2012-09-27 13:59 -------- d-s---w- c:\users\Kim\Google Drive
2012-09-03 23:13 . 2012-09-03 23:13 -------- d-----w- c:\program files\Common Files\ResearchSoft
2012-09-03 20:58 . 2012-09-03 20:58 -------- d-----w- c:\program files\Common Files\Java
2012-09-03 20:57 . 2012-09-03 20:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 20:31 . 2012-09-17 02:45 -------- d-----w- c:\users\Guest.Kim-PC
2012-08-30 22:21 . 2012-09-26 00:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-30 22:21 . 2012-08-30 22:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-30 00:50 . 2012-09-20 21:43 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 23:07 . 2010-07-26 13:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-24 23:07 . 2010-07-26 13:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-24 23:06 . 2010-07-26 13:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-24 23:06 . 2010-07-31 12:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-20 21:43 . 2011-05-25 23:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 19:07 . 2010-07-31 12:14 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-20 19:06 . 2010-07-31 12:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-19 20:19 . 2010-07-31 12:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-19 20:18 . 2010-07-26 13:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-03 20:57 . 2012-05-30 23:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 20:57 . 2010-11-05 02:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 23:32 . 2012-07-26 23:32 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-07-26 23:32 . 2012-07-26 23:32 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-07-26 23:32 . 2012-07-26 23:32 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-07-26 23:32 . 2012-07-26 23:32 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-07-18 17:47 . 2012-08-15 12:25 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 12:25 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 12:25 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-11 18:07 . 2011-03-31 19:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-05 296096]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"ASUS Sync Loader"="c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe" [2012-06-15 638976]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe" [2012-01-18 740192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-6-5 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ALSysIO;ALSysIO;c:\users\admin\AppData\Local\Temp\ALSysIO.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [x]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [x]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [x]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [x]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [x]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 21:43]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-18 16:49]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-18 16:49]
.
2012-09-26 c:\windows\Tasks\ReclaimerResumeInstall_admin.job
- c:\users\admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 17:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\necubzgy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{adca5064-9e30-43fe-9856-58b07a3149fe} - (no file)
WebBrowser-{ADCA5064-9E30-43FE-9856-58B07A3149FE} - (no file)
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-Splashtop Software Updater - c:\program files\Splashtop\Splashtop Software Updater\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\relog_ap.DLL
.
- - - - - - - > 'Explorer.exe'(2740)
c:\program files\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-09-27 19:19:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-27 23:19
.
Pre-Run: 61,319,979,008 bytes free
Post-Run: 63,154,323,456 bytes free
.
- - End Of File - - E8CF9DFE70E4015877F21554DA66A12D


----------



## Mark1956 (May 7, 2011)

I can work on as many threads as I wish, but have to limit myself so I have enough time to do the job without having to rush. Faster response means a faster fix and makes the best use of the free time I have available.

You missed a question from post 31. Are you still getting redirects?

Please also tell me if the redirects are isolated to Firefox searches using Google or do you also get them when searching through Internet Explorer. If you haven't tried it then please do so.


----------



## kpeter02 (May 4, 2012)

Oh. I actually am still getting redirects. Sorry! I was getting them with Internet Explorer, but I really haven't been using that enough to know for sure right now. I'm on IE and trying to click links to see if it happens, but so far it hasn't happened. What I can do is use IE only for a while here to see if it happens on it.


----------



## kpeter02 (May 4, 2012)

Sure... I will try to get to this every morning. But do take a day off!


----------



## Mark1956 (May 7, 2011)

You're very kind, but this is what I do in my leisure time so no need to take a day off, I enjoy it.

Carry on testing IE for a while and also see if the redirects still happen with Firefox. It is important at this point to determine if it is a problem with one browser or the other or both.


----------



## kpeter02 (May 4, 2012)

Ok. I will be able to do a thorough search tomorrow! I had to dogsit for someone today so didn't have access to my computer. I'll try to get back to you tomorrow evening about IE. Thank you so much for your help.


----------



## Mark1956 (May 7, 2011)

:up:


----------



## kpeter02 (May 4, 2012)

Ok. I tried IE. I can't do google searches at all on it. So I tried setting everything I could see to default levels (as I can't even open the techguy forum on there), and I still can't do it, even when I made techguy.org a trusted site.

Google comes up, but when I do a search, nothing happens. I have a feeling this has to do with my IE settings, but I don't know how to fix them.


----------



## Mark1956 (May 7, 2011)

Two things we can try, reset Internet Explorer and run a scan for a possible Boot Record infection.

So far nothing of any significance has been found so I am leaning towards thinking back to your problem when Memtest was causing a crash and perhaps we could be looking at faulty RAM which can cause a lot of odd errors to occur.

Please run this and post the log:

Please download *aswMBR.exe* and save it to your Desktop.


Double click on aswMBR.exe to run it. _*Vista*/*Windows 7* users right-click and select Run As Administrator_.
You will be asked if you wish to download the latest Avast Virus Definitions, please select *Yes*. It may take several minutes to complete.
Click the *Scan* button to start scan.










On completion of the scan, click the *Save log* button and save it to your Desktop.
*Do not* select any Fix options at this time.
Copy and paste the contents of that log in your next reply.

*-- Important note*: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as *MBR.dat*. Do not delete this file unless advised.
NOTE: Right-click on MBR.dat and select *Send To* and then *Compressed (zipped) file*. Attach that zipped file to your next reply as well.


Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and doubleclick on it.
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the bottom of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*

____________________________________________________________________

Open Internet Explorer.
Click on Tools > Internet Options > then the Advanced tab.
Click on the Reset button.
When the next window opens check the box to Delete Personal Settings and then click on the Reset button, allow it to complete and then shut down Internet Explorer and re-open it, see if that has helped.


----------



## kpeter02 (May 4, 2012)

I hope this was it!


----------



## Mark1956 (May 7, 2011)

You have sent me the log file. There should be another one on your desktop called MBR.dat.

Have you tried the reset on Internet Explorer?


----------



## kpeter02 (May 4, 2012)

Dear Sir: 

I did reset IE and have been trying it. I haven't gotten a redirect yet, but I can't be positive that it just isn't happening, as it is spread out when this happens (not consistent). But I have tried 7 times in a row today and still don't get a redirect on that. I do on Mozilla though.


----------



## Mark1956 (May 7, 2011)

The MBR file is clean.

Please confirm that IE is ok.

Also try running Firefox in safe mode following the instructions here: How to run Firefox and Internet Explorer with no add-ons


----------



## kpeter02 (May 4, 2012)

Dear Sir: I had to start Firefox in safe run a different way. I went into the Help from Firefox and selected restart without add-ons. Then it gave me the popup, whwere I selected disable add-ons.

I am not getting the redirect in IE yet. I've tried numerous searches in Firefox under safe mode and don't get a redirect. I still dont' know how valid that is, as the redirect doesn't always happen. But I haven't gotten it after maybe 20 searches in a row.


----------



## Mark1956 (May 7, 2011)

I would say after 20 searches with IE that is fairly conclusive.

Sounds like Firefox is also ok with the Add-ons disable.

Click on the Tools tab in Firefox > Add-ons. Then click on Extensions in the left menu. Disable anything you do not recognise, do the same under Plug-ins. The shut Firefox and restart it, this will automatically be back in normal mode. See if any redirects occur. 

Tell me what you find in Extensions and Plug-ins that you are suspicious of.

You can do the same in IE under the Tools button you will find Manage Add-ons.


----------



## kpeter02 (May 4, 2012)

I thought I should let you know though... before I figured out how to do safe start for Firefox, I tried doing a safe run through Kaspersky, which it allows me to do because I do online banking. I did get a redirect with that on... but I don't know what Kaspersky does actually.

Extensions list that I don't know about: Mozilla Safe Browsing 2.0.14; the RealPlayer Browser Record Plugin 15.05 has a little note that says it can cause security or stability issues.

Add-ons that I don't know: RealJukebox NS Plugin 15.0.5.109, Google Update 1.3.21.123, RealNetworks(tm) Chrome Background Extension Plug-in (32 bit) 15.0.5.109, Shockwave Flash 11.4.402.265, 

I'd actually just like to delete all the plug-ins. I don't think I use any except Java.

I will try doing what you said and give it my afternoon to see if the Re-directs come up.


----------



## Mark1956 (May 7, 2011)

None of those Add-ons or Extensions should pose any risk, but if you don't need them they may as well be removed.

Let me know how it goes.


----------



## kpeter02 (May 4, 2012)

Hey... thanks for helping me. I will let you know if I ever get another re-direct, or if I lose my harddrive again. Do you think the re-direct was messing with my harddrive?

I guess unless you think there is more to look at regarding my memory or hardware, you can mark it as solved. And I'll just flag you if I see it happen again. I still am getting the 404 Not Found though... when I go to my university library (psu.edu). No one there can figure it out thinking it is on my end. It isn't because I type in the wrong URL, because I am only clicking on their link. But I have a feeling it really is a problem they have. So no worries.


----------



## Mark1956 (May 7, 2011)

We have done extensive checks for infections and cleaned out quite a few bad files, there is just one more deep scan that will be worth doing following the instructions below.

We can also run a quick check to see if anything important needs to be updated and then we need to clean out all the tools used.

*STEP 1*
*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.


Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.

*STEP 2*
Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## kpeter02 (May 4, 2012)

Sir: I will do this when I am done with classes today. I did have a qeustion though before I forgot. The instructions for the MBR.dat said not to delete it from my desktop without permission. Please let me know if I can delete that.


----------



## Mark1956 (May 7, 2011)

That will be fine and yes, you can delete the MBR.dat file.


----------



## kpeter02 (May 4, 2012)

Dear Mark,

The ESET scan did come up with threats. However, it was through this scan that I learned that I had Windows Defender. Last time, I checked everything for it but couldn't find it (so I never turned it off when I did those other scans). I feel like I wasted your time! I'm so sorry. It's not in my list of programs in the control panel. I'll do part two now.

C:\Users\Kim\AppData\Local\{DA11B9DE-DF6B-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
F:\users\admin\Downloads\7zip_installer_d161680.exe a variant of Win32/InstallIQ application
F:\users\Kim\Downloads\FreemakeVideoConverterSetup.exe Win32/OpenCandy application


----------



## kpeter02 (May 4, 2012)

Here Sir... the results of the second scan. Also... I did find my Kaspersky picked up some vulnerabilities, but I don't know how to fix them.

Results of screen317's Security Check version 0.99.51 
Windows 7 Service Pack 1 x86 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Disabled! 
Kaspersky Internet Security 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
SUPERAntiSpyware 
Java 7 Update 7 
Adobe Flash Player 11.4.402.265 
Adobe Reader X (10.1.4) 
Mozilla Firefox 14.0.1 *Firefox out of Date!* 
*````````Process Check: objlist.exe by Laurent````````* 
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

Ok, just a few more things to do and then I will post instructions to remove the tools used.

*STEP 1*
We are now going to run ComboFix a different way.

Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._


```
KillAll::

File::
C:\Users\Kim\AppData\Local\{DA11B9DE-DF6B-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul    
F:\users\admin\Downloads\7zip_installer_d161680.exe
F:\users\Kim\Downloads\FreemakeVideoConverterSetup.exe


ClearJavaCache::

Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.










This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.

*STEP 2*
Follow this guide to update Firefox and set it up for automatic updates.How to update Firefox

*STEP 3
*Follow this to install the latest version of Java.*How to install the latest version.*


Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.


----------



## kpeter02 (May 4, 2012)

I did step 1. I had to reinstall combofix, as the other said it was out of date.

ComboFix 12-10-04.02 - admin 10/06/2012 16:37:01.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1913 [GMT -4:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Kim\AppData\Local\{DA11B9DE-DF6B-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul"
"f:\users\admin\Downloads\7zip_installer_d161680.exe"
"f:\users\Kim\Downloads\FreemakeVideoConverterSetup.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 21:08 . 2012-10-06 21:08 -------- d-----w- c:\users\Mcx1-KIM-PC\AppData\Local\temp
2012-10-06 21:08 . 2012-10-06 21:08 -------- d-----w- c:\users\Limited User\AppData\Local\temp
2012-10-06 21:08 . 2012-10-06 21:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-06 21:08 . 2012-10-06 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 21:16 . 2012-10-05 21:16 -------- d-----w- c:\program files\ESET
2012-10-05 21:11 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B22DD756-C6F9-40C9-AF1C-79BD37F8B356}\mpengine.dll
2012-09-27 23:13 . 2012-10-06 21:17 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-09-26 00:48 . 2012-09-26 01:07 -------- d-----w- c:\users\Kim\.android
2012-09-26 00:47 . 2012-09-26 00:47 -------- d-----w- c:\users\Kim\.appinventor
2012-09-26 00:29 . 2012-09-26 00:29 -------- d-----w- c:\users\Kim\AppData\Local\AppInventor
2012-09-25 20:15 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 15:11 . 2012-09-23 15:11 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-09-14 22:10 . 2007-01-19 22:20 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-09-14 22:10 . 2010-02-03 15:20 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-09-12 12:47 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 12:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-08 01:09 . 2012-09-08 01:09 -------- d-----w- c:\users\Kim\AppData\Roaming\ASUS WebStorage
2012-09-08 01:01 . 2012-09-08 01:01 -------- d-----w- c:\users\Kim\AppData\Roaming\Outlook
2012-09-08 01:00 . 2012-09-09 21:28 -------- d-----w- c:\users\Kim\AppData\Roaming\ASUS
2012-09-08 01:00 . 2012-09-08 01:00 -------- d-----w- c:\users\admin\AppData\Roaming\ASUS
2012-09-08 00:29 . 2012-09-08 00:29 -------- d-----w- C:\temp
2012-09-08 00:03 . 2012-09-08 00:03 -------- d-----w- c:\users\admin\AppData\Local\{BA5F88F1-D2F2-4E27-85A3-42F74C7F2FC2}
2012-09-08 00:03 . 2012-09-08 00:03 -------- d-----w- c:\users\admin\AppData\Roaming\ASUS WebStorage
2012-09-08 00:03 . 2012-09-08 00:03 -------- d-----w- c:\programdata\ASUS WebStorage
2012-09-08 00:02 . 2012-09-08 00:02 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations
2012-09-08 00:01 . 2012-09-08 00:03 -------- d-----w- c:\program files\ASUS
2012-09-08 00:00 . 2012-09-08 00:00 -------- d-----w- c:\program files\MSXML 4.0
2012-09-07 23:44 . 2012-09-07 23:44 -------- d-----w- c:\users\admin\AppData\Roaming\eCareme
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 21:36 . 2010-07-31 12:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-10-03 21:35 . 2010-07-31 12:14 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-10-03 21:35 . 2010-07-31 12:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-02 20:39 . 2010-07-26 13:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-02 20:39 . 2010-07-26 13:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-02 20:38 . 2010-07-26 13:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-02 20:38 . 2010-07-26 13:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-24 23:06 . 2010-07-31 12:14 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-20 21:43 . 2012-08-30 00:50 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 21:43 . 2011-05-25 23:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 20:57 . 2012-09-03 20:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 20:57 . 2012-05-30 23:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 20:57 . 2010-11-05 02:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 23:32 . 2012-07-26 23:32 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-07-26 23:32 . 2012-07-26 23:32 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-07-26 23:32 . 2012-07-26 23:32 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-07-26 23:32 . 2012-07-26 23:32 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-07-18 17:47 . 2012-08-15 12:25 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-11 18:07 . 2011-03-31 19:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-01-18 02:25 1476448 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-05 296096]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"ASUS Sync Loader"="c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe" [2012-06-15 638976]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.130.270\AsusWSPanel.exe" [2012-01-18 740192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-6-5 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ALSysIO;ALSysIO;c:\users\admin\AppData\Local\Temp\ALSysIO.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [x]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [x]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [x]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [x]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 21:43]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-18 16:49]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-18 16:49]
.
2012-10-06 c:\windows\Tasks\ReclaimerUpdateFiles_admin.job
- c:\users\admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 17:09]
.
2012-10-06 c:\windows\Tasks\ReclaimerUpdateXML_admin.job
- c:\users\admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 17:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\necubzgy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\relog_ap.DLL
.
- - - - - - - > 'Explorer.exe'(1672)
c:\program files\ASUS\ASUS WebStorage\3.0.130.270\ASUSWSShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\PrintIsolationHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-10-06 17:19:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 21:19
ComboFix2.txt 2012-10-06 20:09
ComboFix3.txt 2012-09-27 23:19
.
Pre-Run: 63,825,498,112 bytes free
Post-Run: 63,740,428,288 bytes free
.
- - End Of File - - F2E52F7D825898C64C135B229DF4506A


----------



## kpeter02 (May 4, 2012)

I updated Firefox.


----------



## Mark1956 (May 7, 2011)

Good work.



> The ESET scan did come up with threats. However, it was through this scan that I learned that I had Windows Defender. Last time, I checked everything for it but couldn't find it (so I never turned it off when I did those other scans). I feel like I wasted your time! I'm so sorry.


I forgot to answer this comment. Windows Defender is an Anti Spyware program and does not need to be disabled for any of our tools to run correctly. It can be found in the Control Panel.

Now we just need to remove the tools used and re-install Java.

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.

*STEP 1*


The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).

*Next*


Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

*Please post back when this is complete and let me know if you have had any problems.*

*STEP 2*
*How to re-install the latest version of Java.*


Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.


----------



## kpeter02 (May 4, 2012)

Sir... regarding Java, when I click the big red button, it then tells me taht my system has the latest Java and therefore never brings me to a page where I click on Agree and Start Free Download.

It says I have Java 7 Update 7. If I need another one, I have a feeling I should uninstall what I have first. Do you suggest that?

Also... ESET scan had said there was a redirect virus. Did we get rid of that with that last Combofix scan? If so, thanks!


Kim


----------



## Mark1956 (May 7, 2011)

> Sir... regarding Java, when I click the big red button, it then tells me taht my system has the latest Java and therefore never brings me to a page where I click on Agree and Start Free Download.
> 
> It says I have Java 7 Update 7. If I need another one, I have a feeling I should uninstall what I have first. Do you suggest that?


 my mistake. I had written in my notes that Java was removed so I was thinking it needed to be re-installed. I actually got you to remove the out of date version as you already had the most up to date. So, no further action needed on that.



> Also... ESET scan had said there was a redirect virus. Did we get rid of that with that last Combofix scan? If so, thanks!


 Yes that has been done.

As long as you have completed the clean up and Combofix uninstall we are done, so I will mark this thread as Solved and leave you with some closing advice.

Please feel free to post back if you have any other concerns or questions.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

*Some additional security measures.*
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of *Malwarebytes* with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. *WinPatrol* takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your *start up* programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.


----------



## kpeter02 (May 4, 2012)

Dear Sir: I have a few last questions. Since I should only install one antivirus at a time, should I install the ones you listed above? I have Kaspersky. Are the ones listed above different than what Kaspersky does?

Also... I just lost everything on my drive again (which I think was hardware, not security). You had said you wanted to deal with all of my other problems here, but would you recommend I start another thread?

Thanks so much for all your time on this.


----------



## Mark1956 (May 7, 2011)

> Dear Sir: I have a few last questions. Since I should only install one antivirus at a time, should I install the ones you listed above? I have Kaspersky. Are the ones listed above different than what Kaspersky does?


None of the software listed above are Anti Virus programs so you can install all of them with the exception of the Anti Spyware and Firewall software as the Kaspersky package you have includes both of them.


> Also... I just lost everything on my drive again (which I think was hardware, not security). You had said you wanted to deal with all of my other problems here, but would you recommend I start another thread?


 I can continue help with that problem, what exactly has happened, have all the saved files disappeared or has the entire drive disappeared from the system. Is it a separate hard drive from the one Windows is installed on?


----------



## Mark1956 (May 7, 2011)

I've just been looking back through the thread to get my notes up to date with the drive problem, just posting this for easy reference:


> Then, the next problem that happened was that I totally lost all of my stuff on my drive! I mean, I hadn't even turned off the computer. It just all disappeared. Nothing on the F drive could be found (but I thought it was all on C... but I dont' understand the partitioning of the drives).
> 
> I restarted the computer, and it was all back.


As this has now happened again can you see anything on the G: drive? Have you tried rebooting the PC to see if it comes back? Are either of the drives F: or G: visible in Windows Explorer or has the entire hard drive vanished?

Just so you know, your C: drive is on the first hard drive which is where you have windows installed and all your software.
The G: and F: drives are two partitions on the second hard drive where I assume you store all you data. This drive is ITB and is split into two partitions, you have used about 3GB of space on G: and about 70GB on the F:


----------



## kpeter02 (May 4, 2012)

Sir: I restarted it, and everything came back. The error message I get when this happens is that the F drive cannot be found. I think that is the new drive I put in. Right now, everything is working again, so I can see C, F, and G drives.


----------



## kpeter02 (May 4, 2012)

I think everything on the F drive vanishes, but I didn't check for G. I will when it happens again. The last guy, if you see his post that I marked solved, because he stopped helping me... was that he thought it was a hardware problem. I couldn't get Mem86 (i think that is the name) to work, to check that. He thought it could be the power supply.


----------



## Mark1956 (May 7, 2011)

First we need to clarify exactly what is happening, these two statements mean different things:
_
1. The error message I get when this happens is that the F drive cannot be found

2. I think everything on the F drive vanishes_

The first statement indicates the system is unable to detect the hard drive, the second one means the system *can detect the drive* but cannot read what is on it.

Which one is it?

If the first statement is the true situation then it is quite likely a bad connection, if the second statement, then a faulty hard drive is more likely (that can happen even with a brand new one).

I suspect the first statement is what is occurring and the system is loosing contact with the drive due to a faulty power or data connection. Have a very close look at the two connectors on the back of the drive, pull them off and re-seat them, making sure they are pushed fully into place.

A power supply fault is unlikely as in most cases (but not all) the hard drives will both be connected to the same supply rail, so if one drive dies due to no power so would the other one.

Check to see if the power cables to your drives are linked together.

Make sure the data cable that goes to the motherboard is firmly in position.

Memtest86+ is the name of the memory tester, but I doubt very much that this fault is in any way related to faulty memory. If it was it would also effect the other drive, not just the one and the symptoms don't point to a memory fault.


----------



## kpeter02 (May 4, 2012)

Dear Sir: I will have a look at those connections, but first... it happened again, so I can provide you with more details (since I can check everything real time). 

What happens is I suddenly get a popup saying "Location is not available" F:\users\Kim\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location".

So, here I will check my drives. I lost both F and G drives, but I still have the C drive. It says 70.4 GB free of 139 GB. Everything that was normally on my desktop is gone except the Recycle Bin. I cannot get into Documents, etc.

I will try to reseat the connectors, but I will let you know that I have tried this already in the past. I will also look them over. Is it possible to put it back in upside down? I may have done that last time.

So it didn't affect my other drive, so I think your option 1 is correct. I will try to reseat the drives now. I was wondering... I never had this problem until my friend partitioned the drives. Could that be related?


----------



## kpeter02 (May 4, 2012)

Dear Mark,

Well... I guess I had never reseated the harddrives, because I thought the cd/dvd rom drives were the hard drives last time! Ok. So I reseated them, but I did have some difficulties. It was very hard to get at, so I had to take my graphics and sound cards out. Then, when I removed the SATA3, the plastic guide came off. So I put that back on. Plus, even though it shows I have F, G, and C. I can only find two harddrives. I can only find SATA3 and SATA4. SATA1 and SATA2 are empty (if they correspond to drive possibilities). I removed the floppy, because I seriously never use that and couldn't figure out what direction to plug it back in.

But in all of the mess, I worry I messed something up. Because when I restarted it, my F and G drives still weren't there.

It seems they were ordered so that SATA4 power is connected to SATA3, which is connected to the power supply.

However... on SATA3, when the plastic guide came out, I tried a newer cable I have (which came with the harddrive I think)... maybe that ist he problem. I will put the old one back in and see what happens now.


----------



## Mark1956 (May 7, 2011)

I appreciate it can be a minefield, let me know how you get on. You may have found the problem with that dodgy connection.


----------



## kpeter02 (May 4, 2012)

Hey! I went back in... I learned the cable I had put in was the same as the one I took out, so I left it in. And I saw that my graphics card was pushing the power supply out of the one drive. When I put the graphics card back in, I must have pushed the power cord out of the SATA4 drive. I thought I reseated this, but I am wondering now if possibly that was the problem, because the wires were really pulling in it. I loosened them a bit... and my drives are back!

I hope it is fixed for good. But I was wondering... why does it say C, F and G, when I only see two of them? Did I not find C?

Well... I hope it is fixed. Let me know if you think there may be something else. I had also wondered if maybe the losing of the plastic guide hurt the connections there... but they seem ok right now.

By the way, when I shut down, Windows wanted to do 22 updates. I just powered it off, because I wanted to fix this and not wait for 22 updates to go... and I wasn't sure if that was related to losing my drives.


----------



## Mark1956 (May 7, 2011)

Sounds like you have found the problem. Your C: drive is on one of the hard drives, F and G are on the other.

Let the updates install as they are important.


----------



## kpeter02 (May 4, 2012)

Mark?

I lost my F and G drives again. Do you think I should try moving the cable to a different SATA port?... or maybe getting new cables for all of it? Or could it possibly be my new drive? That is very possible. Maybe I should try moving all files taht are on those drives to the C drive and get a new harddrive?


----------



## Mark1956 (May 7, 2011)

To see if it is the cables swap them with the ones on your C: drive and see if you then start to loose the connection with it. Start by just swapping the SATA cable (the one that goes to the motherboard).

It would be wise to save all the important files to your C: drive just in case the disconnection becomes permanent.


----------



## kpeter02 (May 4, 2012)

Sir: I didn't get a chance to switch the cables, but this morning, Windows wouldn't load. And when this happened, I remember this has happened in the past, where the entire computer wouldn't start. This time, I saw the Windows logo in the center of the screen, but it just kept running and never went anywhere. So I did a hard shutdown and restarted. It tried to do a system restore but couldn't.

In the past, it has just been a black screen, while the fans and everything were running.


----------



## Mark1956 (May 7, 2011)

Try disconnecting the second hard drive and then see if it will boot up, a bad fault on the second drive or its connections/cables may be interfering.

When you had this problem in the past was it before or after the new drive was fitted?


----------



## kpeter02 (May 4, 2012)

Sir: I'm sorry for not getting to this yesterday. How do I know which one is the second harddrive? Do you mean the F and G one?

I never had this problem until the new drive was fitted.


----------



## Mark1956 (May 7, 2011)

Yes, the F: and G:, it will be a worthwhile experiment to see how well it performs with that drive out of the system, as the problems only started when it was fitted, the drive or its data cable are prime suspects. Make sure you also remove the data cable from the motherboard.


----------



## kpeter02 (May 4, 2012)

Sir: I'm sorry I didn't get to this. I will do this now. If problems occur, they may not occur right away... so I will check in in 3 days from now... on Monday, if problems don't occur before then.


----------



## Mark1956 (May 7, 2011)

:up: Are both the drives standard hard drives or are either one of them the new solid state type (SSD)?


----------



## kpeter02 (May 4, 2012)

Dear Sir:

I don't know how to tell that. Can you help me how to know what type of drives they are?

Also... I have one thing to report. I disconnected the SATA cable (the red one) on the 18th, but not the power, as the second part of my power cable is connected to my C drive. The changes I noticed was that my desktop for my limited user account (the one I usually use) was completely empty except for the Recycle Bin. I have not plugged it back in, but interestingly, some of my programs are back on the desktop (Mozilla Firefox, Itunes, etc). So that is the change I notice. I do believe they are on the C drive, but it is interesting that they disappeared from my desktop before and now are there.


----------



## Mark1956 (May 7, 2011)

I can't think of any logical reason for the blank desktop and then some items coming back unless the system was hung on trying to locate files that may be on the other drive, it might have just been a matter of time before the missing icons re-appeared.

I have attached a picture of a standard hard drive and an SSD, the right hand picture is an SSD.

From what we have seen so far I think it we can conclude that the problem with the other drive is most likely to be a bad connection. You said earlier that the graphics card was tight against the drive connectors. I would suggest replacing the connections with new cables that have a 90º plug on the end and see how that goes.


----------



## kpeter02 (May 4, 2012)

Dear Sir: I don't see SSD on the drives... I don't think they are SSD. Is the connections the red ones? If I go to Best Buy, do I just say cables with a 90 degree plug? I will try for this on Wed.


----------



## kpeter02 (May 4, 2012)

But, the F drive is silver and the C drive is black.


----------



## Mark1956 (May 7, 2011)

I just remembered that the drive model numbers are displayed in the RogueKiller log, a quick search shows they are both standard hard drives. I only asked about the type of drive because SSD drives can have problems if the correct firmware is not installed. Anyway, we can forget about that.

If you explain in the shop you go to that you have a SATA hard drive with very limited space for the connections and that you need right angled connectors you should get what is required.


----------



## kpeter02 (May 4, 2012)

Thanks. I'll try to get them tomorrow. Thanks for all your help.


----------



## Mark1956 (May 7, 2011)

:up:


----------



## kpeter02 (May 4, 2012)

Dear Sir: I got the new cable... and installed it. F and G are currently working. If they go bad again, the only other options would be power supply and harddrive? So far, let's consider it solved unless something happens.


----------



## Mark1956 (May 7, 2011)

Ok, fingers crossed the problem is solved, you can post back any time if there are further problems.


----------



## kpeter02 (May 4, 2012)

Sir: It did it again. The F and G drives are gone again.

Another problem I noticed before it just did this (when I still had my F and G drives)... is that I tried to create a new user... and whenever I went into that user's account, I got this popup saying Windows Explorer has stopped working, then restarting... over and over again, with items on the screen disappearing and reappearing... and I couldn't click on anything, so I just did a hard shut down.


----------



## Mark1956 (May 7, 2011)

Ok, disconnect the F and G drive and then see how the new account behaves.


----------



## kpeter02 (May 4, 2012)

Dear Sir: I will do that here in a sec... but I wanted to tell you that when I just booted it up, I got message saying
CPU Fan Error!

So I shut it down and reset the cable to the motherboard, and it worked again. So I was wondering if that indicates it is a power supply issue.


----------



## kpeter02 (May 4, 2012)

Dear Sir: I unplugged the F&G drives, and the new account did the same thing. So I tried creating another new user while the F&G drives were gone. This account did the same thing: Windows Explorer is restarting popping up over and over while the items on the screen disappear over and over... having to do CNTR ALT DEL to get out.


----------



## Mark1956 (May 7, 2011)

It could have just been a loose connector, but lets run this test.

*OCCT Instructions*


Download OCCT and save to the desktop. On the web page click on the Download tab, then scroll down the page and click on *Installer(.exe)*
Extract the contents of the zip file to the desktop.
Double click on the OCCT folder to open it and then double click on the OCCT icon







to run the program.
Click on the *Power Supply* tab. Check the *Automatic* button, set the duration for 1 hour and leave the rest set at default. Click on the green ON button and leave the test to run. Make sure all programs and your browser are closed and do not use the PC during the test.
When the test ends click on the *OFF* button to close the software.
The Results window should open, if not open Documents > OCCT. You should find a folder with todays date on it. Zip the folder by right clicking on it, select Send To and then Compressed (zipped) folder. It will create the zip folder in the open window. Then send it as an attachment with your next post.

*NOTE*
If the test stops before the set time this will indicate it has detected a fault. The program will still save a results folder for you to post.

If the tabs for the PSU and GPU are greyed out it means your DirectX 9 version is too old. OCCT requires DirectX 9.
You can manually check it easily : just look for the file *d3dx9_37.dll* in the following folder C:\Windows\System32 
If it is not present, just download the latest Direct X9 Update for your OS and everything should run fine afterwards.

*How to send an attachment.*


Below the *Message Box* click on *Go Advanced*.
Scroll down until you see a button, *Manage Attachments*, click on it and a new window will open.
Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
Now click on the *Upload* button.
When you see the Upload has completed, click on the *Close this window* button at the bottom of the page.
Then type in any message you wish to add in the message box and click on *Submit Message/Reply.*


----------



## Mark1956 (May 7, 2011)

I've just noticed that OCCT has been upgraded, you can now select to install the required DirectX version. If you save the download to your desktop (recommended) when you run the installer it will create a shortcut to the program on the desktop so you can run it from there.

If when you start the test it promptly stops then change the selection for the version of Direct X and it should then run.


----------



## kpeter02 (May 4, 2012)

Dear Sir:

I did it. I think I had all programs shut off, but halfway through, I did get a popup from Microsoft Visual C+ Runtime Library saying "Runtime Error!" A program called NETGEAR (which is my wireless internet I think) was closed. So I hope that didn't mess up the data. If so, let me know and I can run it again this time with Netgear shut off.

Mark... it won't let me upload the zip file. It says my file of 733.6 KB exceeds the forum's limit.


----------



## Mark1956 (May 7, 2011)

If you open the results folder which is at Documents > OCCT then zip up the graphs in two separate zip files that should do it.

The fact the test completed is a good sign there were no power supply errors, but I will review the graphs before deciding what to do next.


----------



## kpeter02 (May 4, 2012)

Ok. I figured out how to do it. Here are the graphs in separate folders.


----------



## Mark1956 (May 7, 2011)

All those results are ok.

I think after all that has been done I have to conclude you have a faulty hard drive, the F: & G:, I would suspect there is an intermittent fault in the drives circuitry. We have now tried every test I can think of.

Best thing to do is save all the data that is on it back to the C: drive, an external drive or CD/DVD's and then format the drive to clean off all your data and return it for a replacement under the guarantee.

When you get the replacement drive we will see if the problem persists, hopefully not. There is one other possibility that there is a minor fault on the motherboard, but the hard drive is far more likely as your C: drive is not having the same problems.


----------



## kpeter02 (May 4, 2012)

I was wondering... will the partitioning of the drives mess anything up?


----------



## Mark1956 (May 7, 2011)

Not quite sure what you are asking, please elaborate.


----------



## kpeter02 (May 4, 2012)

I think my background question was regarding that new user account I tried to create when I had the F/G drive disconnected. It still didn't work. I was wondering if that is because my drives are partitioned (although I don't exactly know what that means but thought it meant that they are connected together). So, if I get a new drive, do I need to do something like reformat or get rid of the partition of these?

Also, just now, I had the CPU Fan Error again. Do you think that is related to my drives?


----------



## Mark1956 (May 7, 2011)

Having looked back through this thread I can see that the User folder is located on the F: drive, that could be why there is a problem with the new account.

The issue with the CPU fan does suggest you may have a problem with the motherboard, the fan is faulty or it has a bad connection.

Not all that sure what to conclude, but if it was my PC I would return the drive with the F: & G: partitions for a replacement while it is still under guarantee, save all your personal data to an external source and re-install Windows on the C: drive.

With a clean install of Windows you could then see how well the system operates, if you still get problems with it we can investigate further.


----------



## kpeter02 (May 4, 2012)

Ok. I will try that. I was wondering... since my Windows 7 was an upgrade disc, will I need to first install XP, before I install from the upgrade disc?


----------



## Mark1956 (May 7, 2011)

No, you can do a clean install with an Upgrade disc. Just make sure you opt for the Custom (Advanced) install. Follow this guide to do a clean install if in doubt: http://pcsupport.about.com/od/operatingsystems/ss/windows-7-clean-install-part-1.htm

Select the C: drive for the install when asked, it will wipe everything off the drive. Doing this will rewrite anything that has strayed over to the F: drive back to where it should be on the C: drive as is the case with the user folder.


----------

