1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer keeps deleting certain .exe files

Discussion in 'Virus & Other Malware Removal' started by craig brian, Apr 23, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    OK FIRST THING you all need to know is i'm not computer noob, I designed a flash game when I was 14 all by myself besides watching videos that taught me about flash CS3 I have done a bit of scripting I learned how to put movies and videos on to Mp3 players and iPods when I was 14

    when I was 16 I learned how to put movie's on my PS3 and on to Xbox's


    I worked in a computer store for two weeks learned some stuff there not much mostly learned how to do an external scan

    but I know what msconfig is I know what the task manger is I know what explorer.exe is defragmentation, Deivce Manger, the BIOS, I know what hosts files are , hjackthis, I know how computers work I have been using them since I was in grade one and always was fond of them when I was in grade 6 I saved some computers in our class because this bad virus was launched on that day and it infected a few of the school computers but I fixed ut by updating the virus security

    I'm grade 9 I brought a CD to school with Ubuntu on it and I loaded the school computers up on it and deleted Deep Freeze so I could install things

    I have blue screened almost every computer in this house except the Windows 7 64bit I even have a program called Bluescreen view that tells me whats wrong and why it blue screened

    I know what torrents are so please don't hold back with helping me with tihs I ahve gone over and over this agani and again I have Googled all the programs that are running in the task manager



    but anyway lets get on with this

    I formatted my moms harddrive last month and re-installed windows because Windows Update wouldn't work and drivers were missing and failing

    she has a Gateway NV58 Notebook with Windows Vista Home Premium 64 bit


    I installed League of Legends on 04-09-2012, at 3:00 PM

    I played it for about an hour or two then left the computer on.
    I went on it about 4 hours later. and it said the shortcut is missing. I located were it is installed and it was gone.

    now this has happened before with programs I have installed, like Skype, YourTube Downloader, iTunes, Flash Decompiler
    but Skype isn't missing.


    so whats causing it. IT CAN'T be virus security because I have Windows Defender disabled and I don't ave virus security i'm going to put some on here now. I know lots about computer I know all about the program DeepFreeze and it is NOT on this computer

    I don't visit any bad sites I don't even use facebook and the only things I have installed in the last month are


    I formatted her hardrrive a REINSTALLED Windows on her COMPUTER AGAIN!!!! about a week ago and this is STILL happening

    about two hours after repairing it and once again it deleted it

    the file it deleted is called "lol.launcher.exe" but it didn't delete "lol.launcher.admin.exe"


    SpeedFan (29/03/2012)
    SimpleOCR 3.1 (29/03/2012)
    Gimp 2.6.11 (29/03/2012)
    VLC player 2.0.1 (30/03/2012)
    Microsoft Visual C++ 2008 Redistributable - 86x 9.0.30729.17 ( 02/04/2012)
    Hi-Rez studios Authenticate and Update Service (02/04/2012)
    Team Viewer 7 (3/04/2012)
    iTunes (3/04/2012)
    HyperCam2 (3/04/2012)
    Bonjour (3/04/2012)
    BlueSoleil 6.2.277.11 (3/04/2012)
    Apple Software update (3/04/2012)
    Apple Mobile Device Support (3/04/2012)
    Adobe CS5.1 Trial (3/04/2012)
    Adobe Air (3/04/2012)
    Xfire (4/04/2012)
    Adobe Media Player (4/04/2012)
    Adobe Flash CS5 Trial (4/04/2012)
    Adobe Flash Player 10 plugin (4/04/2012)
    Adobe Flash Player 10 ActiveX (4/04/2012)
    Skype 5.8 (7/04/2012)
    Pando Media Booster (7/04/2012)
    Microsoft Silverlight (7/04/2012)
    Free MP3 Recorder 1.0 (7/04/2012)
    Nexon Game Manager (8/04/2012)
    Combat Arms (8/04/2012)
    League of Legends (9/04/2012)


    here's a log file of me scanning with HijackThis this


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:07:06 AM, on 23/04/2012
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18639)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\GATEWAY\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\GATEWAY\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&s=2&o=vp64&d=0412&m=nv58_series
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&s=2&o=vp64&d=0412&m=nv58_series
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: (no name) - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - (no file)
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
    O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [AVG] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Google Update] "C:\Users\GATEWAY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerSvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11965 bytes


    going over this again this Hjackthis log MORE FILES HAVE BEEN deleted. which is probably why my webcam is not working right. I even went in to the backup "Winsys"of the computer and restored some of them like Windoes Media player\wmpnetwk.exe I rememberer fixing that one a week ago its been deleted it again

    After I installed virus security this happened


    OK!!!!!! this is VERY bad I found the source of the problem I must have manged to get a virus because after I installed my virus secuirty and restarted the computer which hasnt been restarted in about a day or two this popped up

    I took a picture with my camera

    but I had to go into safe mode to make the computer to be able to boot because it just kept logging off and not even let me see my desktop.

    I have read online with this issue and it says that a virus or an instillation of virus security can do this

    after I restarted it agian it loaded windows and I tried to uninstall my virus security but it wouldn't even even open the control panel

    but it seems SOMETHING changed my product key. so now I have to change it back

    I ether will do it manually or once again............. re install windows. man this sucks



    I am no computer beginner I made a flash game when I was 14 years old and I worked in a computer shop I KNOW HOW to fix this...

    but what caused this?

    it has to be a JavaScript leak because the Windows activation.vbs file seems to have been modified.

    I have gone threw the download history only pictures that my friends have sent me. and the list of programs that I showed you on my very first post.


    or it was a hacker. there has been no virus security on this computer for over a month. but that seems a bit far fetched since we have TWO internet providers and our internet is broadcasting wireless RADIO WAVES across the lake it has its own server.

    OK I HAVE FOUND the problem
    after I formatted the hard-drive and reinstalled windows I installed Avast and ALL TIHS HAPPENED again.


    AFTER ALL that and it was Avast.

    after I uninstalled avast and rebooted the computer everything started working again.
    I don't understand tho I have Avast installed on three other computers, my mom's computer my laptop when I had one, my ex girlfriend computer and her mom's computer had it installed and this never happened?

    only on this Gateway NV58 with Windows Vista 64bit

    I will be installing a different anti virus. I no longer can trust avast on this computer. and I LOVE avast.

    oh well.

    all I can say is that files better not start deleting again even after I have antivirus installed.





    so after all that I thought it was over I installed AVG 2012 Internet Security full version it updates everyday I cheek the virus vault and it hasn't deleted ANY .exe files but something on the computer is I have also ran certain programs in DEP because I have had files that would crash and this would fix it

    so what I think it is that something by Microsoft like a security program on Windows Vista is doing this I have two other computes in this house and none of them have done this ones a Windows 7 64bit and the others Windows XP Media Center Edition IT ANT be a virus? I have all ready formatted the harddrive TWO time,s and reinstalled windows, it can't be a worm because we have three firewalls and none of the other computers are missing files


    im going to run Combofix and Smitfraud and see what happens



    After running ComboFix computer restarted on it's own and this notification popped up after I saved and closed the log file:
    C:\Windows\System32\GfxUI.exe
    A device attached to the system is not functioning.

    HERE's a combo fix log




    ComboFix 12-04-22.02 - GATEWAY 23/04/2012 1:59.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4024.2395 [GMT -7:00]
    Running from: c:\users\GATEWAY\Downloads\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\Temp\log.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-23 09:07 . 2012-04-23 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-22 10:48 . 2012-04-22 10:48 -------- d-----w- c:\programdata\SweetIM
    2012-04-22 10:48 . 2012-04-22 10:48 -------- d-----w- c:\program files (x86)\SweetIM
    2012-04-22 10:46 . 2012-04-22 10:46 -------- d-----w- c:\program files (x86)\1ClickDownload
    2012-04-22 10:42 . 2012-04-22 10:44 -------- d-----w- c:\programdata\WinZip
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-04-21 23:51 . 2012-04-21 23:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-04-21 23:50 . 2012-04-21 23:51 -------- d-----w- c:\program files (x86)\QuickTime
    2012-04-21 23:50 . 2012-04-21 23:58 -------- d-----w- c:\programdata\Apple Computer
    2012-04-21 23:48 . 2012-04-21 23:48 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-04-21 23:48 . 2012-04-21 23:48 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-04-21 23:48 . 2012-04-21 23:48 -------- d-----w- c:\programdata\Apple
    2012-04-21 23:26 . 2012-04-21 23:26 -------- d-----w- c:\program files (x86)\Yontoo
    2012-04-21 23:26 . 2012-04-21 23:26 -------- d-----w- c:\programdata\Tarma Installer
    2012-04-21 23:26 . 2012-04-22 10:38 -------- d-----w- c:\program files (x86)\uTorrent
    2012-04-21 22:08 . 2012-04-22 00:42 -------- d-----w- c:\program files (x86)\Common Files\Spigot
    2012-04-21 22:08 . 2012-04-21 22:08 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
    2012-04-21 22:08 . 2012-04-23 09:01 -------- d-----w- c:\program files (x86)\YTD YouTube Downloader & Converter
    2012-04-20 07:34 . 1994-09-20 21:00 12800 ----a-w- c:\windows\SysWow64\WING32.DLL
    2012-04-20 07:34 . 2012-04-20 07:34 -------- d-----w- C:\KA
    2012-04-20 07:34 . 1997-05-13 00:53 314368 ----a-w- c:\windows\IsUninst.exe
    2012-04-20 07:30 . 2012-04-20 07:30 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-04-20 07:29 . 2012-04-20 07:29 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
    2012-04-20 07:29 . 2012-04-22 07:14 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2012-04-20 07:29 . 2012-04-20 07:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
    2012-04-20 00:44 . 2012-04-20 00:44 -------- d-----w- c:\windows\system32\Macromed
    2012-04-20 00:44 . 2012-04-20 00:44 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 10:21 . 2012-04-20 03:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-19 10:17 . 2012-04-19 10:17 -------- d-----w- c:\program files\Adblock Pro
    2012-04-18 08:12 . 2012-04-18 08:12 -------- d-----w- c:\programdata\AutoUpdate
    2012-04-18 08:12 . 2012-04-18 08:12 -------- d-----w- c:\program files (x86)\Eltima Software
    2012-04-18 08:07 . 2012-04-18 08:07 -------- d-----w- c:\program files\MotioninJoy
    2012-04-18 08:07 . 2010-05-03 23:12 328712 ----a-w- c:\windows\system32\MijFrc.dll
    2012-04-18 06:32 . 2012-04-18 06:32 -------- d-----w- c:\windows\system32\drivers\etc\adobe hosts
    2012-04-18 06:21 . 2009-11-08 17:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2012-04-18 06:21 . 2009-11-08 17:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2012-04-18 06:21 . 2009-11-08 17:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2012-04-18 06:21 . 2009-11-08 17:55 444752 ----a-w- c:\windows\system32\mscoree.dll
    2012-04-18 06:21 . 2009-11-08 17:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2012-04-18 06:21 . 2009-11-08 17:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2012-04-18 06:21 . 2009-11-08 17:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2012-04-18 06:21 . 2009-11-08 17:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2012-04-18 06:21 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2012-04-18 06:21 . 2009-11-08 17:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2012-04-18 04:55 . 2012-04-18 04:55 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2012-04-18 04:55 . 2012-04-18 04:55 -------- d-----w- c:\windows\Sun
    2012-04-18 04:54 . 2012-04-18 04:54 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-18 04:53 . 2012-04-18 04:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-18 04:53 . 2012-04-18 04:53 -------- d-----w- c:\program files (x86)\Java
    2012-04-17 14:59 . 2012-04-20 03:38 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-04-17 14:38 . 2012-04-20 03:16 -------- d-----w- c:\program files\Common Files\Adobe
    2012-04-17 14:38 . 2012-04-17 14:38 -------- d-----w- c:\program files (x86)\Adobe Media Player
    2012-04-17 14:36 . 2012-04-20 03:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-04-17 14:29 . 2012-04-17 14:29 -------- d-----w- c:\windows\system32\drivers\etc\backup
    2012-04-16 04:13 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
    2012-04-16 04:12 . 2007-04-05 01:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll
    2012-04-16 02:25 . 2008-06-20 01:16 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
    2012-04-16 02:25 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
    2012-04-16 02:25 . 2008-06-20 01:16 11264 ----a-w- c:\windows\system32\icardres.dll
    2012-04-16 02:25 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
    2012-04-16 02:25 . 2008-06-20 01:17 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2012-04-16 02:25 . 2008-06-20 01:16 167432 ----a-w- c:\windows\system32\infocardapi.dll
    2012-04-16 02:25 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
    2012-04-16 02:25 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2012-04-16 02:25 . 2008-06-20 01:16 1383936 ----a-w- c:\windows\system32\icardagt.exe
    2012-04-16 02:25 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
    2012-04-16 02:25 . 2008-06-20 01:17 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2012-04-16 02:25 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2012-04-16 02:12 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
    2012-04-16 02:12 . 2008-07-27 18:01 158208 ----a-w- c:\windows\system32\mscorier.dll
    2012-04-16 02:12 . 2008-07-27 18:01 76288 ----a-w- c:\windows\system32\mscories.dll
    2012-04-16 02:12 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
    2012-04-16 01:58 . 2009-10-09 21:36 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
    2012-04-16 01:47 . 2012-04-16 04:11 -------- d--h--w- c:\windows\msdownld.tmp
    2012-04-14 20:27 . 2011-09-16 23:05 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
    2012-04-14 20:27 . 2012-04-14 20:28 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
    2012-04-14 20:27 . 2011-08-22 23:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
    2012-04-14 20:27 . 2012-04-14 20:32 -------- d-----w- c:\programdata\AVS4YOU
    2012-04-14 20:27 . 2012-04-14 20:28 -------- d-----w- c:\program files (x86)\AVS4YOU
    2012-04-14 10:07 . 2012-04-14 10:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-04-13 16:39 . 2012-04-13 16:39 -------- d-----w- c:\program files (x86)\NirSoft
    2012-04-13 09:57 . 2012-04-13 09:57 -------- d-----w- c:\programdata\Ask
    2012-04-13 07:27 . 2012-04-13 07:27 -------- d-----w- c:\program files (x86)\ooVoo
    2012-04-13 03:41 . 2012-04-13 16:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-04-13 03:41 . 2012-04-13 04:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-04-13 01:15 . 2012-04-13 01:15 -------- d-----w- c:\programdata\Nexon
    2012-04-12 11:19 . 2012-04-19 10:10 -------- d-----w- c:\program files (x86)\Ultrasurf
    2012-04-12 10:54 . 2012-04-20 07:30 -------- d-----w- c:\users\Public\CyberLink
    2012-04-12 10:53 . 2012-04-12 10:53 -------- d---a-w- c:\program files (x86)\dolphin-2.0.win32
    2012-04-12 06:01 . 2009-07-14 18:31 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-04-12 06:01 . 2009-07-14 18:18 654928 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-04-12 06:01 . 2009-07-14 18:18 42064 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-04-12 05:58 . 2011-11-11 01:32 115272 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2012-04-12 05:58 . 2010-08-20 02:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2012-04-12 05:58 . 2010-08-20 02:24 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-04-12 04:25 . 2008-07-31 17:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
    2012-04-12 04:25 . 2008-07-31 17:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
    2012-04-12 04:25 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
    2012-04-12 04:25 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
    2012-04-12 04:25 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2012-04-12 04:16 . 2012-04-12 04:16 -------- d-----w- C:\Riot Games
    2012-04-12 04:04 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
    2012-04-12 04:04 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
    2012-04-12 04:04 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
    2012-04-12 04:04 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
    2012-04-12 04:04 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
    2012-04-12 04:02 . 2010-04-14 18:33 101376 ----a-w- c:\windows\system32\MSNP.ax
    2012-04-12 04:02 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
    2012-04-12 04:02 . 2010-04-14 18:35 375808 ----a-w- c:\windows\system32\psisdecd.dll
    2012-04-12 04:02 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-04-12 04:02 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2012-04-12 04:02 . 2010-04-14 18:35 289792 ----a-w- c:\windows\system32\psisrndr.ax
    2012-04-12 03:07 . 2012-04-12 03:07 -------- d-----w- c:\program files (x86)\Sol Edit
    2012-04-12 02:22 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2012-04-12 02:22 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
    2012-04-12 02:22 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
    2012-04-12 02:22 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
    2012-04-12 02:22 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-04-12 01:47 . 2009-11-03 22:42 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
    2012-04-12 01:28 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-22 10:34 . 2012-02-22 10:34 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
    2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-04-12 07:22 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2012-02-19 21:46 1337648 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-12 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-02-19 866824]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-12 982880]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
    "Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58abe96c-8a99-11e1-9a89-001f169b632d}]
    \shell\AutoRun\command - f:\support\autorun\autorun.exe
    \shell\help\command - winhelp kg98.hlp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 03:37]
    .
    2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1901032071-31100457-1324806887-1000Core.job
    - c:\users\GATEWAY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 05:09]
    .
    2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1901032071-31100457-1324806887-1000UA.job
    - c:\users\GATEWAY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 05:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2008-11-06 492600]
    "Acer ePower Management"="c:\program files\Gateway\Gateway PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-07 437280]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
    "adblock pro"="c:\program files\Adblock Pro\abpmain.exe" [2010-06-30 602112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://home.sweetim.com
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = local
    IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 64.114.86.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\GATEWAY\AppData\Roaming\Mozilla\Firefox\Profiles\0qo1mwzy.default\
    FF - prefs.js: browser.search.selectedEngine - SweetIM Search
    FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bdb09d4f6-a775-468d-98fa-9b6102ed31e3%7D&mid=1ea5b1dab5a347d0b465d156507f8ade-bfd3de42040c21aeb6b508187ba0dd48f6bf07ed&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-04-11%2016%3A03%3A48&sap=ku&q=
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    FF - Ext: Yontoo: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
    FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.2.0.3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: extentions.y2layers.installId - 57085eaa-8c4d-45b0-8d2d-dfacb62bce89
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Notify-igfxcui - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-PLFSetI - c:\program files (x86)\PLFSetI.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AVG\AVG2012\avgfws.exe
    c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
    c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    c:\users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\GATEWAY\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-23 02:19:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-23 09:19
    .
    Pre-Run: 206,790,619,136 bytes free
    Post-Run: 207,532,257,280 bytes free
    .
    - - End Of File - - E75459618AE9515DEA598F6E6A542FEA





    and heres a list of the SmitfraudFix



    SmitFraudFix v2.424

    Scan done at 2:50:43.95, 23/04/2012
    Run from C:\Users\GATEWAY\Downloads\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerEvent.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GATEWAY


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GATEWAY\AppData\Local\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GATEWAY\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\GATEWAY\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, following keys are not inevitably infected!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "RequireSignedAppInit_DLLs"=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""




    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) WiFi Link 5100 AGN
    DNS Server Search Order: 64.114.86.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3737B8BC-79A9-4675-8134-36166EC51DB9}: DhcpNameServer=64.114.86.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3737B8BC-79A9-4675-8134-36166EC51DB9}: DhcpNameServer=64.114.86.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.114.86.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.114.86.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     

    Attached Files:

  2. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
  3. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
  4. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    I ran Combofix on
    -------- 2012-04-23 - 01:56:50 -------------


    -------- 2012-04-25 - 00:06:16 -------------

    and the second time I ran it, It found userinit.exe is infected

    I have attached the screenshot and the log below
     

    Attached Files:

  5. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    BUMP, somebody please help me
     
  6. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    Now the Intel(R) 4 Series Chipset Graphics Card is malfunctioning

    videos aren't loading and I KNOW ITS NOT the codecs

    I have tried un-installing it and reinstalling it twice now. the computer is fully updated.

    and it was working fine about a week ago.


    This is becoming a VERY big pain.
     
  7. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    I posted this on April 23, 2012

    474 PEOPLE have viewed it but none of admins have answered it.
     
  8. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    AM I REALLY the only one having these problems?

    After running Combofix a second time it seem the computer is acting normal but I want to make sure this posts stays open for other people that might have this happen to them.
     
  9. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    OK this is STILL HAPPENING!!!! and I don't have AVG installed any more I have "Microsoft Security Essentials"

    I dont understand, I reformatted the computer AGAIN!!! and it still is happening

    Why does it do this? I'm no noob I know how computers work. but I cant figure out what's causing this
    I started to think it was the DEP "Data Execution Prevention" in the computer but I ruled that out.

    and NO ONE IS helping me with this.


    NOTE: one thing I notice is that it seems only the NEW programs I install the EXE files get deleted. but IF I reinstall or repair it the file doesn't get deleted again

    but its only certain files. like files that are APPROVED my Microsoft don't get deleted.
     

    Attached Files:

  10. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
  11. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
  12. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    OK NOW a program I use EVERYDAY WAS DELETED. After I shut of the Gateway NV58 Laptop when I booted it four hours later Google Chrome was gone

    chrome.exe was deleted I checked the virus vault I even used a restoration program to find it and it didn't appear.

    SOMETHING on this computer is deleting certain.exe files.

    Someone please help, I need some imput
     
  13. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    B . U. M. P
     
  14. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
  15. craig brian

    craig brian Thread Starter

    Joined:
    Feb 12, 2008
    Messages:
    29
    B . U . M . P
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1050455