Posts by gerbil

Else you can just put an image of your first Windows 7 onto that second partition [it will be keyed and activated, so no worries there], from your original W7 delete the W7 image's HKLM\System\Mounted Devices key (load/unload its system hive to do that), reconfigure the boot manager of your original W7 installation (via msconfig) to allow booting of either installation. Boot to the image and then upgrade it.
No need to set the second partition active. You cannot have both W7s running at once. And no concerns re licensing.
That may sound complicated, but it takes around 20mins, not including the upgrade bit.

Umphh... have you tried some softwares like, say, License Crawler? That one in particular searches through your registry for likely password hashes. It takes a while, and presents a list you have to glance through, but it does find stuff.
http://www.klinzmann.name/licensecrawler.htm
-pull it from Dropbox.

You likely have a redirector running. Kick off with Malwarebytes...
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Are you sure you want opengl.dll? Use opengl32.dll. Anyway, bot are available from dll-files.com. Download the zip archive, unzip it and copy the dll into system32. Then run:
regsvr32 opengl32.dll from Start> Run box or from a cmd prompt.

Rclicking the tray icon should get you the options:
-Click Auto- Protect > Turn Off
-Click Personal Firewall > Turn Off

FF should only use about 80MB if no sites loaded? Check it in Task Man. What addons are running?

No error in your Windows - that is how cmd works. It remembers the last path in any drive. If from c: you enter e: you are not giving it any real directory to go to, so if you have not previously [in this cmd session] been to the e: drive then you will get e:\ ie e: root. If you then cd to e:\folder, then enter c: you will go back to the path you last used in c: [the default start directory is c:\Docs n Setts\You]. Entering e: again will take you back to e:\folder. e: is not a particular path instruction, it simply changes the drive to the last path used there.
It's how it is. And to jump to a deeper path in a new drive you must use /d parameter. So from c: you would enter cd /d d:\"other folder"
And cd \ takes you to the root of the drive you are in. If you are in c:\folderofstuff, entering cd \ is the same as entering cd c:\ It's what you would expect.
With markdown, pay attention to what you are typing.... you don't always get what you expect. To get c:\ to print you must type c:\\ ; typing c:\ will just get you c:. But if there is a space beeween the c: and the \ then you get your c: \ as you type it.
Sheesh.
Really. Sheesh.

I see. Try Safe Mode. While in there use Disk Management to see that all partitions are healthy. Hijackthis will run from there. Because we are pretty much in the dark with the problem, it would not hurt to schedule a chkdsk run also. From a cmd console [go Start, and Run: cmd] enter: chkdsk C: /f -it will run upon reboot.
And if you have the installation cd then running from that cmd window..
sfc /scannow -would not hurt, either. Just to check your windows files are up to scratch; errors do creep in in any system.

Joan, I put in a Whoops! post, or at least I thought I did... it aint showing.
The folder of interest is Docs n Setts\You\Start Menu\Programs\Startup. Any entry in there will start with the system, same for any in the corresponding All Users sub-folder.
All moot now, though. Information only, if you have deleted IE8 it's hardly likely to start.
Spybot: "Now I'm worried Spybot will harm this machine win7." It won't harm it, that's up to how you use it.
Your machine is now an MSI machine, ACER has been demoted to a tag on the case and probably an OEM product key for your installation. That is important...likely being OEM, your licence is restricted to that machine, but after a year limited numbers of parts can be exchanged at any one time without interfering with activation.
MSI's AMI/Award BIOS: the Quickboot option on Advanced BIOS Features page will only bypass some memory testing functions, and perhaps reduce information display times. If you select Full Screen Logo display the same procedures run but are hidden. F10 for Save option.
As I wrote before, your Browser Manager is starting from a fraught and unsafe place, the AppInit_DLLS reg key. It could well be the cause of your startup problems [the black screen is a Windows loading failure]. Putting it probably too simply, that loading point ensures that brwmngr.dll's code is injected into Microsoft's user32.dll, and hence into many of the processes that use user32.dll …

This...http://support.apple.com/kb/TS2372?viewlocale=en_US... didn't help?

Hello, Joan.
"However I deleted it (IE8) from "all programs" and now it's not appearing on start up"
-that's a bit heavy-handed, the problem will lie with something that is calling it, or some entry that is starting it. In XP in the Docs n Setts\You folder there is a folder called Start Menu, may be an entry there, but I don't know why anything would put one there. That is what caper is referring to.
This Browser Manager you have... it's starting from a very weird place, AppInit_DLLS. That key is usually the preserve of kernel stuff and antivirus. What is Browser Manager, what does it do?
I'd put IE8 back if it's still in your Recycle Bin. You could try restarting Hijackthis, scanning and putting a checkmark against:
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\22580~1.182{16cdf~1\brwmngr.dll
...and pressing Fix Checked.
Then restart.
I would not use Sybot myself.. you have good coverage with MBAM [the best antispyware tool] and Defender.
You run your compy as an Administrator, don't you? Otherwise that Appinit_DLLS entry would not have been made. Maybe you installed something, and that item piggy-backed in.

Get Procmon from Technet.

Heck, go skiing or something, Dani.
I wasn't complaining, it was a thank-you. What was important was that even with space detection the post went through.

Battery out, leave compartment open. Submerge the phone in fresh water, swish it about to rinse the chlorine/urine out of it. Shake dry, use rice as pointed out by jtodd, with some sun on it for heat. When you think it is quite dry, give it another day or two. Seriously. Some chips lie so close to the boards that it is very difficult to remove the water/moisture from under them; it will insidiously attack the pins, tracks and solders via electrolysis. Coatings aren't over everything.
Get togs without a pocket. What do you need to carry?
Why do I feel the need to point out that it should not be cooked rice? :)

Oh, you nice people, the curlies range free again. And on wide open spaces, too. ;)

This is better [for me and a few others]. I hope coders obey the new regimen. I put 4 spaces in the top line to check... there is detection, but the post gets through. Good slogan, that.

It's Hippygeek from now on.

Hello, Nigel. If you can only run logs/scans in Safe Mode then fine, but it is important to run them in Normal Mode if it is possible. Some malware does not load in Safe Mode, and can be hidden.
For this, disable your Spybot Teatimer service. [SpybotSD TeaTimer]
Start Hijackthis [in Safe Mode], and scan again, place checkmarks against the following entries if they exist, and press Fix Checked.

R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU..\Run: [JmPLtYueNQUfDI.exe] C:\ProgramData\JmPLtYueNQUfDI.exe
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

Now delete these two files:
C:\ProgramData\8e0lRvn4.exe
C:\ProgramData\JmPLtYueNQUfDI.exe

Good, now scan again in Normal Mode, say how things are.
A small point: I would remove Adaware.. it's not the leader it once was.

RPC Locator service isn't used in Vista or later OSes, it can be set to Manual, Stopped. It only exists so that applications calling it won't throw errors, hence should not be set to Disabled.
RPC service should be Automatic.

Winblows defragger is WORTHLESS
the one and only REAL DEFRAG that gives your PC new life
Does PerfectDisk still use the Windows Defrag API?

Happygeek: "I should add that I used to have a pair of purple Doc Martens boots, with hand-painted yellow and white daisies on them."
Nope. Wrong word. should -> will.
"should" cannot be used in a statement like that. Definitely not. Ever. It means you thought we needed to know it.
We surely did not.
;)
I wanted to make a grimace, but that unleashed the code detection monster.

What hardware have you got connected? Try going with just the simplest arrangement, eg. keyboard only, no mouse. No USB hardware, use PS2 keyboard if available, maybe a PS2 mouse.
I'm not sure, but I think Esc was for Recovery options like Safe Mode, Normal Mode, Last Config...

If you learnt a few things by applying a little effort you could easily succeed at getting access to FB, and at the same time possibly fail miserably at what is somewhat more important - your studies, if you could not guess.
Children these days are so frightened of not being noticed; in their pursuit of attention they mistake it for worthiness.

Rabbe, you are keeping me off-balance. You ran TDSSKiller and the Kaspersky scanner but without posting any result. I cannot do this if i must guess at causative agents. And to see the log from your second Combofix run would be helpful.

Rabbe, I do not see anywhere your Prevx or OTL logs.
Posted for Rabbe is his first Combofix run log:
ComboFix 12-07-02.01 - A Boze 07/04/2012 0:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1566 [GMT -4:00]
Running from: c:\documents and settings\A Boze\Desktop\MALICIOUS URL BLOCKED PROBLEM\5 ComboFix\ComboFix.exe
AV: avast! Antivirus Disabled/Updated (7591DB91-41F0-48A3-B128-1A293FD8233D)
AV: AVG Internet Security 2012 Enabled/Updated (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: AVG Internet Security 2012 Enabled (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: Norton Internet Worm Protection Disabled (990F9400-4CEE-43EA-A83A-D013ADD8EA6E)
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\A Boze\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\38eb74076793c35a.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\40b315e2261dd09b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f547ab491e914407.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 03:38 . 2012-07-04 03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-03 23:43 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2012-07-03 23:42 . 2004-08-04 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2012-07-03 23:41 . 2004-08-04 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2012-07-03 23:38 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-07-03 23:38 . 2004-08-04 …

"The detection algorithm presently looks for four spaces, a tab, or curly braces anywhere in the post."
And so you trap any reference to a CLSID....

Re the TM process lists, Rabbe, all are valid process names which accord with the software you have installed. I must say thata you have quite a lot of user softwares running... KAS n Prevx should not be necessary.
The Prevx and OTL logs would be handy.

Ri-ight, don't delete that c:\1081a87273cf5e78fa folder .... seems a strange place for them.
We'll get rid of that DefaultTab folder soon, or you could delete it yourself from Safe Mode. Please do these things, I need to see what is running:
==Post the Prevx/Webroot scan log.
==Run OTL and post the two logs; I shall repeat the instructions:
-Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.
- Double click on the icon to start the application.
- Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
- Press Run Scan.
The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

Hello, Rabbe. Weekends.
Your AswMBR scan is normal, clean (the locked file is from your Webroot scanner). You can delete the log.
You can delete those 3 things I told you to.
I'll run through the Startup items in MSCONFIG for you:
\msconfig\startupreg\HPDJ Taskbar Utility] - c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe : HP deskjet taskbar utility.
\msconfig\startupreg\IntelliPoint] - c:\program files\Microsoft IntelliPoint\point32.exe : your mouse driver.
\msconfig\startupreg\MSMSGS] - c:\program files\Messenger\msmsgs.exe : Windows MSN Messenger service.
\msconfig\startupreg\ShowWnd] - c:\windows\ShowWnd.exe : your Microsoft? keyboard driver.
\msconfig\startupreg\Skype] - c:\program files\Skype\Phone\Skype.exe : you can uninstall Skype temporarily until you resolve your situation.
\msconfig\startupreg\SunKistEM] - c:\program files\Digital Media Reader\shwiconEM.exe : eMachine USB configuration optioner.
If you do not use Messenger, then you can do these things to stop it, instead of using MSCONFIG:
- in Messenger/Tools/Options uncheck "Run this program when Windows starts" on the Preferences tab.
- in Outlook Express, Tools/Options/General tab uncheck the option to automatically log on. Under the View/Layout tab uncheck the option to display Contacts.
- go Start> Control Panel > Add/Remove Programs > Add/Remove windows components and uncheck Messenger.
Frankly, none of those items should be causing you problems.
And Services (some names could be ambiguous, but I'll relate them to your softwares as best I can):
\msconfig\services]:
"Symantec Core LC"=2 (0x2) : Symantec
"MBackMonitor"=3 (0x3) : McAfee
"LiveUpdate Notice Service"=2 (0x2) : Symantec
"LiveUpdate"=3 (0x3) : Cannot tell.
"CryptSvc"=3 (0x3) : Microsoft …

Ah, a tab or 4+ spaces. Now I understand why a couple of members no longer post. If you have set "speeches" on particular topics/advices and edit them from time to time it is highly likely that spaces [those hard-to-see lil widgets] will concatenate. Bam. Code detection. Tabs and space strings are so useful for formatting text. It's war, texters vs coders.
And using your advice, Deceptikon, and dragging out 2 groups of untoward spaces in the post above I can post it normally. They hide.... but not from Ctrl-A.
They'll be back with cloaking one day.

I don't see code here, why is it being detected as such? Here is the post, all in a code box:

There are a few things to tidy up, but first, some advice: there are a lot of items under MSCONFIG Startup and Services which have been disallowed (prevented from starting) - MSCONFIG is fine to use for debugging/troubleshooting, but thereafter entries should not be left unchecked. The offending items/programs should be uninstalled or otherwise removed. If items are unchecked in MSCONFIG and an uninstallation is attempted then it will not complete -manual removal from registry is then required.
For example, if you no longer use Intellipoint mouse, the program should be uninstalled, but only after rechecking the startup item in MSCONFIG. If you do use it, then your mouse will be running on default windows mouse software with attendant reduced properties/capabilities. But before you deal with MSCONFIG do these things in order:
I don't know what this is... something to so with Avast? If not known, delete C:\1081a87273cf5e78fa
Delete these two:
c:\program files\DefaultTab
c:\documents and settings\A Boze\Application Data\DefaultTab

Now to MSCONFIG. You should recheck all those startup items, I doubt if they are causing problems.
Same goes for Services. There are several entries for Symantec, entries for Mcafee, Acronis, some services you do need, and even a couple for the malware.
Once again, I suggest you enable them all, and then....          

Remove this service:
DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [5/18/2012 5:00 AM 563200]
==Go Start, run, type services.msc   -and press Enter. Maximise …

I'm also caught with the dreaded Code Snippet detection bug. So anyway:

There are a few things to tidy up, but first, some advice: there are a lot of items under MSCONFIG Startup and Services which have been disallowed (prevented from starting) - MSCONFIG is fine to use for debugging/troubleshooting, but thereafter entries should not be left unchecked. The offending items/programs should be uninstalled or otherwise removed. If items are unchecked in MSCONFIG and an uninstallation is attempted then it will not complete -manual removal from registry is then required.
For example, if you no longer use Intellipoint mouse, the program should be uninstalled, but only after rechecking the startup item in MSCONFIG. If you do use it, then your mouse will be running on default windows mouse software with attendant reduced properties/capabilities. But before you deal with MSCONFIG do these things in order:
I don't know what this is... something to so with Avast? If not known, delete C:\1081a87273cf5e78fa
Delete these two:
c:\program files\DefaultTab
c:\documents and settings\A Boze\Application Data\DefaultTab

Now to MSCONFIG. You should recheck all those startup items, I doubt if they are causing problems.
Same goes for Services. There are several entries for Symantec, entries for Mcafee, Acronis, some services you do need, and even a couple for the malware.
Once again, I suggest you enable them all, and then....          

Remove this service:
DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [5/18/2012 5:00 AM 563200]
==Go Start, run, type services.msc   -and press Enter. Maximise the window and at foot select Extended tab, scroll …

You could try using the Private Messages system [top of Daniweb window] to give me your logs [zip them if you will] and I will then post them in the body of this forum article for you.

And this is a pure shot in the dark, but run this scan:aswMBR.exe
aswMBR.exe
==Download aswMBR from http://www.bleepingcomputer.com/download/aswmbr/
Start it, press Scan [it will download virus definitions from Avast], wait the 3 or 4 minutes until it says Scan completed then press Save Log. Post that, please. Do NOT fix anything at this stage.
An MBR.dat file will appear on your desktop, it is a copy of your MBR. Do not delete it.

Ah. It's a nuisance to have to use it because it makes the post more difficult to read, but press the Code button above where you would type a response, use Ctrl-V to paste into the window and press Insert code Snippet, then Reply button as per usual.

Nope, no combofix attachment.. :(
Don't wory about that Teredo service in the attachment above :http://technet.microsoft.com/en-us/library/bb457011.aspx

UFD = USB FlashDrive.
Without a log from Combofix I cannot see what has happened. I can only guess as to your attack vector. Could you post your screenshots of the Avast ram message concerning a trojan?
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

• Double click on the icon to start the application.
• Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes
• Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Press Run Scan.
  The scan will take maybe 5 minutes; a notepad will present [saved to the place from where you ran OTL.exe] - please post.

Rabbie, please don't run Combofix again - I would like to see the report from the first one. If that sys is giving you problems transfer the log by UFD to another sys and post it.
As I put in the previous post, just remove that MSI ActiveX control. If you visit the site again to download a file it will give you a fresh one.

SEE?? “A possible future add-on if it would add value to this site? In my case, ...”
No mention of purple, Kraft or Cadbury.
Enemies of me line up over that side. No stone throwing.

Some tme ago the British chocolate manufacturer was bought by Kraft. Super sweet meets super bland. Anyway, Kraft being American and having too many corporate lawyers tried to copyright the Cadbury colour purple. They may have succeeded, I don't know, it wasn't the sort of news item you hung in for followup. Perhaps we will find out if Daniweb gets sued for infringement.
What am I saying here? Oh, yeah. Purple.

Well, I don't care at all about its positioning. Is that an opinion? If it is, showing indifference to it won't matter.
I as a rule don't read the related article suggestion, I've learnt that computers may pick words reliably but suck greatly at contextual relationship.
Of course I read the one above... the preamble is wordy, no punch at all, and the wee snippet of the post is insufficient to attract interest (in this case, and probably a lot of others). I doubt if a computer could pick the guts out of a post, running with the first line is likely to get you Hi, I'm new here, I have a Dell and a I have a problem.
Anyway, I did say I rarely glance at them, so I probably should not have an opinion about their content either.
No advice to offer at all, then.

THIS is the XP lnk file association fix download: http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip
Well caught [nothing would have died...]. Just extract the .reg file, rclick it and choose Merge.
Here is the parent page of the site, it's pretty handy, Knox is well respected. http://www.dougknox.com/xp/file_assoc.htm
As far as the Combofix log is concerned, zip it and attach it to a post. I have no idea why the code button does not work for you, it's a site bug that makes you even have to use it.
This... DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab is an ActiveX control; it's not working so you can remove it: got to Windows\downloaded program files folder, select it, rclick and choose Remove.

Thanks, Rabbie, for that info.
I see now that C:\BOOT\ (reflect.cfg) is a Macrium folder. That's fine, I just could not tell.
"Acronis, Paramount, Macrium and Easeus? That's a collection" I wasn't making any point there, really, except that i was thinking that any one of them should suffice as a keeper; no harm at all in playing with stuff, though. They're all good. I played with Easeus for a bit, and then kept MiniTools Partition Wizard (I'm not actually recommending it, just chatting).
I think this: DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab ... ie MSI LiveUpdate is what could be holding those 3 URLs in your trusted Zone? They are safe in themselves, I just think it is not a good habit to get into, trusting sites so that they bypass your normal net security checks.
Registry cleaners... examine closely the entries they suggest removing; some keys don't appear to have any data associated with them, but a software may check to see that the key exists.
c:\program files\GUT55.tmp - it seemed a strange place for a temp file, but i see now that it was asscociated with Google. They live by their own rules.
Stuff to do:
Go here... http://www.vistax64.com/tutorials/233243-default-file-type-associations-restore.html and get the lnk file associaton reg file, merge it. That should fix your dclick problem with icons.
QuickLaunch: I think that repairing the lnk file association will fix this, if not then navigate to this folder: C:\Users\YOU\AppData\Roaming\Microsoft\Internet …

Farbar would have picked that up for you (afd.sys missing) and helped you search for a copy on your sys. There should be a few of them.
Cheers.

Drives E:, F:, H: - what are they, USB flashdrive keys? Whatever, check them for Autorun.inf files. Those files possibly contain something like...
[AutoRun]
icon=LG.ico
...where LG.ico or similar is pointing to an icon file somewhere.
Just delete the Autorun.inf files.

Hello, Rabbie, some things for you to do.
GMER shows nothing, nor does MBAM.
DDS shows that you have two AV services, my advice would be to uninstall AVG - get and run the uninstaller tool from their website for complete removal.
Or if you so wish, do that procedure to Avast and keep AVG.
Next, go to the Norton site and get their removal tool for the product you had, and run it.
Next, go to the McAfee site and get their removal tool for the product you had, and run it.
I'd uninstall Adaware in preference to MBAM, the latter now is far better. As a browser protection, well, your AV service should provide that.
In IE options, I'd clear out all trusted zone entries, including the MSI ones. Trust no-one.
Acronis, Paramount, Macrium and Easeus? That's a collection.
Little Registry Cleaner. I doubt you could tell the difference after running it. IoBit.
What is in C:\BOOT?
What is c:\program files\GUT55.tmp?
Would you please get RogueKiller from http://majorgeeks.com/RogueKiller_d6983.html
-start it with a dclick and wait for the initial scan to complete. Press the report button, post the log that pops in notepad. Do not remove anything at this stage.

Struggling still? You might try running Farbar Network Service Scan from http://www.bleepingcomputer.com/download/farbar-service-scanner/
Start it, check Internet Service, and Scan. Post the log.
It's a portable tool, run it from a UFD key.

May i inquire as to why you don't wish to use TOR? Speed? In that case a paid VPN service will get you more.

Hey, look! There's a bar down there!
Sigh. In all my visits I had never used it... it barely slides into my conciousness.
But having just tried it, it looks handy for a quick visit to check responses.

If by information you mean data, the answer is maybe. Traffic is in hexadecimal byte form, there is a considerable amount of "heading" information in each packet (all set out for you), and the message or data is also identified and interpreted into ascii characters. Passwords, too.
You might read scraps of a webpage, or email text. Some pages/responses are encrypted... in that case you see gibberish.
Wireshark is easy to use, to make sense of what it provides you need knowledge of the various protocols used to transmit across the web. A lot of what you see is simply to do with the business of a transaction: requesting, acknowledging, handshaking, checking and re-establishing a presence. And the data? Well, unless you are doing as Jorge suggests (troubleshooting) you are left with snooping on a network if you have access to a server. Otherwise, and apart from general interest, content is easiest read in a browser or email client.

No, nothing bad there, false positives is all. Here:
http://www.sevenforums.com/tutorials/48123-user-folder-add-remove-navigation-pane.html

No problems there, Q8i. Looks like you are ready to release into the wild, again.
Your trojan chose one of many ways to hide in Windows while having an effect upon something seemigly unrelated, hence nothing showed in Chrome itself, but only in IE settings.
You might google searchscopes. Most of the corrections we made in that Fix file were simply orphaned entries in reg, a tidy-up.