0

I downloaded a file and the file was a virus but my avast protected me from most of it. I say most of it not all of it because when i am on Google chrome and i go to a site it starts to load the site then just switches over to some ad each and every time. I've already run a full computer scan with avast and its still happening only some sites when clicked will actually go to the proper site while the others don't. Is there anyway to fix this problem so i can surf the internet without any hindrance?

I am running Windows 7 home premium edition.

5
Contributors
27
Replies
28
Views
6 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • [QUOTE=steven woodman;1580737]I'll still help you. I dont see any rules about helping victims of counterfeit fraud. For all I know it could be you intention to fix your copy so you can register a valid key.[/QUOTE] No, you will not. If the OP's operating system is pirated, intentionally or unintentionally, … Read More

0

Download, install, update, and do a full scan with Mbam. Google will easily find it.

Avast only scans for viruses, Mbam will scan for malware.

0

refer to http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865 before doing anything.

Cheers!

Thank you i went to this link you directed me to follow it's instructions and i am no longer having any trouble with the internet.

I'm not sure if these two problems are related but i get a pop up telling me to Turn on Windows Security Center service and when i try and do just that a pop up says "The Windows Security Center serivce can't be started. This problem appeared the same day i downloaded the infected file i believe.

Edited by jholland1964: Attached zip file removed for safety

0

Go to start menu and type services in the bar at the bottom and press enter. Click on "services (local)" in left navigation pane and then find the security center service. Make sure the service is "started" under status column and "Automatic (delayed start)" under startup type column.


Please advise.

0

So i have determined with the help of some friends that it's a virus or something similar to one that is still on my netbook and still redirecting me on the websites numerous times. It's called smitfraud-C and i can't find anyway to get rid of it. suggestions? Spybot came across the file but it never picked it up as a threat which is the problem.

0

Xjmaslord4, I am going to ask that you follow all the instructions given in our Read Me sticky and correctly linked by steven woodman earlier.
Those instructions are very clear;
When you post your request for assistance, please be sure to submit (Copy & Paste, not as an attachment unless requested) these requested scanlogs:

• MalwareBytes’ Anti-Malware log
• GMER One.log and GMER Two.log
• BOTH DDS ScanLogs (DDS.txt & Attach.txt)
We request copy/paste for a very specific reason, and that is to avoid the possible danger to others having to download an attached file to their own computer in order to view it. This puts other people's computer at risk. This is a standard request made at virtually all reputable malware removal forums and is requested here also.
I have removed your zipped gmer log and ask that you please copy paste all logs from the tools you ran in that Read Me first sticky.

Those tools requested in the Read Me Sticky are the only tools you should be using at this time until we can actually view all of the previously requested logs.
Judy

0

I think i did everything correctly if not just tell me how to correct it please. i posted everything you asked me to.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6835

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/11/2011 2:33:34 PM
mbam-log-2011-06-11 (14-33-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 328558
Time elapsed: 2 hour(s), 20 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\.iso file\windows 7 activation (reccomended)\windows 7 activation (reccomended).exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra activation programs\remove windows activation technologies 2.2.6.exe (HackTool.Wpakill) -> Not selected for removal.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra activation programs\se7en activator v3.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra activation programs\windows loader 1.9.5 (reccomended)\windows loader 1.9.5 (reccomended).exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra unique programs\remove windows genuine advantage notifications.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra unique programs\windows 7 ultimate keygen 1.0.exe (Trojan.Dropper) -> Not selected for removal.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-11 09:58:40
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0001SDM1
Running: jyds0rcd.exe; Driver: C:\Users\Xjmas\AppData\Local\Temp\fwdiipow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x898ED902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-11 11:25:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0001SDM1
Running: jyds0rcd.exe; Driver: C:\Users\Xjmas\AppData\Local\Temp\fwdiipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89240202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x898D7CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8924281C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89242874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8924298A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89242772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x892428C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x892427C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89242938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89240226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x898D7D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8923FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8924024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89242D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89240CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8924284C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8924289C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x892429B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8924279E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89242904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x892427F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89242962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x898D7DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89240BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8924026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89240292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8924004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89240186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89240162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x892401AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x892402B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x898ED902]

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/05/2011 9:25:29 PM
System Uptime: 11/06/2011 4:54:57 PM (3 hours ago)
.
Motherboard: Acer | | JE02_PT_E
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 155.786 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_03491025&REV_C1\4&16969C7D&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_03491025&REV_C1\4&16969C7D&0&00E0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
ACE Online EP3-3 2.3.1.1 Full
Any Video Converter 3.2.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
avast! Pro Antivirus
Bing Bar
Bing Bar Platform
Bonjour
Cheat Engine 6.1
D3DX10
Driver Genius Professional Edition
Google Chrome
Intel(R) Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Player 2.0
MSVCRT
MyWinLocker 4
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Spybot - Search & Destroy
Ventrilo Client
WavePad Sound Editor
Windows Driver Package - Intel (NETw5s32) net (05/31/2010 13.2.1.5)
Windows Driver Package - Intel (NETw5v32) net (05/31/2010 13.2.1.5)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/06/2011 7:56:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/06/2011 7:55:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/06/2011 7:53:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/06/2011 7:53:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/06/2011 7:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/06/2011 7:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/06/2011 7:45:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/06/2011 7:45:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/06/2011 7:45:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
11/06/2011 7:38:19 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
11/06/2011 7:38:18 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
11/06/2011 7:38:17 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/06/2011 7:38:17 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
09/06/2011 11:45:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
09/06/2011 11:12:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
07/06/2011 9:44:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/06/2011 11:48:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
.
==== End Of File ===========================

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Xjmas at 18:59:28 on 2011-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.416 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Xjmas\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\EgisTec MyWinLocker\MWLTSR.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Xjmas\Downloads\SmitfraudFix\Policies.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\xjmas\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [TaskTray]
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [MWLTSR] c:\program files\egistec mywinlocker\MWLTSR.exe /run
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{2CC3C0AB-E591-4426-B137-100AE8CB6D11} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{2CC3C0AB-E591-4426-B137-100AE8CB6D11}\75C414E4 : DhcpNameServer = 64.71.255.198
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-31 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-31 307928]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2011-6-1 19304]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2011-6-1 16744]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2011-6-1 62048]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-31 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-31 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-31 42184]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-12-23 172912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-31 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-11 39984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-1 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-11 23:51:24 691 ----a-w- c:\users\xjmas\appdata\roaming\GetValue.vbs
2011-06-11 23:51:24 35 ----a-w- c:\users\xjmas\appdata\roaming\SetValue.bat
2011-06-11 23:51:23 1576 ----a-w- c:\windows\system32\tmp.reg
2011-06-11 22:01:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-11 22:01:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-11 21:38:24 -------- d-----w- c:\users\xjmas\appdata\local\{FCD2549A-7EBE-413B-90E9-50DAF67A1733}
2011-06-11 18:28:18 -------- d-----w- c:\users\xjmas\appdata\roaming\Malwarebytes
2011-06-11 18:28:07 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 18:28:05 -------- d-----w- c:\programdata\Malwarebytes
2011-06-11 18:28:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 18:28:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 07:13:47 -------- d-----w- c:\users\xjmas\appdata\local\{8CD755CF-3E93-425B-B24F-53A55707E363}
2011-06-10 15:28:46 -------- d-----w- c:\users\xjmas\appdata\local\{63D85777-7C14-43EE-9B27-E0D17523FD30}
2011-06-10 06:03:24 86528 --sha-r- c:\windows\system32\C_IS20225.dll
2011-06-10 03:28:09 -------- d-----w- c:\users\xjmas\appdata\local\{C2F46859-6F47-40AC-B30A-9A6B5871140A}
2011-06-09 15:10:10 -------- d-----w- c:\users\xjmas\appdata\roaming\NCH Software
2011-06-09 15:03:15 -------- d-----w- c:\program files\NCH Swift Sound
2011-06-09 14:52:19 -------- d-----w- c:\users\xjmas\appdata\local\{D75F05A0-8213-4A3B-8AF3-E92152D06C38}
2011-06-09 01:45:34 -------- d-----w- c:\users\xjmas\appdata\local\{A72C2C0F-59E9-402D-A302-2275E7DD8AB5}
2011-06-08 09:59:49 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b3079db8-042a-4f08-92af-eb07e8e2bdc9}\mpengine.dll
2011-06-06 16:55:18 -------- d-----w- c:\users\xjmas\appdata\local\{9BD1C252-5F35-42AB-983B-0BDBC3A14AC4}
2011-06-06 04:54:42 -------- d-----w- c:\users\xjmas\appdata\local\{347AD5F8-669C-4505-8B9A-4FA6AA7989A6}
2011-06-06 00:18:41 -------- d-----w- c:\program files\Cheat Engine 6.1
2011-06-05 16:54:10 -------- d-----w- c:\users\xjmas\appdata\local\{1ACD0E3A-DC7F-4CD0-A772-B5936677AD61}
2011-06-04 21:56:04 -------- d-----w- c:\users\xjmas\appdata\local\{8649D727-8D7A-44FC-A79A-2E89E6FBC78F}
2011-06-04 21:55:47 -------- d-----w- c:\users\xjmas\appdata\local\{A513BCC1-FAE2-415B-99EE-3EDADB4DAEFE}
2011-06-03 19:09:59 -------- d-----w- c:\users\xjmas\appdata\local\{301154EC-98C8-4239-832B-76EDEF9B27E1}
2011-06-03 06:46:08 -------- d-----w- c:\windows\system32\SPReview
2011-06-03 06:44:23 -------- d-----w- c:\windows\system32\EventProviders
2011-06-03 06:43:48 -------- d-----w- c:\windows\system32\x64
2011-06-03 06:37:36 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-06-03 06:37:35 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-06-03 06:37:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-06-03 06:37:33 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-03 06:37:32 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-03 03:17:43 -------- d-----w- c:\users\xjmas\appdata\local\{6C53A672-085D-4B31-89CE-C1426909A47A}
2011-06-02 22:47:36 -------- d-----w- c:\program files\MKV Player
2011-06-02 15:31:28 -------- d-----w- c:\users\xjmas\appdata\roaming\AnvSoft
2011-06-02 15:31:05 -------- d-----w- c:\program files\AnvSoft
2011-06-02 15:17:16 -------- d-----w- c:\users\xjmas\appdata\local\{51542B0B-684C-476D-9E95-24F3009FA1E6}
2011-06-02 13:50:38 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-06-02 01:01:46 471040 ----a-w- c:\windows\system32\SCDialer1.ocx
2011-06-02 01:01:46 323584 ----a-w- c:\windows\system32\SCDialer2.ocx
2011-06-02 01:01:46 118272 ----a-w- c:\windows\system32\SX5363S.DLL
2011-06-02 01:01:46 102400 ----a-w- c:\windows\system32\RV32RTP.dll
2011-06-02 00:45:23 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-06-02 00:45:09 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-06-02 00:45:09 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-06-02 00:45:07 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-06-02 00:43:59 521216 ----a-w- c:\windows\system32\termsrv.dll
2011-06-02 00:42:59 932352 ----a-w- c:\windows\system32\printui.dll
2011-06-02 00:41:59 828928 ----a-w- c:\windows\system32\fontext.dll
2011-06-02 00:40:59 95232 ----a-w- c:\windows\system32\logagent.exe
2011-06-02 00:39:59 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2011-06-01 15:24:20 -------- d-----w- c:\users\xjmas\appdata\local\{C9D24B68-E3C8-4335-A4BB-42CDA038FFD9}
2011-06-01 15:21:03 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-01 15:21:03 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-01 15:18:21 -------- d-----w- c:\program files\iPod
2011-06-01 15:17:50 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-01 15:17:49 -------- d-----w- c:\program files\iTunes
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-06-01 15:14:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-06-01 15:10:49 -------- d-----w- c:\program files\Bonjour
2011-06-01 14:56:14 -------- d-----w- c:\programdata\OfficeGuardianV2
2011-06-01 06:26:41 -------- d-----w- c:\users\xjmas\appdata\local\EgisTec
2011-06-01 06:25:30 -------- d--h--w- c:\programdata\EgisTec
2011-06-01 06:25:17 -------- d-----w- c:\users\xjmas\appdata\local\EgisTec IPS
2011-06-01 06:19:59 62048 ----a-w- c:\windows\system32\drivers\mwlPSDVDisk.sys
2011-06-01 06:19:59 19304 ----a-w- c:\windows\system32\drivers\mwlPSDFilter.sys
2011-06-01 06:19:59 16744 ----a-w- c:\windows\system32\drivers\mwlPSDNserv.sys
2011-06-01 06:17:38 -------- d-----w- c:\programdata\EgisTec IPS
2011-06-01 06:17:38 -------- d-----w- c:\program files\EgisTec MyWinLocker
2011-06-01 06:17:38 -------- d-----w- c:\program files\EgisTec IPS
2011-06-01 06:17:38 -------- d-----w- c:\program files\common files\EgisTec
2011-06-01 06:13:09 -------- d-----w- c:\users\xjmas\appdata\local\Downloaded Installations
2011-06-01 05:28:44 -------- dc----w- c:\users\xjmas\appdata\local\MigWiz
2011-06-01 05:09:16 -------- d-----w- C:\247809c6563071f048cc7be722
2011-06-01 04:56:09 -------- d-----w- c:\program files\Ventrilo
2011-06-01 04:54:46 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-06-01 04:02:09 -------- d-----w- c:\windows\system32\Wat
2011-06-01 03:41:42 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-01 03:41:40 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-01 03:40:45 40112 ----a-w- c:\windows\avastSS.scr
2011-06-01 03:40:22 -------- d-----w- c:\programdata\AVAST Software
2011-06-01 03:40:22 -------- d-----w- c:\program files\AVAST Software
2011-06-01 03:26:57 -------- d-----w- c:\programdata\Messenger Plus!
2011-06-01 03:26:36 -------- d-----w- c:\program files\Yuna Software
2011-06-01 03:24:20 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-01 03:23:50 -------- d-----w- c:\users\xjmas\appdata\local\{F2AA098A-BA94-4F63-8986-CA8E1A4EB60D}
2011-06-01 03:23:29 -------- d-----w- c:\users\xjmas\Tracing
2011-06-01 03:13:39 -------- d-----w- c:\windows\en
2011-06-01 03:12:56 -------- d-----w- c:\program files\uTorrent
2011-06-01 03:12:24 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-06-01 03:12:01 -------- d-----w- c:\users\xjmas\appdata\roaming\uTorrent
2011-06-01 03:10:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-01 03:08:10 -------- d-----w- c:\windows\PCHEALTH
2011-06-01 03:06:03 -------- d-----w- c:\program files\Microsoft
2011-06-01 03:04:09 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-06-01 03:04:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-01 03:02:52 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-01 03:02:25 14336 ----a-w- c:\windows\system32\slwga.dll.bak
2011-06-01 03:02:20 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-01 03:02:19 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-01 03:02:11 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-06-01 03:02:10 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-01 03:02:04 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-01 03:02:04 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-06-01 03:02:04 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-01 03:02:04 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-01 03:01:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-01 02:55:34 469256 ----a-w- c:\program files\common files\windows live\.cache\5cf4c3471cc200710\InstallManager_WLE_WLE.exe
2011-06-01 02:55:15 15712 ----a-w- c:\program files\common files\windows live\.cache\5503ec1d1cc20070f\MeshBetaRemover.exe
2011-06-01 02:55:11 94040 ----a-w- c:\program files\common files\windows live\.cache\51e67f211cc20070e\DSETUP.dll
2011-06-01 02:55:11 525656 ----a-w- c:\program files\common files\windows live\.cache\51e67f211cc20070e\DXSETUP.exe
2011-06-01 02:55:11 1691480 ----a-w- c:\program files\common files\windows live\.cache\51e67f211cc20070e\dsetup32.dll
2011-06-01 02:55:08 94040 ----a-w- c:\program files\common files\windows live\.cache\4f04948c1cc20070d\DSETUP.dll
2011-06-01 02:55:08 525656 ----a-w- c:\program files\common files\windows live\.cache\4f04948c1cc20070d\DXSETUP.exe
2011-06-01 02:55:08 1691480 ----a-w- c:\program files\common files\windows live\.cache\4f04948c1cc20070d\dsetup32.dll
2011-06-01 02:55:00 6260088 ----a-w- c:\program files\common files\windows live\.cache\496212a61cc20070c\Silverlight.4.0.exe
2011-06-01 02:54:50 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-06-01 02:54:50 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-06-01 02:54:50 107520 ----a-w- c:\windows\system32\cdd.dll
2011-06-01 02:53:28 -------- d-----w- c:\users\xjmas\appdata\local\Windows Live
2011-06-01 02:53:24 -------- d-----w- c:\program files\common files\Windows Live
2011-06-01 02:50:55 -------- d-----w- c:\users\xjmas\appdata\local\Google
2011-06-01 02:50:24 -------- d-----w- c:\users\xjmas\appdata\local\Deployment
2011-06-01 02:50:24 -------- d-----w- c:\users\xjmas\appdata\local\Apps
2011-06-01 02:48:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-01 02:43:00 -------- d-----w- c:\program files\Atheros
2011-06-01 02:42:23 1906024 ----a-w- c:\windows\system32\drivers\athr.sys
2011-06-01 02:42:23 1906024 ----a-w- c:\windows\system32\athr.sys
2011-06-01 02:42:23 -------- d-----w- c:\windows\Options
2011-06-01 02:42:00 -------- d-----w- c:\programdata\Atheros
2011-06-01 02:26:06 -------- d-sh--w- c:\windows\Installer
2011-06-01 02:22:57 -------- d-----w- c:\program files\Driver-Soft
2011-06-01 02:12:36 -------- d-----w- c:\windows\system32\Lang
2011-06-01 02:12:34 1006104 ----a-w- c:\windows\system32\igxpun.exe
2011-06-01 02:10:02 -------- d-----w- c:\windows\Panther
2011-06-01 01:58:37 -------- d-----w- C:\Windows.old
2011-06-01 01:36:11 -------- d-----w- c:\users\xjmas\appdata\local\Diagnostics
2011-06-01 01:30:59 -------- d-----w- c:\windows\system32\wbem\Performance
2011-05-31 17:05:00 -------- d--h--w- C:\MyWinLockerData
2011-05-31 16:22:39 -------- d---a-w- C:\book
2011-05-31 15:59:01 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-06-03 07:05:09 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 19:02:48.92 ===============

Edited by Xjmaslord4: n/a

0

Xjmaslord4, your MBA-M log shows that the infected files found were NOT selected for removal as shown in the log by this notation next to all of them
-> Not selected for removal.
Please UPDATE the program as they often have multiple updates daily and there has been an update since you ran your scan. Run a Full Scan and have it Remove Everything Found.
Reboot the computer>>this is Very important because some of the removals may have to be completed early in the boot process.
Post back here with that new log.

0

Xjmaslord4, your MBA-M log shows that the infected files found were NOT selected for removal as shown in the log by this notation next to all of them
-> Not selected for removal.
Please UPDATE the program as they often have multiple updates daily and there has been an update since you ran your scan. Run a Full Scan and have it Remove Everything Found.
Reboot the computer>>this is Very important because some of the removals may have to be completed early in the boot process.
Post back here with that new log.

Everything in the Windows.old isn't affecting my computer if you insist though ill remove them too.

0

Everything in the Windows.old isn't affecting my computer if you insist though ill remove them too.

Those ARE infected files. Please remove them by running MBA-M again as requested. Post back with that new log.

0

By the way, is your copy of Windows 7 a legal and licensed copy? I am asking this because of questionable listings in your logs.
If the Windows 7 is NOT legal we can no longer offer assistance.

0

I find safe mode and malwarebytes tends to get rid of everything. Sometimes I use trojan remover to reverse changes that may have been made by viruses after disinfection.

FYI.

But suffice it to say that the scan is NOT as powerful in Safe Mode, and normal mode scan should nearly always be used. It is not unsafe to scan in Safe Mode, just less effective.

Taken from the MBA-M website. Clearly shows that whenever possible, MBA-M should be run in normal mode. When run in safemode, MBA-M's driver is disabled, rendering it less effective.

0

Safe mode is the last step. Normal mode did not work for me in the past with the antivirus 2009 and 2010 virus, yet safe mode worked perfectly.

Please, if you feel the need to be a know-it-all for my sake, don't.

0

Safe mode is the last step. Normal mode did not work for me in the past with the antivirus 2009 and 2010 virus, yet safe mode worked perfectly.

Please, if you feel the need to be a know-it-all for my sake, don't.

What is it with guys like you who hate being contradicted?
You made a statement that safe mode tends to get rid of everything. MBA-Ms creators say different, not me.
Some members need to make sure that correct instructions are given to other members who come here seeking assistance.
Yes, sometimes safe mode is needed, but only if MBA-M cannot be run in normal mode.

0

This is not a debate. In this guys situation that will be his best bet.

I wasn't saying that's the best way to run the program, nor was I asking for your advise or help, merely, stating my opinion on the subject.

To contradict means to imply the opposite of what I said. How can you imply the opposite of what I find.

That is a little knowitallism for ya :D

0

I received the netbook from my cousin with windows 7 already on here. I went to link directed and apparently its not a validated copy

http://i790.photobucket.com/albums/yy182/Xjmas/hmm2.jpg

In the same breath i went to properties and it says its genuine so i'm at a lost for words. If you still will not be able to help me that's alright thank you for your time ill just send in the notebook to be repaired.

http://i790.photobucket.com/albums/yy182/Xjmas/hmm.jpg

Edited by Xjmaslord4: n/a

-3

I'll still help you. I dont see any rules about helping victims of counterfeit fraud. For all I know it could be you intention to fix your copy so you can register a valid key.

Votes + Comments
read the rules
Here is the rule: Do not pursue any illegal activity within forum posts or by PM
Keep it legal
0

I received the netbook from my cousin with windows 7 already on here. I went to link directed and apparently its not a validated copy

http://i790.photobucket.com/albums/yy182/Xjmas/hmm2.jpg

In the same breath i went to properties and it says its genuine so i'm at a lost for words. If you still will not be able to help me that's alright thank you for your time ill just send in the notebook to be repaired.

http://i790.photobucket.com/albums/yy182/Xjmas/hmm.jpg

I really doubt that your copy of Windows 7 is valid.

Here is why we suspected this as soon as we saw the logs:
RiskWare.Tool.CK>>>this is a pirated activator for Windows 7,
HackTool.Wpakill>>>remove windows activation technologies>>>This it so the system can continue to be used without activation.
windows 7 ultimate keygen 1.0.exe>>>this is the product key generator for a pirated system.
These along with at least one error showing in your Event Viewer Messages From Past Week which indicates that your operating system was installed with an invalid (non-genuine) product key.

We cannot continue to offer assistance on a pirated system, that is illegal.

Edited by jholland1964: n/a

Votes + Comments
Not about the comment, just think you need to get off the high horse.
2

I'll still help you. I dont see any rules about helping victims of counterfeit fraud. For all I know it could be you intention to fix your copy so you can register a valid key.

No, you will not. If the OP's operating system is pirated, intentionally or unintentionally, there is nothing that Daniweb can do to help.
Read the rules closer.

Votes + Comments
to negate the negative.
Still cant find that rule
0

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/06/2011 9:06:25 PM
mbam-log-2011-06-11 (21-06-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 331804
Time elapsed: 1 hour(s), 47 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\.iso file\windows 7 activation (reccomended)\windows 7 activation (reccomended).exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra activation programs\remove windows activation technologies 2.2.6.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra activation programs\se7en activator v3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra activation programs\windows loader 1.9.5 (reccomended)\windows loader 1.9.5 (reccomended).exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra unique programs\remove windows genuine advantage notifications.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Xjmas\downloads\windows 7 home premium (32 bit)\extra unique programs\windows 7 ultimate keygen 1.0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

0

No, you will not. If the OP's operating system is pirated, intentionally or unintentionally, there is nothing that Daniweb can do to help.
Read the rules closer.

We already did, I believe you can mark this thread solved.

0

We already did, I believe you can mark this thread solved.

Since you are not the original poster that is not up to you to decide or request.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.