Malware - Constantly

Hello.

First of all, I am sorry if there is already a thousand threads regarding this subject, but Comodo has driven me to this and therefore I must create this thread in order to find out what to do.
As I write this another of hundreds of alerts from Comodo has popped up and tells me:

A malicious item has been detected!
Name: Malware@#2zolwhbxip4mx
Location: C:\Windows\Installer{40af1784-8adc-e82d-… (here it expires as it is not the full path)
More info: Unavaiable

I click clean all the time and although that seems to do the job, the malware returns!
So what do I do? I have been looking for the folder manually but I can not anywhere in the Windows folder find a path called \Installer\ (and yes I have tried showing hidden files and folders).

So does anyone out there know what the heck I do? And what this is? And how I should handle it?

Thanks in advance.

Ia, Cthulhu. :slight_smile:

Hi CthulhuLives,
First up to show the installer folder you would have to untick “Hide protected operating system files”, I do not recommend this.

The following advice by Moderator Chiron could be of some assistance.
How to Know If Your Computer Is Infected
How to Clean An Infected Computer

I just ran a smart scan - with nothing found. I am currently scanning C:\Windows\ as we already know this is where the malware resides, but I must admit I do not think there is much hope for Comodo right now concerning this matter.
I find it quiet strange that it knows about the malware and warns me constantly, but it does not find anything if I run a scan.
Should I use Anti-Malware software instead to get rid off the villain?

I would stick to Chirons advice in the order given.
IMO Malwarebytes free is a good scanner for finding things others miss.

Edit: Has anything been quarantined or placed in Defense+, Unrecognized files?

I have disabled Defense+ as it interferes a lot with games and makes them run unstable often. So no there is no unrecognized files right now.

Next time try moving the file to quarantine instead of cleaning it. Once it’s in the quarantine it may be easier to see the entire path. Cleaning it will just delete it from the system.

Other than that please do follow the advice I give in How to Know If Your Computer Is Infected. Something tells me this may be a false positive, but it’s best to make sure. It could be a rootkit, so it’s best to rule that out.

That is the problem, I have scanned twice now, a smart scan and a full Windows folder scan, but Comodo finds no threats.
I used Malwarebytes and detected a lot of stuff that I got rid off, including this one, but as I restarted my computer, the alarm from Comodo returns and tells me that the file is still there and in the same path.
Also, I noticed as I rebooted that Comodo fails to launch a .dll thecfp.dll I think.

Concerning the quarantine, well I can’t choose that, for some reason, here is a screen cap:

It also might be worth mentioning, that the alarm never comes one time only, always two-three times.

Can you please let us know what Malwarebytes found?

Also, it’s sounding like there actually may be malware on your computer. Please follow the advice I give in my article and let me know what it finds. Make sure you let me know what unknown files it finds as well as any dangerous ones it flags (the easiest way to do this would probably be to post a screenshot of the results).

Thanks.

I can post a log, but it is very long, and even worse the most malware found is in the Comodo folder!
Notice, it is in Danish, but the last comment is that the Malware was removed and quarantined.

Malwarebytes Anti-Malware 1.62.0.1300

Database version: v2012.07.23.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mads Yde :: PANDÆMONIUM [administrator]

23-07-2012 16:15:26
mbam-log-2012-07-23 (16-15-26).txt

Skanningstype: Fuldstændig skanning (C:|D:|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 404649
Tid gået: 2 time(e), 42 minut(ter), 31 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 1
HKCU\SOFTWARE\CLASSES\CLSID{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) → Sat i karantæne og slettet succesfuldt.

Registreringsdatabaseværdier Inficeret: 1
HKCU\SOFTWARE\CLASSES\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) → Data: C:\Users\Mads Yde\AppData\Local{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\n. → Sat i karantæne og slettet succesfuldt.

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 105
C:\Users\Mads Yde\AppData\Local{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\n (Trojan.Agent.BVXGen) → Bliver slettet ved genstart.
C:\Users\Mads Yde\Desktop\Nyttige Programmer\Windows Loader [1.9.5]\Windows Loader [1.9.5]\Windows Loader.exe (RiskWare.Tool.CK) → Sat i karantæne og slettet succesfuldt.
C:\Users\Mads Yde\Downloads\SoftonicDownloader_for_gamespy-arcade.exe (PUP.ToolbarDownloader) → Sat i karantæne og slettet succesfuldt.
C:\Users\Mads Yde\Downloads\SoftonicDownloader_for_ms-gif-animator.exe (PUP.ToolbarDownloader) → Sat i karantæne og slettet succesfuldt.
C:\Users\Mads Yde\Downloads\SoftonicDownloader_for_the-all-seeing-eye.exe (PUP.ToolbarDownloader) → Sat i karantæne og slettet succesfuldt.
C:\Users\Mads Yde\Downloads\installer_the_all-seeing_eye.exe (PUP.BundleInstaller.BT) → Sat i karantæne og slettet succesfuldt.
c:\program files\comodo\comodo internet security\quarantine\02592a52-67ee-41b5-826a-57c2a5290c04.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\0492257f-95c1-4c30-93bf-53b19da99cc0.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\5c4637f6-e75c-4038-bcd8-430345432f2e.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\5eeb1d96-1443-474a-bc9e-4eaa02f7d494.data (PUP.BundleInstaller.IB) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\49032b18-882c-490a-8958-041e87ee1c3e.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\4958a0df-093c-4a81-9beb-dc8ba9352063.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\b6cf2d57-fb42-4858-9b12-1dcd0da6562e.data (Trojan.Agent) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\b7c807d4-2f81-494d-b0b6-18d8fb444fde.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\0bfc2fe4-86e9-45a8-8c2f-2d7369934f36.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\1e0e8fd3-1c8c-41d6-8a92-2fa8178fe790.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\417fd2c7-196b-497a-b7ad-8d9d8fa3b5e4.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\14203223-8632-4fb9-b624-56e283582a40.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\15b6ba2a-11df-4c7e-92e6-eac1b101c087.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\1ae3b69f-015a-45c4-9dea-6fec60bd0913.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\1ae8c79f-1655-4235-87fb-a05a5cbe03c0.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\d997832c-d9af-4eb3-89be-9ee650542883.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\d9baadc5-368e-49e2-a3fe-6e11c77df762.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\dcb0fef5-4489-4789-ad51-84f888398a37.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\79f69294-5391-4406-8753-f99c909a1b16.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\9faed192-9fb0-4360-b85f-43525a23fc8b.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\a16cf2f0-ecda-481d-b22c-170a93f5fc6a.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\225487d9-9bb5-4bb7-90af-243c18b027a8.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\2515bf0a-74cb-4aef-ba72-aa8dc95a7324.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\27742ca8-198b-4dc1-88d0-cdf38e55b244.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\2b3bac36-566b-4781-88a1-a317ffbcb73d.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\375e62c7-02ad-4db7-9656-0791ddeab433.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\38ce93a2-f4f9-4ec4-bcf5-221dd52e092b.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\3c48cad5-4571-487e-862f-bd3959df83b3.data (PUP.BundleInstaller.IB) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\8b4e6515-63d8-4657-865a-82dfd060d674.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\8bed6074-6d72-4d5a-a89b-f44a0aa3714b.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\8f5bd7a7-2553-4fda-afa5-06764aa9fbf0.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\f9bf741e-6d71-4beb-92d0-171fb486f131.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\fac9f132-a0cd-4f73-a30d-30dcfe23fcfa.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\fc1f8225-a5cf-43d1-8c16-6cee01408e71.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\0d4e6b14-9665-4498-b7ab-c652a8ac5d4b.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\92af3946-9257-4caf-a65f-29c65add9231.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\933f5498-1815-4d32-8d5d-0eede13794d0.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\973419fe-94f7-4024-b90d-74bf2f4691a4.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\656a0120-edc2-4c0b-b74f-be2c0972ff8b.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\6759202d-a5b2-4b7d-89c1-dead75a46e87.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\881bf31f-d4d8-4268-9e37-14d4364dc268.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\888d1005-c7fa-4a0a-be30-a6c4194c08c1.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\89514548-ced4-4e5c-9f15-0a62c1194a83.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\8a2c2a62-1b58-40f2-99c3-548989b3bbf6.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\8b48740e-432e-4caa-ab1e-043dc98364a0.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\e270325e-bab9-471d-8238-eedfc963b7e9.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\e66ff69b-b42e-4d68-bb0a-75edd38c3685.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\ec474389-0d7a-4b82-a0a4-7df62992ee23.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\1e856f2e-7a47-44ef-a3e3-f345d85ba3ae.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\2009dc42-d045-4f12-ba15-a14cc76aaea6.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\21f4b5e3-96b6-4c65-94e3-a913ae884d91.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\82cd66c6-a9be-4211-bfe7-2550043b5f6a.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\866539dc-447d-4827-bfb6-72be04b3b947.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\a924fac1-d135-44e9-ba03-7ec2ef3de826.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\53a8b7ed-9d76-4e70-8b55-698ca6e52623.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\53e21746-717d-41fa-8e22-ea206f9e7855.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\2eaf8768-62bb-4b70-bae5-88ccc6eb13ca.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\43aa200e-2c9d-4ce3-a9c7-76246fdbbd74.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\43edc610-f27c-4900-a24d-87e8cd24eaf8.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\44861be7-aa15-4b41-bc7a-d66e60057bc2.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\f16497c9-03cd-4f1d-968e-672bfb4d5684.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\c9fc328d-11ad-4f65-81e4-9e2d0f9acee4.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\ce1e0f04-c366-49f4-bfda-df43d917d89c.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\6029bde4-d2ab-45d9-ba98-ad2dbfc34c84.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\610314e1-6c6d-4b7f-81de-359136e231cd.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\64e84f56-47a9-4fcc-bb69-96c47138105a.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\650af0c4-d74a-4eec-b912-4028d742c561.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\7d7aee1a-2049-4c40-b694-eefb6ef4381b.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\91e67283-f299-452c-933b-3f4638f51493.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\aec8d3b7-65a5-4270-9eee-ffa662131fab.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\99a1c0dd-df67-418d-a525-5594af7f7e18.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\9d2bde7b-a64e-40c3-94b7-2b02bfefb6be.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\fe5621b1-7085-496a-bf94-ebca4a6f54ad.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\fee97801-b750-44a7-acc5-0057099158ee.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\3353393d-bebe-4e05-bb8c-13b041bbba9a.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\3448c351-4d4c-4de0-95ac-cc26ec632787.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\35c6dc52-c0cc-4668-8fb7-aefda18b1ee8.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\b30fa729-7d12-4cd0-ba6b-a9b8f3565724.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\8ffebaca-1ab4-4704-ba01-28b4e2fc911f.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\677300c6-a6e4-4f56-9ef4-6bd5af389c24.data (Trojan.Agent) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\6c4bf277-8e76-4906-82e6-594268a5b498.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\6ef02781-8b0f-4a41-892f-3cafb52bde95.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\07c5dbf2-4e2d-4b15-a6e3-8c2e03859346.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\0abab11a-94ed-493d-b2d8-1722b929eb0b.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\e07d4a1d-2283-4118-ba12-5ea1dc1cc9e4.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\e1b0d49f-2085-4564-b88c-3b96f7845abc.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\f6eb8dc7-64c0-43e4-bcd8-7e371479572b.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\f95c5816-c840-47b1-9090-a51c97df35fd.data (PUP.BundleInstaller.IB) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\a629256a-28e3-4828-ad42-ffcc66ea6a9a.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\a630f9a7-95de-4921-9c4e-3b32668e8b7f.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\a7130147-bed3-46d2-8438-cbe277fd4c78.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\7ff6b6e2-20c8-4a99-9753-6e9864e1302e.data (Rootkit.0Access) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\80225f1c-8bc4-4594-a67a-d96f13d8f847.data (Trojan.Sirefef) → Bliver slettet ved genstart.
c:\program files\comodo\comodo internet security\quarantine\4d6e6e3c-0fe7-42e3-8d80-ce80729244ca.data (Rootkit.0Access) → Bliver slettet ved genstart.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) → Bliver slettet ved genstart.
C:\Windows\Installer{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\n (Trojan.Agent.BVXGen) → Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\L\00000008.@ (Trojan.BitMiner) → Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\U\00000004.@ (Rootkit.Zaccess) → Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\U\00000008.@ (Trojan.Dropper.BCMiner) → Sat i karantæne og slettet succesfuldt.

(færdig)

Is it possible to put the log in some soft of spoilers? So the post won’t be this long?

That’s okay, did you try following the advice in my article. It looks like your computer either is, or was, infected.

The one where you recommend going through each file manually?
I must admit your article is quite long, so I am not totally sure of what advice you are speaking about.
Also, thanks to your both for your help so far.

Edit: I just found the file in quarantine in Malwarebytes and deleted it along with everything else there, now I am waiting to see if Comodo will alert me again.

Edit 2: It still alerts me.

Okay, if you would prefer to not go through my entire article than at least perform a scan with Kaspersky TDSSKiller and let us know what it finds. Also, can you please scan with GMER and let us know what it finds?

In addition, can you scan with HiJack This and post the log.

Thanks.

What’s GMER?

Gmer is an anti rootkit scanner.

I just used Kaspersky TDSSKiller and found nothing.

you are rootkitted, something you downloaded installed zero access rootkit ( becasue you tunred off D+). You can’t fix this from inside of windows. Go to a clean computer, download kaspersky rescue disk and burn it to a cd. Boot form a cd, update the definitions and do a full scan repair what it can and remove the rest. Let us know how it goes. http://support.kaspersky.com/faq/?qid=208282173

GMER finds a lot, but I do not know what it is finding, as I do not know what it is looking for.

Can you post the gmer log here?

The log is way too long to be posted in a reply, so I will upload a .txt file of it.
It can be gained here.

I will now use HiJack This.

Please also try languy’s solution. In case of a rootkit infection using an off line scanner is highly recommended.

The log show a lot of entries for the CIS quarantine folders. No need to worry about them. The last two entries are suspicious:

File C:\Windows\Installer\{40af1784-8adc-e82d-f1b1-d4eeeb69c3f1}\U\80000000.@ 12288 bytes executable File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{42918A9B-F80E-4203-8255-3F9048099FC0}.jpg 18850 bytes
See if you can remove them in Windows safe mode and whether they return or not.