Alpha Antivirus....UGH!!!

Last night I was in FB and all of a sudden I get these pop-ups saying I needed more security...it looked real...was a orangish like shield and even then red security shield looked real...BUT...I did not click on it and download anything...I had a real hard time just trying to get out of it all cuz it kept popping up all these windows...I ran my malwarebytes and it found 23 infections...I removed them and they are quarantined now. How do I know if I got them all...and that I'm not infected anymore?

Also...my malwarebytes doesn't run in the background...(I dont think) I have to open it and then update it then run it...I am looking for something that will run in the background to stop all this and yet won't slow my computer down.
Any suggestions on what is very good?

Thanks for any help and suggestions

 

Please use the default font. That's hard to read.

Without logs we can't tell what might or might not be on the computer. Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Ok here's the log from Malwarebytes...


Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 3

10/30/2009 11:08:55 PM
mbam-log-2009-10-30 (23-08-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 288943
Time elapsed: 2 hour(s), 31 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AlphaAV (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\AlphaAVUninstall (Rogue.AlphaAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\AdvancedIEupdate.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-944680_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-a3b7_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-a5320_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-d8a_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-1408e3a_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-9091c5a_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-9dc04_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-fc9e0_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-2bd4_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-74f1_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-9853_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-ce83da_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-d2c795_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-d97b0_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-1ab1_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-5c76ac_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-621_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-f524_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-f65e_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\AlphaAV\alpha.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\AlphaAVUninstall\Uninstall.lnk (Rogue.AlphaAntivirus) -> Quarantined and deleted successfully.

 

Your not following the instructions! All logs must be attached. Keep them and post them all at the same time.

 

first of all...dont take that tone with me...I don't appreciate it...not everyone is computer savyy and I did what you asked me. I cleaned my computer as the posts said...I already had ccleaner installed and ran it...after changing all these settings my computer is slower than a turtle...plus I have all these icons on my lower toolbar...and I can't turn off my avg...so I could not run the combofix...


here's the sas log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/03/2009 at 10:27 AM

Application Version : 4.29.1004

Core Rules Database Version : 4223
Trace Rules Database Version: 2124

Scan type : Complete Scan
Total Scan Time : 02:18:42

Memory items scanned : 486
Memory threats detected : 0
Registry items scanned : 6698
Registry threats detected : 0
File items scanned : 79440
File threats detected : 0



here's the mb log...

Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 3

10/30/2009 11:08:55 PM
mbam-log-2009-10-30 (23-08-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 288943
Time elapsed: 2 hour(s), 31 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AlphaAV (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\AlphaAVUninstall (Rogue.AlphaAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\AdvancedIEupdate.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-944680_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-a3b7_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-a5320_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\025ABICF\A-Install-d8a_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-1408e3a_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-9091c5a_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-9dc04_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\5UD4N90E\A-Install-fc9e0_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-2bd4_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-74f1_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-9853_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-ce83da_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-d2c795_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\N52A714X\A-Install-d97b0_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-1ab1_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-5c76ac_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-621_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-f524_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\comp\Local Settings\Temporary Internet Files\Content.IE5\YK8WJBXU\A-Install-f65e_2024-8[1].exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\AlphaAV\alpha.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\AlphaAVUninstall\Uninstall.lnk (Rogue.AlphaAntivirus) -> Quarantined and deleted successfully.


here's the rr log...

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/03 07:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF773B000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF66EC000 Size: 138496 File Visible: - Signed: -
Status: -

Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF715B000 Size: 4026112 File Visible: - Signed: -
Status: -

Name: ASAPIW2K.sys
Image Path: C:\WINDOWS\System32\Drivers\ASAPIW2K.sys
Address: 0xF7AD2000 Size: 32768 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF76CD000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7DD6000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xF54C2000 Size: 326528 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7A32000 Size: 21760 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xF6818000 Size: 353920 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7CBC000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7B9A000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF4B9C000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF782A000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF77CA000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF77BA000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF76E5000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7C8E000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF784A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dvd43llh.sys
Image Path: C:\WINDOWS\System32\DRIVERS\dvd43llh.sys
Address: 0xF7ACA000 Size: 18816 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF6E96000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7ED8000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xF544E000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7AFA000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF798A000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7B52000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF76AD000 Size: 129792 File Visible: - Signed: -
Status: -

Name: framebuf.dll
Image Path: C:\WINDOWS\System32\framebuf.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7CBA000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF770B000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF7ADA000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF793A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7B62000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF70C3000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xF42C9000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF786A000 Size: 52480 File Visible: - Signed: -
Status: -

Name: Icam5USB.sys
Image Path: C:\WINDOWS\System32\Drivers\Icam5USB.sys
Address: 0xF67B1000 Size: 100992 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF781A000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF780A000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF67F2000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF68C8000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF778A000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7B02000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7C8A000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xF3A27000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF7532000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7684000 Size: 92928 File Visible: - Signed: -
Status: -

Name: MarvinBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
Address: 0xF6F53000 Size: 188416 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7CBE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7B0A000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7B32000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF70BF000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF779A000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xF4C44000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF65B1000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7B72000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF78AA000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7579000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF759D000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF75B7000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7C6E000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF518E000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF70E8000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF78DA000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF796A000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF670E000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7B7A000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF75E4000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: NuidFltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
Address: 0xF7B8A000 Size: 28672 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7E34000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF70FF000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7A12000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7D08000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF772A000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7D52000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7A0A000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pclepci.sys
Image Path: C:\WINDOWS\system32\drivers\pclepci.sys
Address: 0xF70BB000 Size: 14112 File Visible: - Signed: -
Status: -

Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xF78BA000 Size: 47360 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7137000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF70D7000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7B1A000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7A1A000 Size: 20000 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF7C5E000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF787A000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF788A000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF789A000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7B22000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF6621000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7CC0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xF707F000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF783A000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RimSerial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Address: 0xF7B2A000 Size: 27136 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xF7CB0000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF3DE5000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7A62000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xF5492000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xF3A96000 Size: 151552 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7C6A000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF785A000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF77DA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sisnic.sys
Image Path: C:\WINDOWS\System32\DRIVERS\sisnic.sys
Address: 0xF7AF2000 Size: 32768 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF769B000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xF485A000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\System32\Drivers\STREAM.SYS
Address: 0xF794A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7CB2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF66CC000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF686F000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7B12000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF78CA000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF6F81000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBCAMD2.SYS
Image Path: C:\WINDOWS\System32\Drivers\USBCAMD2.SYS
Address: 0xF7B82000 Size: 28672 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7CB4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF7AEA000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF78EA000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF7AE2000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF7113000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7A3A000 Size: 25856 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF7A42000 Size: 26368 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7B6A000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS
Address: 0xF68FB000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF77AA000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF792A000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7A5A000 Size: 20480 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Address: 0xF6736000 Size: 503808 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xF795A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xF4DD9000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7C8C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF7671000 Size: 77568 File Visible: - Signed: -
Status: -

mglogs...
I followed directions and attached them...hope I did this right...

Please be patient with me...not that I need to explain but I have MS and certain parts of the brain dont work as well as others so just bare with me...I can't always sit and read how to...Thanks for your patience and help.

 

Your posts will be removed with the logs that are directly copy and pasted in the topic. They need to be attached.

 

So what does that mean? What do I have to do?

 

You attached the MGlogs.zip. You need to save the other logs that open in Notepad to your desktop (or somewhere you can find them) and attach them also. The administrators don't want logs posted directly into the replies.

 

and how do I do that when a little window pops up with all that info? And what do I have to do this to?

 

You need to do it with all of the logs I ask for. See: HOW TO: Attach Items To Your Post

 

Ok...I think I got all 4 of them the way you want them...

P.S. the mg one is in the other post...

 

Thank you.

It's not a tone, it's our rules. Even I have to play by them.

Why can't you turn off AVG? Have you tried like this?

Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.

• Click on Open AVG Interface.
• Double click on Resident Shield
• Deselect the option to "Enable Resident Shield."
• Save changes, and exit the application.

I need the ComboFix log. If ComboFix complains just ignore it and continue on.

 

I'm running avg 9 and wasnt letting me turn it off.and should I be turning it off now? after i posted all this?..and as for the combo I cant find where it saved it

 

See here: Running ComboFix

Be sure to save it to your desktop.

 

ok so here's the combo log...this should be all...thanks for the help.

 

See here -> Updating Sun Java. This is important as stated in the Read ME.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

• R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
• R3 - URLSearchHook: (no name) - {971f2499-a2e7-4fb8-8c87-a4647805d2de} - (no file)
• O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
• O3 - Toolbar: (no name) - {971f2499-a2e7-4fb8-8c87-a4647805d2de} - (no file)
• O20 - AppInit_DLLs:

After clicking Fix checked, exit HijackThis.


With the exception of this:

Which is a toolbar installed probably by IOBit your logs are clean. How is the computer running now?

 

I ran the mg thingy and I dont see any of this lines you posted here...now what?

 

They were likely removed by ComboFix so just remove what you can find.

 

There weren't any there that you posted...now what?

 

With the exception of the Conduit toolbar your logs are clean.

How is the computer running now?

 

Well i'm glad to hear i'm clean...I dont know how its running I still have ameess on my desktop and those icons on the bottomtoolbar open...how do I get everything back to the way it was?

 

Give it a while and then let me know.

I'm not sure I understand. Can you give me a screenshot?

We will clean up our mess now.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

Phew...this is taking all day for me...I dont understand that part for step 3 in #9...I dont see that at all...:confused and all the things on the bottom toolbar that start up now...thats what i was talking about...sorry no screen shot i'm using a laptop to work on both...dont know how to do a screen shot anyways...lol but you'll tell me i'm sure...lol

 

It's stressful for us too.

1. Click Start then Run and enter everything from the Code box below into the run box and then click OK.

Code:

"%userprofile%\Desktop\Combofix" /u

Note: The space between the Combofix" and the /u must be there.

2. Go to add/remove programs and uninstall HijackThis.

3. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

4. Disable And Enable System Restore

5. How to Protect yourself from malware!

As for all of the new startup items see here. Dealing with Startup Process

 

Ok...so I'm going thru the steps to get it back up and running and I;ve checked the windows update and its good so that cool...now I'm concerned about a firewall...I always just used the windows firewall...would you suggest I use a different one?

 

Take your time and get some rest if needed. I know it's a lot more work for you then it is me. I'm mainly just reading logs.... but a LOT of logs lol.

Installing one of these will over ride the Windows Firewall and turn it off for you. Personally I prefer Online Armor but these are all good, and free.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

 

Ok I'm gonna download the online armor then...is it user friendly? and do you know what I mean about all those icons on the bottomw toolbar that now show up when I changed the setting in the start up?

 

I think I do. The managing startups link I gave should address that.

Yes it's one of the easier ones.

 

OMG...lol I'm gonna take a break and try this tomorrow. I've downloaded the online armor and its running now...I'm so confused on all the antispyware...not sure what I should have and not...I do have malwarbytes and superantispyware already...do they run the same time or on demand? What should I really have that will run all the time? I'm gonna switch to mozilla instead of IE...Sorry for the overloaded questions and I so do appreciate all your help with this and I apologize for letting loose on you earlier...I'm not a whiz at this and it takes me some time to do this and I thank you for your patience with me. I think it boils down to the antispyware stuff now that will confuse me.:confused

 

They are on-demand with the free versions.

An antivirus and firewall is usually sufficient. Most questions should be answered here. How to Protect yourself from malware!

Your welcome.

 

So I'm running mozilla now...a little different I guess I'll have to get used to it...and I also installed that online armor...I can't quite figure out how to stop all those pop ups that I have to click on the little baloon window and the ask to allow thing...How can I fix that...thanks again...

 

Popups from what?

 

The little icons down on the bottom of the toolbar for the online armor...these little bubble windows keep popping up and its just annoying when you in the middle of things...how do I stop that? And superantispyware's little bug is down there so its starts as I turn my computer on...should it be?

 

You should have it in Standard mode for the least amount of popups. http://www.tallemu.com/webhelp3/ChooseMode.html

 

I'm posting my hijackthis log to see if you can helpme with the startup process...trying to stop all the extra startups...

 

You can have HojackThis fix all of these.

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - Global Startup: McAfee Security Scan.lnk = ?

It looks like you have Superantispyware and IOBit running at startup. If Superantispyware is the free version then disable it from running at startup in the Superantispyware settings. If it's paid then uninstall IOBit.

 

Both of them are the free version...so disable both or uninstall?

 

You can disable Superantispyware and leave IOBit active.

 

Ok...I had to switch back to IE I found that mozzila was to hard to follow...