# CPU usage crazy high all the time.



## lemon07r

I dont know why but my cpu usage is always around 50% on idle and 100% whenever im doing something even things that arent cpu intensive. Normally it idle arounds 0-4% and doesnt really go above 40% unless im doing something cpu intensive like gaming. Its driving me crazy I cant play any games with out freezing and crashing randomly now. I have a athlon II x3 445 (3.1ghz) 8gb ddr3 1333mhz ripjaws ram and a gigabyte ati hd 4850 1gb. I tried booting in safe mode and my cpu usage went back to normal, but when i booted regularly again the lag came bk. When I look at task manage the only process really using my up my cpu is system idle process so I cant seem to narrow down the source of this lag. Ive tried resetting default on bios but that didnt make a difference.

My hijackthis log


> Logfile of Trend Micro HijackThis v2.0.4
> Scan saved at 3:10:47 PM, on 04/08/2012
> Platform: Windows 7 SP1 (WinNT 6.00.3505)
> MSIE: Internet Explorer v9.00 (9.00.8112.16447)
> Boot mode: Normal
> 
> Running processes:
> C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
> C:\Users\Lamim\AppData\Local\Lexar Media\LxrAutorun.exe
> C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
> C:\Program Files (x86)\iTunes\iTunesHelper.exe
> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
> 
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
> R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmip1.dll
> R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
> R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll
> R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
> F2 - REG:system.ini: UserInit=userinit.exe
> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
> O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
> O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
> O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll
> O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
> O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
> O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmip1.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
> O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
> O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
> O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
> O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
> O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
> O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
> O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmip1.dll
> O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
> O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll
> O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
> O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
> O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
> O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
> O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
> O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
> O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
> O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
> O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
> O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
> O4 - HKLM\..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
> O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
> O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
> O4 - HKLM\..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
> O4 - HKCU\..\Run: [Google Update] "C:\Users\Lamim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
> O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
> O4 - HKCU\..\Run: [LxrAutorun] C:\Users\Lamim\AppData\Local\Lexar Media\LxrAutorun.exe
> O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
> O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
> O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
> O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
> O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
> O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
> O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
> O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
> O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
> O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
> O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
> O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
> O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
> O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
> O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
> O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
> O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
> O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
> O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
> O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
> O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AD97B1-D761-4E82-B244-51DB0960D8FB}: NameServer = 208.67.222.222,208.67.220.220
> O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
> O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
> O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
> O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
> O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
> O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
> O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
> O23 - Service: AMD FusionUtility Service - Advanced Micro Devices, Inc. - C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
> O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
> O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
> O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
> O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
> O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
> O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
> O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
> O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
> O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: Lexar Secure II (LxrSII1s) - Lexar Media, Inc. - C:\Windows\system32\LxrSII1s.exe
> O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
> O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NlsSrv32.exe
> O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
> O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
> O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
> O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
> O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe
> O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
> O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
> O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
> O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
> O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
> O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
> O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
> O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
> O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
> O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
> O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
> O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
> O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
> O23 - Service: PDF Printer Service for Windows 7 (Win7PDFPrinting) - Vivid Document Imaging Technologies - C:\Program Files\PDF Printer for Windows 7\Win7PDFPrinting.exe
> O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
> O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
> 
> --
> End of file - 17681 bytes



Thanks for any input!


----------



## johnb35

OK, I see lots of issues.

I need you to use hijacthis to run a special scan for me.

Open hijackthis, click on open misc tools section, click on Uninstall manager, click on save list.  Save it and then copy and paste the contents back here.


----------



## lemon07r

Here you go:


> 1ClickDownloader
> Adobe AIR
> Adobe AIR
> Adobe Community Help
> Adobe Community Help
> Adobe Download Assistant
> Adobe Download Assistant
> Adobe Flash Player 11 ActiveX
> Adobe Flash Player 11 Plugin
> Adobe Photoshop CS5.1
> Adobe Reader 9.5.1
> Advanced GIF Compressor 1.0
> Aimersoft DRM Media Converter(Build 1.5.0.0)
> Akamai NetSession Interface Service
> AMD Fusion Utility
> AMD System Monitor
> Apple Application Support
> Apple Software Update
> Ask Toolbar
> Atheros Driver Installation Program
> ATI Catalyst Registration
> Audacity 1.3.14 (Unicode)
> Avast License by ZeNiX [2012-03-14]
> AviSynth 2.5
> Battle vs. Chess
> BIOS Code Unlocked Technology
> BitTorrent
> BitTorrentBar Toolbar
> Black & White® 2
> Black & White® 2 Battle of the Gods
> Bloodline Champions
> Bloodline Champions
> BurnAware Free 4.2
> Cain & Abel v4.9.43
> calibre
> Catalyst Control Center - Branding
> Cheat Engine 6.1
> Command & Conquer Generals
> Command and ConquerTM Generals Zero Hour
> Conduit Engine
> D3DX10
> Diablo III
> Diablo III Beta
> DivX Setup
> Dota 2
> DragonNest
> Elite Launcher
> Fable III
> Feedback Tool
> Feedback Tool
> FLAC 1.2.1b (remove only)
> Flash Packager 2.1
> Fraps (remove only)
> Free Download Manager 3.0
> Free Hide IP
> Futuremark SystemInfo
> Google Earth
> Google SketchUp 8
> Google Toolbar for Internet Explorer
> Google Toolbar for Internet Explorer
> Google Update Helper
> Haali Media Splitter
> Hero Fighter
> HiJackThis
> Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
> Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
> Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
> Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
> Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)
> Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
> iFunbox (v1.98.948.666), iFunbox DevTeam
> IIS 7.5 Express
> ImgBurn
> Inno Setup QuickStart Pack version 5.4.0
> InnoIDE 1.0.0.67
> IrfanView (remove only)
> ISTool 5.3.0.1
> Java(TM) 6 Update 33
> Junk Mail filter update
> LADSPA_plugins-win-0.4.15
> LAME v3.98.3 for Audacity
> LCP 5.04
> League of Legends
> Left 4 Dead 2
> Live Update 5
> Liveupdate4
> LOCO v1.3
> LogMeIn Hamachi
> LogMeIn Hamachi
> MagicDisc 2.7.106
> Mega Manager
> Microsoft ASP.NET MVC 2
> Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
> Microsoft ASP.NET MVC 3
> Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools
> Microsoft ASP.NET Web Pages
> Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
> Microsoft F# Runtime for Silverlight 4
> Microsoft Games for Windows - LIVE Redistributable
> Microsoft Games for Windows Marketplace
> Microsoft Reader
> Microsoft Silverlight 3 SDK
> Microsoft Silverlight 4 SDK
> Microsoft Silverlight 4 Toolkit April 2010
> Microsoft Silverlight Tools for Visual Studio 2010
> Microsoft SQL Server 2005 Compact Edition [ENU]
> Microsoft SQL Server 2008 Browser
> Microsoft SQL Server 2008 R2 Management Objects
> Microsoft SQL Server Compact 3.5 SP2 ENU
> Microsoft SQL Server Compact 4.0 Web Tools ENU
> Microsoft SQL Server Database Publishing Wizard 1.4
> Microsoft Visual Basic 2010 Express - ENU
> Microsoft Visual Basic 2010 Express - ENU
> Microsoft Visual C# 2010 Express - ENU
> Microsoft Visual C# 2010 Express - ENU
> Microsoft Visual C++ 2005 Redistributable
> Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
> Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
> Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
> Microsoft Visual C++ 2010 Express - ENU
> Microsoft Visual C++ 2010 Express - ENU
> Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
> Microsoft Visual Studio 2010 Service Pack 1
> Microsoft Visual Studio 2010 Service Pack 1
> Microsoft Visual Web Developer 2010 Express - ENU
> Microsoft Visual Web Developer 2010 Express - ENU
> Microsoft WebMatrix
> Microsoft XNA Framework Redistributable 3.1
> Microsoft XNA Framework Redistributable 4.0
> Microsoft XNA Game Studio 4.0
> Microsoft XNA Game Studio 4.0 (ARP entry)
> Microsoft XNA Game Studio 4.0 (Redists)
> Microsoft XNA Game Studio 4.0 (Shared Components)
> Microsoft XNA Game Studio 4.0 (Visual Studio)
> Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
> Microsoft XNA Game Studio 4.0 Documentation
> Microsoft XNA Game Studio Platform Tools
> Microsoft_VC80_ATL_x86
> Microsoft_VC80_CRT_x86
> Microsoft_VC80_MFC_x86
> Microsoft_VC80_MFCLOC_x86
> Microsoft_VC90_ATL_x86
> Microsoft_VC90_CRT_x86
> Microsoft_VC90_MFC_x86
> Microsoft_VC90_MFCLOC_x86
> MiPony 1.6.4
> mipony-plugin Toolbar
> Mobipocket Reader 6.2
> Mozilla Firefox 5.0 (x86 en-US)
> MSVCRT
> MSVCRT_amd64
> MSXML 4.0 SP2 (KB954430)
> MSXML 4.0 SP2 (KB973688)
> MSXML4 Parser
> Mz Shutdown Scheduler
> NCsoft Launcher
> Nexon Game Manager
> Norton Security Scan
> Notepad++
> NuGet
> NVIDIA PhysX
> ooVoo
> OpenAL
> OpenDNS Updater 2.2.1
> OpenGL Extensions Viewer 3.0
> Opera 11.61
> ophcrack 3.3.1
> OverclockingCenter
> PAK Explorer
> PC Alert 4
> PCSX2 - Playstation 2 Emulator
> PDF Settings CS5
> Pokemon Defense
> PS3 Media Server
> PSP Video 9 6
> PunkBuster Services
> Python 2.2.3
> QuickTime
> Rainmeter
> RAM Defrag (remove only)
> RealNetworks - Microsoft Visual C++ 2008 Runtime
> RealPlayer
> RealUpgrade 1.1
> reFX Nexus VSTi RTAS v2.2.0
> Romance of the Three Kingdoms XI Razor 1911
> Rome - Total War
> Rusty Hearts PWE
> Samsung SCX-4x16 Series
> Samsung Universal Print Driver
> SeaTools for Windows
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
> Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
> Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
> Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
> Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
> Skype Click to Call
> Skype™ 5.10
> SliderDock
> Smart Install Maker
> Smart Install Maker 5.03
> SmarThru
> Speccy
> SpeedFan (remove only)
> StarCraft II
> Steam
> Stick RPG Director's Cut 0.942
> SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
> Super MNC Invitational
> TeamSpeak 3 Client
> TeamViewer 5
> Terraria
> The Lord of the Rings FREE Trial
> Thrustmaster Force Feedback Driver
> trakAxPC
> Trillian
> Tunngle beta
> Uniblue SpeedUpMyPC
> Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
> Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
> Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
> Update for Microsoft .NET Framework 4 Extended (KB2468871)
> Update for Microsoft .NET Framework 4 Extended (KB2533523)
> Update for Microsoft .NET Framework 4 Extended (KB2600217)
> VC80CRTRedist - 8.0.50727.6195
> VIA Platform Device Manager
> VideoGenie
> Videora iPod touch Converter 6
> Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
> WCF RIA Services V1.0 SP1
> Windows Live Communications Platform
> Windows Live Essentials
> Windows Live Essentials
> Windows Live Installer
> Windows Live Mail
> Windows Live Mail
> Windows Live Messenger
> Windows Live Messenger
> Windows Live Movie Maker
> Windows Live Movie Maker
> Windows Live Photo Common
> Windows Live Photo Common
> Windows Live Photo Gallery
> Windows Live Photo Gallery
> Windows Live PIMT Platform
> Windows Live SOXE
> Windows Live SOXE Definitions
> Windows Live UX Platform
> Windows Live UX Platform Language Pack
> Windows Live Writer
> Windows Live Writer Resources
> Windows Media Player Firefox Plugin
> WinPcap 4.1.2
> WinUHA 2.0 RC1 (2005.02.27)
> WinZip Registry Optimizer
> wxWidgets 2.9.1
> Xfire (remove only)
> XfireXO Toolbar
> yBook
> yBook2
> YouTube Downloader App 3.00


And thanks for the help!


----------



## johnb35

OK, first thing first....

You have some pirated software installed on your system.  I don't know exactly how much pirated software is installed but at this point, your best bet is to uninstall everything pirated or if you have a lot, then reinstall windows and only installed genuine software that you legally own/paid for.  Your avast sofware is definately pirated.



		Code:
	

Avast License by ZeNiX [2012-03-14]


I'm not even gonna attempt to get you straightened out until I know all pirated software is off your machine.  

Sorry.


----------



## lemon07r

I dont have any antivirus installed on my computer.. I only have the crack installed from  years ago.. right now im running with no antivirus. (I dont download anything ever so I just uninstalled it awhile ago, I use my computer to play a few games, diablo 3 (cant be pirated so u know it legitimate), aion (its free), LoL (also free) blood line champions (also free), starcraft 2 (i play online only so its not pirated), all other games i have on my pc I dont touch) .


----------



## johnb35

Please download *Malwarebytes' Anti-Malware *from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Afterwards, post a fresh hijackthis log.


----------



## lemon07r

Ok so I did the scan, found 5 infected objects mostly registry. Told me to restart to remove malware properly, i restarded, but my desktop was all black, and there was no start menu or anything. I tried right clicking and got nothing, so alt+cntrl+dlt and started task manager and saw two interesting processes by the name of runoncewrapper.exe or something like that, I killed the process tree and everything loaded up normally. not sure what it is.
Here's the malwarebytes log:


> Malwarebytes Anti-Malware (Trial) 1.62.0.1300
> www.malwarebytes.org
> 
> Database version: v2012.08.07.06
> 
> Windows 7 Service Pack 1 x64 NTFS
> Internet Explorer 9.0.8112.16421
> Lamim :: XPC-WYVERN011 [administrator]
> 
> Protection: Enabled
> 
> 07/08/2012 1:43:43 PM
> mbam-log-2012-08-07 (13-47-57).txt
> 
> Scan type: Quick scan
> Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
> Scan options disabled: P2P
> Objects scanned: 240282
> Time elapsed: 3 minute(s), 44 second(s)
> 
> Memory Processes Detected: 0
> (No malicious items detected)
> 
> Memory Modules Detected: 0
> (No malicious items detected)
> 
> Registry Keys Detected: 0
> (No malicious items detected)
> 
> Registry Values Detected: 0
> (No malicious items detected)
> 
> Registry Data Items Detected: 3
> HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
> HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
> HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
> 
> Folders Detected: 0
> (No malicious items detected)
> 
> Files Detected: 2
> C:\plyxe.pif (Malware.Packer.Gen) -> No action taken.
> C:\Users\Lamim\Local Settings\Application Data\7z.exe (Trojan.Autoit) -> No action taken.
> 
> (end)



Here's hte hijackthis log:


> Logfile of Trend Micro HijackThis v2.0.4
> Scan saved at 1:52:48 PM, on 07/08/2012
> Platform: Windows 7 SP1 (WinNT 6.00.3505)
> MSIE: Internet Explorer v9.00 (9.00.8112.16447)
> Boot mode: Normal
> 
> Running processes:
> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Users\Lamim\AppData\Local\Google\Chrome\Application\chrome.exe
> C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
> C:\Windows\SysWOW64\DllHost.exe
> 
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
> R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmip1.dll
> R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
> R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll
> R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
> F2 - REG:system.ini: UserInit=userinit.exe,
> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
> O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
> O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
> O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll
> O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
> O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
> O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmip1.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
> O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
> O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
> O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
> O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
> O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
> O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
> O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files (x86)\mipony-plugin\tbmip1.dll
> O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
> O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll
> O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
> O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
> O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
> O4 - HKLM\..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe
> O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
> O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
> O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
> O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
> O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
> O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
> O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
> O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
> O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
> O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
> O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
> O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
> O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
> O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
> O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
> O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
> O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
> O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
> O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
> O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
> O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AD97B1-D761-4E82-B244-51DB0960D8FB}: NameServer = 208.67.222.222,208.67.220.220
> O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
> O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
> O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
> O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
> O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
> O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
> O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
> O23 - Service: AMD FusionUtility Service - Advanced Micro Devices, Inc. - C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
> O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
> O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
> O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
> O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
> O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
> O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
> O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
> O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
> O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: Lexar Secure II (LxrSII1s) - Lexar Media, Inc. - C:\Windows\system32\LxrSII1s.exe
> O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
> O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
> O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NlsSrv32.exe
> O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
> O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
> O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
> O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
> O23 - Service: PSPR Control Service (PSPRSERV) - ElcomSoft Co. Ltd. - C:\Program Files (x86)\ElcomSoft\Proactive System Password Recovery\psprserv64.exe
> O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
> O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
> O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
> O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
> O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
> O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
> O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
> O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
> O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
> O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
> O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
> O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
> O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
> O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
> O23 - Service: PDF Printer Service for Windows 7 (Win7PDFPrinting) - Vivid Document Imaging Technologies - C:\Program Files\PDF Printer for Windows 7\Win7PDFPrinting.exe
> O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
> O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
> 
> --
> End of file - 15700 bytes



And here's the uninstall manager log from hijackthis: (btw I uninstalled zenix since I dont even have avast in the first place)


> 1ClickDownloader
> Adobe AIR
> Adobe AIR
> Adobe Community Help
> Adobe Community Help
> Adobe Download Assistant
> Adobe Download Assistant
> Adobe Flash Player 11 ActiveX
> Adobe Flash Player 11 Plugin
> Adobe Photoshop CS5.1
> Adobe Reader 9.5.1
> Advanced GIF Compressor 1.0
> Aimersoft DRM Media Converter(Build 1.5.0.0)
> Akamai NetSession Interface Service
> AMD Fusion Utility
> AMD System Monitor
> Apple Application Support
> Apple Software Update
> Ask Toolbar
> Atheros Driver Installation Program
> ATI Catalyst Registration
> Audacity 1.3.14 (Unicode)
> AviSynth 2.5
> Battle vs. Chess
> BIOS Code Unlocked Technology
> BitTorrent
> BitTorrentBar Toolbar
> Black & White® 2
> Black & White® 2 Battle of the Gods
> Bloodline Champions
> Bloodline Champions
> BurnAware Free 4.2
> Cain & Abel v4.9.43
> calibre
> Catalyst Control Center - Branding
> Cheat Engine 6.1
> Command & Conquer Generals
> Command and ConquerTM Generals Zero Hour
> Conduit Engine
> D3DX10
> Diablo III
> Diablo III Beta
> DivX Setup
> Dota 2
> DragonNest
> Elite Launcher
> Fable III
> Feedback Tool
> Feedback Tool
> FLAC 1.2.1b (remove only)
> Flash Packager 2.1
> Fraps (remove only)
> Free Download Manager 3.0
> Free Hide IP
> Futuremark SystemInfo
> Google Earth
> Google SketchUp 8
> Google Toolbar for Internet Explorer
> Google Toolbar for Internet Explorer
> Google Update Helper
> Haali Media Splitter
> Hero Fighter
> HiJackThis
> Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
> Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
> Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
> Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
> Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)
> Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
> Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
> iFunbox (v1.98.948.666), iFunbox DevTeam
> IIS 7.5 Express
> ImgBurn
> Inno Setup QuickStart Pack version 5.4.0
> InnoIDE 1.0.0.67
> IrfanView (remove only)
> ISTool 5.3.0.1
> Java(TM) 6 Update 33
> Junk Mail filter update
> LADSPA_plugins-win-0.4.15
> LAME v3.98.3 for Audacity
> LCP 5.04
> League of Legends
> Left 4 Dead 2
> Live Update 5
> Liveupdate4
> LOCO v1.3
> LogMeIn Hamachi
> LogMeIn Hamachi
> MagicDisc 2.7.106
> Malwarebytes Anti-Malware version 1.62.0.1300
> Mega Manager
> Microsoft ASP.NET MVC 2
> Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
> Microsoft ASP.NET MVC 3
> Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools
> Microsoft ASP.NET Web Pages
> Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
> Microsoft F# Runtime for Silverlight 4
> Microsoft Games for Windows - LIVE Redistributable
> Microsoft Games for Windows Marketplace
> Microsoft Reader
> Microsoft Silverlight 3 SDK
> Microsoft Silverlight 4 SDK
> Microsoft Silverlight 4 Toolkit April 2010
> Microsoft Silverlight Tools for Visual Studio 2010
> Microsoft SQL Server 2005 Compact Edition [ENU]
> Microsoft SQL Server 2008 Browser
> Microsoft SQL Server 2008 R2 Management Objects
> Microsoft SQL Server Compact 3.5 SP2 ENU
> Microsoft SQL Server Compact 4.0 Web Tools ENU
> Microsoft SQL Server Database Publishing Wizard 1.4
> Microsoft Visual Basic 2010 Express - ENU
> Microsoft Visual Basic 2010 Express - ENU
> Microsoft Visual C# 2010 Express - ENU
> Microsoft Visual C# 2010 Express - ENU
> Microsoft Visual C++ 2005 Redistributable
> Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
> Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
> Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
> Microsoft Visual C++ 2010 Express - ENU
> Microsoft Visual C++ 2010 Express - ENU
> Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
> Microsoft Visual Studio 2010 Service Pack 1
> Microsoft Visual Studio 2010 Service Pack 1
> Microsoft Visual Web Developer 2010 Express - ENU
> Microsoft Visual Web Developer 2010 Express - ENU
> Microsoft WebMatrix
> Microsoft XNA Framework Redistributable 3.1
> Microsoft XNA Framework Redistributable 4.0
> Microsoft XNA Game Studio 4.0
> Microsoft XNA Game Studio 4.0 (ARP entry)
> Microsoft XNA Game Studio 4.0 (Redists)
> Microsoft XNA Game Studio 4.0 (Shared Components)
> Microsoft XNA Game Studio 4.0 (Visual Studio)
> Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
> Microsoft XNA Game Studio 4.0 Documentation
> Microsoft XNA Game Studio Platform Tools
> Microsoft_VC80_ATL_x86
> Microsoft_VC80_CRT_x86
> Microsoft_VC80_MFC_x86
> Microsoft_VC80_MFCLOC_x86
> Microsoft_VC90_ATL_x86
> Microsoft_VC90_CRT_x86
> Microsoft_VC90_MFC_x86
> Microsoft_VC90_MFCLOC_x86
> MiPony 1.6.4
> mipony-plugin Toolbar
> Mobipocket Reader 6.2
> Mozilla Firefox 14.0.1 (x86 en-US)
> MSVCRT
> MSVCRT_amd64
> MSXML 4.0 SP2 (KB954430)
> MSXML 4.0 SP2 (KB973688)
> MSXML4 Parser
> Mz Shutdown Scheduler
> NCsoft Launcher
> Nexon Game Manager
> Norton Security Scan
> Notepad++
> NuGet
> NVIDIA PhysX
> ooVoo
> OpenAL
> OpenDNS Updater 2.2.1
> OpenGL Extensions Viewer 3.0
> Opera 11.61
> ophcrack 3.3.1
> OverclockingCenter
> PAK Explorer
> PC Alert 4
> PCSX2 - Playstation 2 Emulator
> PDF Settings CS5
> Pokemon Defense
> PS3 Media Server
> PSP Video 9 6
> PunkBuster Services
> Python 2.2.3
> QuickTime
> Rainmeter
> RAM Defrag (remove only)
> RealNetworks - Microsoft Visual C++ 2008 Runtime
> RealPlayer
> RealUpgrade 1.1
> reFX Nexus VSTi RTAS v2.2.0
> Romance of the Three Kingdoms XI Razor 1911
> Rome - Total War
> Rusty Hearts PWE
> Samsung SCX-4x16 Series
> Samsung Universal Print Driver
> SeaTools for Windows
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
> Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
> Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
> Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
> Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
> Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
> Skype Click to Call
> Skype™ 5.10
> SliderDock
> Smart Install Maker
> Smart Install Maker 5.03
> SmarThru
> Speccy
> SpeedFan (remove only)
> StarCraft II
> Steam
> Stick RPG Director's Cut 0.942
> SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
> Super MNC Invitational
> TeamSpeak 3 Client
> TeamViewer 5
> Terraria
> The Lord of the Rings FREE Trial
> Thrustmaster Force Feedback Driver
> trakAxPC
> Trillian
> Tunngle beta
> Uniblue SpeedUpMyPC
> Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
> Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
> Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
> Update for Microsoft .NET Framework 4 Extended (KB2468871)
> Update for Microsoft .NET Framework 4 Extended (KB2533523)
> Update for Microsoft .NET Framework 4 Extended (KB2600217)
> VC80CRTRedist - 8.0.50727.6195
> VIA Platform Device Manager
> VideoGenie
> Videora iPod touch Converter 6
> Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
> WCF RIA Services V1.0 SP1
> Windows Live Communications Platform
> Windows Live Essentials
> Windows Live Essentials
> Windows Live Installer
> Windows Live Mail
> Windows Live Mail
> Windows Live Messenger
> Windows Live Messenger
> Windows Live Movie Maker
> Windows Live Movie Maker
> Windows Live Photo Common
> Windows Live Photo Common
> Windows Live Photo Gallery
> Windows Live Photo Gallery
> Windows Live PIMT Platform
> Windows Live SOXE
> Windows Live SOXE Definitions
> Windows Live UX Platform
> Windows Live UX Platform Language Pack
> Windows Live Writer
> Windows Live Writer Resources
> Windows Media Player Firefox Plugin
> WinPcap 4.1.2
> WinUHA 2.0 RC1 (2005.02.27)
> WinZip Registry Optimizer
> wxWidgets 2.9.1
> Xfire (remove only)
> XfireXO Toolbar
> yBook
> yBook2
> YouTube Downloader App 3.00



Again thanks for your help.


----------



## johnb35

according to the malwarebytes log, no action was taken.  Did you click on the remove selected button to remove those infections?  Please rescan your system to make sure they are gone.


----------



## lemon07r

Oh i saved the log before taking any action, I had malwarebytes remove the infected objects after I saved the log. I will do a rescan tomorrow though.


----------



## johnb35

Highly recommend uninstalling the following programs.

Uniblue SpeedUpMyPC
WinZip Registry Optimizer
Norton Security Scan
Conduit Engine
BitTorrent
BitTorrentBar Toolbar


Download the free version of Avast or Microsoft Security Essentials.  Don't run without any virus protection.


----------



## lemon07r

Funny thing is I never installed those and it wont let me uninstall them, I never wanted them in the first place.


----------



## lemon07r

Alot of those I didnt install myself, I had been wanting to uninstall those.
EDIT: Ok ive uninstalled all of them but I still have major cpu lag. Ive now also overclocked my cpu to 3.5ghz (was 3.1ghz before)


----------



## johnb35

Then I would guess its time to reinstall windows.  Not sure what else could be wrong.  If you are still having high cpu usage, open task manager, and sort by cpu usage and find what process is using the most of the cpu.  Ignore system idle processes.


----------



## lemon07r

Ive tried that I cant seem to find anything but system idle using up my cpu, is there a way to re install with removing a couple of my programs? I have stuff like word 2010 and i dont know where my install disc is and I dont want to download aion, diablo, starcraft 2 (i have on disc but updates are huge) and aion again, that's 200gb of bandwidth right there and I only get 80 a month .


----------



## johnb35

As I said, System idle process is nothing to worry about, it will always be high as its supposed to.  

Look in the following image and you'll see what an average XP system will look like.  See how system idle process is at 99%.  The thing you need to look at is at the bottom for the actual cpu usage.  See where it says 0%.  Thats where you need to look at first.  If that number is high then you need to look up top for whats using it EXCEPT for system idle processes.  As other processes start using the cpu, then the system idle process percentage will start going down.  99% system idle processes means just that.  99% of your cpu is at an idle state.
If you click on the cpu usage column you can sort it that way.  If you sort it high to low then system idle process should always be at the top.  








Hopefully we are on the same page here.  If it shows cpu usage 50% or more than make sure you check the box that says show processes from all users.  If its at 50% then a process or processes will reflect that.  

The next time its high, expand task manager and get a screen shot of it or multiple screenshots if need be to get the whole list of processes.  Not sure what else to tell you to do.


----------



## StrangleHold

Like said above. If you have high cpu usage it should show what process/es is using it from the above Task Manager.


----------



## lemon07r

Yeah my cpu usage has gone down now after much cleaning and a full malwarbytes scan which took a while. Right after I then ran scan with avast free (screensaver scan) and it found that ton of amd and ati files were infected with with win32:sality (im not sure how malware bytes missed this, this scan took place right after the malwarebytes one). I cant remove it cause when I try to my avast crashes. And I dont want o remove it cause it my screw up my videocard drivers. What should I do?


----------



## johnb35

Unfortunately, with the Sality infection along with virut and another, its very hard to remove.  You may be in store to format and reinstall windows.  However, I would like for you to run the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## lemon07r

I couldn't find the "UN-check Remove found threats" but sorry  but I did run the scan anyways:


> C:\AMD\ATI_Win7_Vista_Catalyst10.1_Hotfix_8.69.3RC2_Jan27\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\AMD\ATI_Win7_Vista_Catalyst10.1_Hotfix_8.69.3RC2_Jan27\Bin\InstallManagerApp.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\AMD\ATI_Win7_Vista_Catalyst10.1_Hotfix_8.69.3RC2_Jan27\Bin\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\AMD\Support\12-6-legacy_vista_win7_64_dd_ccc_whql\Packages\Apps\AppEx\AppEx\ABC.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\AMD\Support\12-6_vista_win7_64_dd_ccc_whql\Packages\Apps\AppEx\AppEx\ABC.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista64_win7_64_dd_ccc_enu\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_sb\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_sb\Bin\ATISetup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_sb\Bin\InstallManagerApp.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_sb\Bin\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_xcode\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_xcode\Bin\ATISetup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_xcode\Bin\InstallManagerApp.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-7_vista_win7_32-64_xcode\Bin\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\10-8_vista64_win7_64_dd_ccc_enu\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\11-2_vista64_win7_64_dd_ccc_ocl\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\ATI\Support\11-3_vista64_win7_64_dd_ccc_ocl\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\BigFishGamesCache\Upgrade\stub\masterofdefense_s1_l1_gF869T1L1_d1434332206.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\Fraps\fraps.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\Fraps\uninstall.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\Perfect World Entertainment\Rusty Hearts\Launcher\tool\ClientLauncher.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\Perfect World Entertainment\Rusty Hearts\Launcher\tool\ServerListLauncher.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\Program Files (x86)\2K Games\Mafia II\pc\SKIDROW.exe	Win32/Sality.NBA virus	cleaned - quarantined
> C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI	multiple threats	deleted - quarantined
> C:\Program Files (x86)\LCP\Data\pwdump2\samdump.dll	probably a variant of Win32/Agent.GELFBUE trojan	cleaned by deleting - quarantined
> C:\Program Files (x86)\LCP\Data\pwdump3\pwservice.exe	Win32/PSWTool.PWDump3 application	cleaned by deleting - quarantined
> C:\Program Files (x86)\LCP\Data\pwdump3e\pwservice.exe	Win32/PSWTool.PWDump.A application	cleaned by deleting - quarantined
> C:\Program Files (x86)\ophcrack\ophcrack.exe	a variant of Win32/PSWTool.ophCrack.A application	cleaned by deleting - quarantined
> C:\Program Files (x86)\ophcrack\ophcrack_nogui.exe	a variant of Win32/PSWTool.ophCrack.A application	cleaned by deleting - quarantined
> C:\Program Files (x86)\ophcrack\pwdump\lsremora.dll	Win32/PSWTool.PWDump6 application	cleaned by deleting - quarantined
> C:\Program Files (x86)\ophcrack\pwdump\pwdump6_setup.exe	Win32/PSWTool.PWDump6 application	cleaned by deleting - quarantined
> C:\Program Files (x86)\ophcrack\pwdump\servpw.exe	Win32/PSWTool.PWDump6 application	cleaned by deleting - quarantined
> C:\Users\Lamim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\35a186a5-22da8a9e	multiple threats	deleted - quarantined
> C:\Windows\AutoKMS\AutoKMS.exe	probably a variant of Win32/HackKMS.B application	cleaned by deleting - quarantined
> C:\Windows\Installer\3e9ca0.msi	multiple threats	deleted - quarantined



I downloaded ophcrack awhile ago cause I had added a password and realized I count remember it haha.

During another screen saverscan avast found more files infected, one that arent listed by the eset scan So i think its spreading


----------



## johnb35

The safest thing to do would be to fresh install windows.  Do not back up any exe files.


----------



## S.T.A.R.S.

Try this:

-go to RUN and type "msconfig.exe" and press OK
-go to STARTUP tab and there disable everything
-click APPLY and click OK then restart the computer
-if now the CPU is normal then some of the installed drivers or other programs are causing the issue.To detect what is causing it,go to "msconfig.exe",STARTUP tab and then add check mark one by one until the CPU goes high again.Then you will know what is causing it and be able to remove it.





Cheers!


----------



## lemon07r

Cpu lag isnt an issue now, just trying to get rid of malware, I guess i have to do a fresh install.


----------



## wolfeking

wait for johnb35 to come and hep you. 99.999% of the time he can make you system clean of maleware very easily.  Very rarely does it require a reinstall.


----------



## johnb35

wolfeking said:


> wait for johnb35 to come and hep you. 99.999% of the time he can make you system clean of maleware very easily.  Very rarely does it require a reinstall.



As I said prior, with the infection he had/has, its best to format and reinstall windows.  It's a file infecting malware like Virut and Ramnit.  The only way to fix is to reinstall windows.  Do not back up any EXE files.


----------



## lemon07r

Well actually today I ran avast and had it clean all infected files found, then i ran eset online scanner and it found nothing bad so I'm clean now . I'll continue to check by runnin eset again tommorow and doing a boot scan with avast


----------



## Thanatos

I'm always amazed at these "help my computer is infected" threads. Makes me want to become a 'White Hat' hacker when I'm older.


----------



## lemon07r

Thanatos said:


> I'm always amazed at these "help my computer is infected" threads. Makes me want to become a 'White Hat' hacker when I'm older.



o.o Im sorry you lost me. lol (just ftr ik what a white hat hacker does, just confused how these threads make you want to become one lol)


----------



## Thanatos

lemon07r said:


> o.o Im sorry you lost me. lol (just ftr ik what a white hat hacker does, just confused how these threads make you want to become one lol)



I just think it's pretty awesome how john can find them like he does. And just by looking at log files.


----------



## S.T.A.R.S.

I would never reinstall Windows because of viruses and other malware lol.
It is so damn easy to get rid of ANY viruses.At least to me lol.I am just lazy to write the ENTIRE proceedure here because not all proceedures are easy as installing some software and performing a scan lol.
Luckily for me,I know how to get rid of ANYTHING 

This might sound shocking to some of you,but the last time I reinstalled Windows on my PC was in 2004. and the reason why I even did that was because until 2004. year I was using Windows 98 SE so I decided to install XP (finally).
Sure many problems happened during these 8 years,but ANY kind of problem can ALWAYS be solved if you know how.Reinstalling Windows is one of the MANY ways to solve the problem(s),but to me that is the WORST way which I just HATE!!!


----------



## johnb35

S.T.A.R.S. said:


> I would never reinstall Windows because of viruses and other malware lol.
> It is so damn easy to get rid of ANY viruses.At least to me lol.I am just lazy to write the ENTIRE proceedure here because not all proceedures are easy as installing some software and performing a scan lol.
> Luckily for me,I know how to get rid of ANYTHING
> 
> This might sound shocking to some of you,but the last time I reinstalled Windows on my PC was in 2004. and the reason why I even did that was because until 2004. year I was using Windows 98 SE so I decided to install XP (finally).
> Sure many problems happened during these 8 years,but ANY kind of problem can ALWAYS be solved if you know how.Reinstalling Windows is one of the MANY ways to solve the problem(s),but to me that is the WORST way which I just HATE!!!



OK fancy pants.....  How would go about getting rid of virut or ramnit virus?  You said you can get rid of anything!!!  I would like to see you try to get rid of these file infecting viruses.  Don't write checks your body can't cash...


----------



## S.T.A.R.S.

johnb35 said:


> OK fancy pants.....  How would go about getting rid of virut or ramnit virus?  You said you can get rid of anything!!!  I would like to see you try to get rid of these file infecting viruses.  Don't write checks your body can't cash...



Ramnit viruses are crap lol.Anyway here is what I would do:

-remove the HDD from the computer
-turn on all possible virus access protections on other computer
-connect the infected HDD to the computer using the power adapter,sata cord through simple USB
-make a program in C# or C++ (or whichever language you prefer) and use FileSystemWatcher class using all it's possible properties which will track if ANY of the file(s) on the entire HDD (on healthy computer of course) change.By change I mean:

-file created
-file changed
-file opened
-file renamed
-file deleted

If any of these conditions are true,IMMEDIATELY disable the infected connected HDD and IMMEDIATELY turn off the computer.All this should take around 10 milliseconds tops.

It is very rare that any of those conditions will even happen if the access protection is good and executed before connecting the infected HDD to "healthy" system.

-perform a scan of the infected HDD in Safe more with Command Prompt while your program which uses FileSystemWatcher class tracks all changes in EVERY SINGLE file on the HDD of your healthy computer.During the scan process of the "sick" HDD if something happens like:

-file created
-file changed
-file opened
-file renamed
-file deleted (most common in 99% cases)

...then let your program to continue monitoring all files on SICK and HEALTHY HDD,but without doing anything.Reason why nothing has to be done is simply because some files have been deleted (virus data of course) from the sick HDD and that is exactly what we wanted in the first place.
However if ANYTHING like:

-file created
 -file changed
 -file opened
 -file renamed
 -file deleted

...DOES happen on HEALTHY HDD,then of course IMMEDIATELY shut down everything completely.(A simple infection prevention)...

In that case just turn on the system again and continue the scan process on the same way using also of course your program which has to be running at ALL times.

NOTE: If your program which monitors ALL data on ALL HDDs crashes (due to virus data attempts),be sure that you reprogram your program on the way that IF it crashes,it starts immediately again.

Once the scan is completed,delete ALL virus data that has been found no matter what it is (including that ramnit virus).If the found virus data cannot be deleted within Windows OS environment,then just write the locations of found virus data somewhere (text file or simple paper),then load MS-DOS OS or some Linux OS and within that environment (according to previously written virus data locations) find all the virus data and delete it manually.

NOTE: If the virus data which you are deleting are ALSO Windows OS system files,delete them anyway because later you will simply perform a REPAIR process of your Windows OS using it's CD or DVD-ROM disk to restore the missing (deleted) system files.

-return the HDD back to it's original computer and use it normally again.If neccessary like I already said,perform a repair process.

-now you can also delete your program which was monitoring all data since it's no longer needed (unless if you want to keep it for future use lol).

-Enjoy using the virus clean computer!


By the way this is just one of many many ways of how you can get rid of virus data,but unforcenately in most cases it requires knowledge about hardware,software and programming.But it's not hard lol.That is how I do it because I just HATE reinstalling everything.

PRECAUTION: Once you set everything up perfectly on your system,be sure to CLONE the entire HDD on completely other HDD so that next time if something SOOO BAD happens to you,you do not need to reinstall absolutely anything.Of course this is not possible using simple system restore or HDD cloning software.I use Linux OS for this.
And yes I do have my HDD cloned also,but I never had to use it because I will rather lose time to fix things then to simply clone everything back even though I do not need to reinstall anything since in my CLONE I have everything set up just the way I want it.
I am weird I know lol.
The only reason why I would CLONE everything back would be if it's just impossible to fix things.But nothing is impossible for me so...




Cheers!


----------

