I don’t know where to start de-virusing this computer. I installed the FFx beta 3.5 (I wouldn’t recommend helping them “test”) and I also installed the software for English Harbour Casino Roulette. (I was playing for free) and frankly I installed afew programs from GiveawayoftheDay, but I checked all downloads with AVG. and sometime around then I noticed things started acting strangely. I had AVG which kept running and saying “no infections found” and I knew better. I did the online scan Panda and nothing found. Ditto Kaspersky online. I uninst. AVG and installed BitDefender since it DID find a virus when I ran the online scan. It expected me to know too much and I didn’t trust it to “auto learn” because I didn’t know what exactly WAS going on, so I unloaded it and installed AVAST. Avast also detected and removed a few viruses. I also installed MalwareBytes, Spybot, SuperAntiSpyware and already had CCleaner on here. I ran everything (at diferent times of course) to see what was detected. Very little. Things have gone downhill. First I noticed that if I happened to be online as Admin (which I rarely do) I was unable to even open up a video, and some links wouldn’t work. Just click. nothing. On a LIMITED account, I had no problem watching videos. mY MOST RECENT SCAN SAYS THAT AVAST ITSELF looks like it is infected with several viruses. here’s one line out of the scan log:
“Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Alwil Software\Avast4\DATA\moved\A0056375.exe.vir{app}\Anti-Virus.exe” file.”
And about 80% (I’m guessing) of the files were locked and passworded could not be scanned by AVAST. (that is VERY recent development)
I figured that was simply repeating data on what’s in the Virus Chest?
But other log reports said that there were two “decompression bombs” that Avast couldn’t do anything about. WHAT is THAT?? Interestingly, I couldn’t FIND THAT line in any log when I tried to find it today. Any suggestions?
At any rate, I can’t get into Safe Mode now to run Avast and I can’t restore to a point where Safe Mode is again accessible.
About a week ago, when I was still running AVG, I was able to access safe mode. But now, no.
I’m just kinda hung as to what to do next. I also do have HijackThis and ran that too, but I couldn’t understand beans about the results and the forums to post were a little too high tech for me to wade through.
This is truly frustrating. One thing i DID note that no AV software has commented on is what came back on a log when I ran "Gmer’s “catchme” prog and the following was displayed:
"scanning hidden processes ...
"scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0"
When this appeared, I thought somehow, some way, that that was, in fact, connected to the problem, that my computer had remotely been hacked into by a person and this actually MEANT something along that line. But I’m no geek, unfortunately. 
(I’ve been hacked by aperson before. I p*ssed off a guy in Russia that was trying to run a scam on me by telling him to sue me when I didn’t send him cash for his phony money orders…lol…I’ve always thought he was the culprit (for lo these three years) and why I have been forced to reformat every 6 months or so. I’ve run PC-Cillin, Kaspersky, McAfee, Norton’s (both crap) AVG, Avast and the other A-one, and the same thing happens eventually EVERY time, usually within 6 months. (last reformat was done by the mfgr in March, so this was faster this time)
But no AV detected that this “S1” thing was a problem. YET, ANOTHER person online (from 2007, see below) was having exactly the same SYMPTOMS of oddities I was…no video play, SOME links not connecting, and no safe mode. So the similarities brought up my antenna. No site seemed to have an answer for his/my problem.
I googled the “s1=Dword…f” and found in another forum (apparently one that was abandoned) an entry regarding the s1s2 items above by someone who was having exactly the SAME symptoms I was and could not find an answer.Unfortunately, since it was a 2007 unanswered entry, I couldn’t email him and ask if he had found an answer.
I’m going to email the catchme log to the Gmer developer (the website says that’s fine if I don’t know how to interpret) but in the meantime…any suggestions? I’ve run every online AV test in the book. No help. And several malware ones too. A few cookies found, otherwise, no help.
A LOT of Win32 trojan-gen viruses seem to be in the restore partition. (I see a few others on here with the same problem. I haven’t run SuperAnti (one guy said that worked for him) since getting those in the log so i will try that when I log off.
But, there’s my dilemma: I’m NO GEEK (I wish!!). I don’t know how to interpret this stuff but can anyone out there help me? Step…by…step…please. Duh.
They need to write a “step-by-step how- to de-virus” ebook for “Dumb and Dumber” folks…lol
Thanks EVER so much!!
Bfann