Unable to remove Malware/Viruses

[AndreaSmondria]

HI There!

 

I have been using a few programs to keep my computer protected. I use bitdefender for antiviruses and i Use advanced system care Ultimate 6 to check for malware and keep my computer optomized. As well as MAlware fighter.

 

Over the last 6 months i have been finding my computer to be a little slow. When i click something it often takes 10-15 seconds to work and i often get Not Responding on folders first for a few seconds and then they open the folder ect

 

So I figured there must be something wrong. When I run ASC I see all these files when they scan for malware (Trojan.win32/agent, Backdoor.Frauder ect)

 

But they never pick them up. I down loaded Malwarebytes and got nothing. I ran Bitdefender again and got nothing.

 

So i found this thread and found the Guidlines for asking for help. I used TFC by oldtimer and Deleted all my temporary files that came up suspisious. ( A bunch came up for chrome so i didnt delete those)

 

I used Malware Fighter and they found nothing. So i dont have a log for that.

 

I tried to get DDS but the first download link doesnt work and the second is in spanish. I figured i shouldn't get it in Spanish as i prefer to understand what im downloading.

 

I read that these files can be caused by rootkits so I downloaded the kaspersky rootkit killer program and got nothing.

 

I have attached the Malwarebytes log so you can see what it did come up with. I don't know what else to do. I'm pretty computer savvy. I've known how to format stuff since before i went to kindergarten so i should be able to fix this..

 

EDIT: ASC looks for those malware, they are not in your PC. That's why you see the names when it is scanning to find (Trojan.win32/agent, Backdoor.Frauder ect) if they are in your PC.

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

 

Please run MBAM again, make sure all the infections are checked and select "Remove Selected".

 

Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.
  

*********************************************

Please download Junkware Removal Tool to your desktop.

 

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

 

•Shut down your protection software now to avoid potential conflicts.

 

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

 

•The tool will open and start scanning your system.

 

•Please be patient as this can take a while to complete depending on your system's specifications.

 

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

 

•Copy and Paste the JRT.txt log into your next message.

*****************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

[AndreaSmondria]

MBAM only picked up Secure speed dial files for Chrome and Firefox, you want me to delete these?

[AndreaSmondria]

Bewlow is the report for adware cleaner, i havent cleaned anything yet as the instructions you gave me are not the same as when i turn the program on.

 

Its not as simple and turn it on and press delete. There is no delete theres clean and it asked me to check the programs i want to keep first.

 

Alot of these look like actual microsoft files that should be kept, or they say something so vague that i wouldnt be able to tell whati was deleting.

 

"Application Updater" - that could be anything.

" c:\End" - that doesnt seem right either.

 

before i delete anything, can you confirm that its ok to delete these files?

 

# AdwCleaner v3.002 - Report created 02/09/2013 at 19:18:09

# Updated 01/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : AndreaSmondria - ANDREAABBOTT

# Running from : C:\Users\AndreaSmondria\Downloads\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : Application Updater

 

***** [ Files / Folders ] *****

 

File Found : C:\END

Folder Found : C:\Users\AndreaSmondria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Folder Found C:\Program Files (x86)\Application Updater

Folder Found C:\Program Files (x86)\Common Files\spigot

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\IObit Apps Toolbar

Folder Found C:\Program Files (x86)\uTorrentControl2

Folder Found C:\ProgramData\boost_interprocess

Folder Found C:\Users\AndreaSmondria\AppData\Local\Conduit

Folder Found C:\Users\AndreaSmondria\AppData\Local\cre

Folder Found C:\Users\AndreaSmondria\AppData\Local\Wajam

Folder Found C:\Users\AndreaSmondria\AppData\LocalLow\boost_interprocess

Folder Found C:\Users\AndreaSmondria\AppData\LocalLow\Conduit

Folder Found C:\Users\AndreaSmondria\AppData\LocalLow\Search Settings

Folder Found C:\Users\AndreaSmondria\AppData\LocalLow\uTorrentControl2

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\Zugo

Key Found : [x64] HKCU\Software\APN PIP

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Search Settings

Key Found : [x64] HKCU\Software\Zugo

Key Found : HKLM\Software\Application Updater

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{672145F1-8B84-4157-B976-DD2661FCF093}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E37150-57D1-40FB-B539-C4899F00A80C}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\Search Settings

Key Found : HKLM\Software\uTorrentControl2

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Google Chrome v

 

[ File : C:\Users\AndreaSmondria\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5937 octets] - [02/09/2013 19:02:24]

AdwCleaner[R1].txt - [5997 octets] - [02/09/2013 19:08:06]

AdwCleaner[R2].txt - [5675 octets] - [02/09/2013 19:18:09]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [5735 octets] ##########

[Superdave]

Please run the AdwCleaner scan again and delete those items.

[AndreaSmondria]

Ran Adware Cleaner and deleted. Ran JRT. Here's the log:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.7 (09.01.2013:1)

OS: Windows 7 Home Premium x64

Ran by AndreaSmondria on 02/09/2013 at 20:54:16.03

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\ammyy"

Successfully deleted: [Folder] "C:\Users\AndreaSmondria\appdata\local\software"

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{0464736B-4D95-4623-93AF-8EE6E8A327BE}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{05F24ABD-406A-40B4-9500-A887F133E7DF}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{0B281FBC-4F23-4DB5-94C9-C08D8BBC4558}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{1114B884-5699-4D78-88CB-78126D2946B2}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{113D654F-F2DC-42A0-94BC-35FE98E9A40A}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{157EF50E-CE69-41FA-8BCD-50434E3379A8}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{1633B2C3-3216-48FF-AD2C-56192DCB235A}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{1759C00A-080B-4A4B-897F-445D3F858CD8}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{1C62D40C-23C4-47AD-B72D-CDA94D1DBF45}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{224D20F0-491D-4985-BC16-FB300AB76308}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{24333A69-8A58-436D-963A-680F152A4767}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{24417996-6DF9-4AC5-B1F4-D9D7A9461C1D}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{2E1AFFFB-4068-4F8D-A425-6D0DA619B419}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{2E353879-2F78-480A-A1D4-170B3F108402}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{301D7166-3920-450B-988F-0A3C59EE58E7}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{34D7B604-9F1B-47BA-9959-3D500E70002A}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{3E473ECB-87C2-4812-A1F0-A5366DE2018A}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{47A07E32-1640-4E6E-B303-25BCA9B2DCB1}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{48A1A8FC-776B-444A-A018-A5E5758A001E}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{4983F91C-9721-455C-A50B-CA0A550C7896}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{49F12CC9-1037-4815-96EE-BE38B173EDE2}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{4CFC58EC-7198-4997-B2A8-EDE919B1C753}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{4DEFB3F3-CD7F-4B9F-A69A-256468F42C6F}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{4E4D687D-6F16-4223-BC17-7CF805D603CA}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{4F118286-A479-48E2-918E-B88D5F71D10E}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{51E53745-2027-4CBA-8407-3CE25942B534}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{524FB111-EFFD-4132-AC60-386537B10CFE}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{5B8D6D66-FC23-4EA2-AD91-912D41731E38}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{5CCB1786-A3C4-41E2-B5B7-B81905067608}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{5E63C22C-03DE-4C88-B095-1E3EC5512321}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{5E710DED-23B9-4455-9D5F-F3D047E4291B}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{5EA9A9A9-787A-4576-AB4F-6EC8CD8A5E31}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{5FEA0FF2-1DBD-4319-BE85-C42EC15F16D4}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{614DB75F-6E5B-4920-8E92-2F1DF84660AF}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{683119AF-2731-4632-9CB3-EE336FC78968}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{69430708-C78C-49DC-9F16-BEBEBEED4664}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{69C267D2-A7AF-4CD5-9F21-41CAF2AA125C}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{6B8D9E03-971A-49E0-AD9B-C8C9BD9303CB}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{6DDFB7CC-B34B-4741-9397-4DF4931147AA}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{70EBFE53-2330-44B9-BBDC-ECC6C9446A69}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{70F4A3D4-99CE-4515-B469-D4AD01B6ACAA}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{7164721C-7B40-4725-821C-19B6E804B1B4}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{755299EF-047D-4289-858E-5F247AF956FD}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{75F5E231-2697-42B0-B1F9-1D8033C4B826}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{782DDC65-506F-4846-833E-40C928E8EC5F}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{79B411D4-F896-4386-8A0E-D2680D924B84}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{7AC891FB-5C57-4867-9D15-63ED85D7DBAF}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{7B278F22-CC91-4927-BDDE-5D9A06576C4E}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{7C3E3829-464E-46F1-957A-D8728653ABA4}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{7F846C94-929E-485B-9C73-FEF2BA5D05BE}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{828AA073-26BE-484F-8FFA-C883F48CF64E}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{854C81AB-71AC-43A0-870D-B7E5FB57DD76}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{8AB0756C-9C52-4ED2-A860-886F3CA6F4B8}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{8DDEA646-5D48-4721-954D-F7F4BFD3256A}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{8E2CE322-C135-4512-BA98-3A0F2E9327BC}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{900CDB5C-5144-4216-984B-60E56C5521A7}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{92C23BA9-A7BA-451B-A0B7-EE7ED4474650}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{93084290-4CC4-41F5-8356-35249F0A46A9}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{99EEB4AE-5208-42E7-8E47-1303131E4166}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{9B4E8819-DB29-4FB0-B8B0-586429E9EAD0}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{9B7FC747-7667-48D2-A869-A22816291F29}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{9C70B4B9-7EA3-4932-A0BF-EC765406C31D}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{9D35AD71-15E4-4B5A-BF15-89CF21FE4BD1}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{A0A6A961-1CD6-436A-A9E3-8922D73CFE4A}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{A3DC2D9C-ECF6-4420-A94A-5035FF406167}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{A42D989A-FC6E-40AD-BE91-1ED0FC96125F}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{A61E38FF-FB31-45A7-8457-A868A9108AE9}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{ABFB6EAF-77AC-49FC-97B2-FD67AB94E9E7}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{AF8F014C-B1CE-4CDF-AD45-E9FC023F03AF}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{B032726A-B8EE-4719-BA5A-25225C5EFC8E}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{B2E4458E-7FF6-479A-941B-692AD5D78D9D}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{B8F4B5DB-5C3A-481A-AD1C-1471BFAB1759}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{BAC065DA-F23C-4ED8-8E3F-915EDFDDEE68}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C226AF28-6839-4ADA-8DE9-8086437A1966}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C26A817F-909B-4FC5-9600-AE005A3A4E9D}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C47E0308-78D2-48F2-956F-A10F86E5A1C8}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C4DC3980-E533-4663-9000-1A4610D2C01F}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C53ED95A-7FAF-4ABB-90C7-0A75A128E957}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C6A73BD9-D9A3-42D5-8D86-FBCF193AFD76}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C892290B-5EBB-4722-92C5-33563CC15BAB}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{C9C64896-F415-43A4-93F4-0A7D861F1F14}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{CAA326B7-9493-442F-AF8E-021D0043B80E}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{CC9B5587-7750-4788-98F8-12127D7C95CD}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{CDE964FE-E159-439F-BE83-EC131C63BCF1}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{CFC588D1-E669-460E-B4D4-DF21EA721269}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{D68E14D3-76A7-440B-B2BA-BEACB6230262}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{DB0348C9-C54F-4E6F-A12F-2C68CC4627B8}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{DFA93B3F-3B08-4759-854F-354A3031620F}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{E0D0EFE5-7179-4BBC-AEFF-4578C3D927C8}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{E1D217C5-2A39-48D1-BBA0-A14AF9CF189C}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{E2DE4FE7-96F4-47EC-9081-CCF85EF36C05}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{E5A70116-54D9-4DF0-A816-E457C517D354}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{E5B5596B-1D76-4D5F-9A2A-F5DF2E247240}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{E796BAB3-9060-441A-B3BA-3E0F8E8BAB5C}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{F05DF29C-7502-4A23-90BF-78C8555C43BD}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{F1A5A185-AD7D-4FD5-9A0C-7EC0CFFE97A6}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{F421EE1E-B54B-4D6C-AECA-51AC2E866D5F}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{F59E4CF0-37AE-4D15-B005-1F4AE8B36F86}

Successfully deleted: [Empty Folder] C:\Users\AndreaSmondria\appdata\local\{F750F529-F326-484F-A216-5CEC5250B499}

 

 

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 02/09/2013 at 21:09:37.74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Superdave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

****************************************

Download Combofix from any of the links below, and save it to your DESKTOP.

If your version of Windows defaults to you download folder you will need to copy it to your desktop.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
   
  You will see the following image:
  

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[AndreaSmondria]

downloaded Security Check and ran the program. I got this response:

 

UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

Should I continue and run ComboFix?

[Superdave]

downloaded Security Check and ran the program. I got this response:

 

UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

Should I continue and run ComboFix?

 

Yes please.

[AndreaSmondria]

I disabled my Bitdefender and closed down any malware programs. I closed down ASC (advanced system care) in windows task manager but ComboFix continues to tell me that its still running. So, I opened it up and turned off real time protection and tried running combofix again. It still tells me that ASC is running. So i shut CF down.

 

Should I just shut ASC down in Task manager and run the program even if it tells me its still running? I dont want to do more damage then has already been done.

 

I kinda think ASC is my problem in the first place. I feel like i should just uninstall it and get CCleaner as many people have said its better.

[AndreaSmondria]

Hmmmm, this is weird. My computer has been plugged in for hours. My "husband" just asked for my cord because his computer was low. Then two seconds later my computer shut down. It was weird. I plugged back in and turned it on. When i looked at the battery icon it had a weird X on it. It said plugged it, charging. Consider replacing your battery.

 

This has never happened before. I'm quite good with my battery. I often let it die so it doesn't develop a Memory and cut my battery life in half.

 

This cant be a coincidence. Can one of the program you have me downloading be screwing with my computer and making i think there's something up with my battery?

 

Im going to try the hard restart (remove battery, let comp die and hold power button for 30 seconds) before i go to bed.

 

 

ugh! Did i mention that my lively hood revolves around this computer?

[Superdave]

Run CF even if you can't disable it.

[AndreaSmondria]

here is the Combo fix results:

 

ComboFix 13-09-04.04 - AndreaSmondria 05/09/2013 1:09.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5606.4275 [GMT -2.5:30]

Running from: c:\users\AndreaSmondria\Downloads\ComboFix.exe

AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}

AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1333833851.bdinstall.bin

c:\programdata\1348863002.bdinstall.bin

c:\programdata\1348863318.4764.bin

c:\programdata\1348863318.bdinstall.bin

c:\programdata\1348865881.3280.bin

c:\programdata\1348865881.5548.bin

c:\programdata\1348865881.5748.bin

c:\programdata\1348865881.5788.bin

c:\programdata\1348865881.5820.bin

c:\programdata\1348865881.5824.bin

c:\programdata\1348865881.6068.bin

c:\programdata\1353479567.bdinstall.bin

c:\programdata\1370740465.bdinstall.bin

c:\programdata\1370893502.bdinstall.bin

c:\programdata\1370893798.bdinstall.bin

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DCService.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-08-05 to 2013-09-05 )))))))))))))))))))))))))))))))

.

.

2013-09-05 03:48 . 2013-09-05 03:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-03 10:31 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{554AE2C6-1DB4-45CF-A63D-774FA7C0A52A}\mpengine.dll

2013-09-02 22:00 . 2013-09-02 22:00 -------- d-----w- c:\windows\ERUNT

2013-09-02 21:32 . 2013-09-02 23:16 -------- d-----w- C:\AdwCleaner

2013-09-02 02:25 . 2013-09-02 02:25 -------- d-----w- c:\users\AndreaSmondria\AppData\Roaming\Malwarebytes

2013-09-02 02:25 . 2013-09-02 02:25 -------- d-----w- c:\programdata\Malwarebytes

2013-09-02 02:25 . 2013-09-02 02:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-09-02 02:25 . 2013-04-04 17:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-02 02:24 . 2013-09-02 02:24 -------- d-----w- c:\users\AndreaSmondria\AppData\Local\Programs

2013-09-02 00:08 . 2013-05-22 21:19 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2013-09-02 00:06 . 2013-08-15 20:01 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll

2013-08-14 16:04 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 16:03 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-14 16:03 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-14 16:03 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 16:03 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 16:03 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-14 16:03 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-14 16:03 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-14 16:03 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-14 16:03 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-14 16:03 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-14 16:03 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-14 16:03 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-14 16:03 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-21 03:31 . 2012-04-02 17:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 03:31 . 2012-04-02 17:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-15 04:28 . 2011-08-21 15:43 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-08-01 13:58 . 2013-07-15 14:16 601360 ----a-w- c:\windows\system32\drivers\avckf.sys

2013-08-01 13:58 . 2013-06-10 20:00 727592 ----a-w- c:\windows\system32\drivers\avc3.sys

2013-08-01 13:58 . 2013-06-10 20:00 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2013-07-09 04:45 . 2013-08-14 16:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-06-21 01:09 . 2013-06-21 01:09 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys

2013-06-10 20:31 . 2013-06-10 20:31 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-05-05 802136]

"Facebook Update"="c:\users\AndreaSmondria\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-06 138096]

"Advanced SystemCare Ultimate"="c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]

"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Bell Canada Connection Manager"="c:\program files (x86)\Bell\Mobile Connect\MobileConnect.exe" [2010-11-02 87320]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"{90140000-0011-0000-0000-0000000FF1CE}"="del" [X]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 atillk64;atillk64; [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]

R3 BellCanadaRcAppSvc;Bell Canada Rc App Svc;c:\program files (x86)\Bell\Mobile Connect\RcAppSvc.exe;c:\program files (x86)\Bell\Mobile Connect\RcAppSvc.exe [x]

R3 CABellCanada;Bell Canada Con App Svc;c:\program files (x86)\Bell\Mobile Connect\ConAppsSvc.exe;c:\program files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 NWRmNet;Novatel Wireless RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet.sys;c:\windows\SYSNATIVE\DRIVERS\NWRmNet.sys [x]

R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdm_000.sys [x]

R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser_000.sys [x]

R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2_000.sys [x]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]

R3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe;c:\program files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]

S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]

S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [x]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:31]

.

2013-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3741623903-2970435269-2940525678-1000Core.job

- c:\users\AndreaSmondria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-06 16:11]

.

2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3741623903-2970435269-2940525678-1000UA.job

- c:\users\AndreaSmondria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-06 16:11]

.

2013-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3741623903-2970435269-2940525678-1000Core.job

- c:\users\AndreaSmondria\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-16 22:23]

.

2013-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3741623903-2970435269-2940525678-1000UA.job

- c:\users\AndreaSmondria\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-16 22:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-08 11788392]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-08-27 1574680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ca.search.yahoo.com?type=800236&fr=spigot-yhp-ie

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1 142.177.2.130

TCP: Interfaces\{8388B24F-5319-4EA0-B40A-96A77905D396}: NameServer = 184.106.242.193,67.23.7.56

TCP: Interfaces\{8388B24F-5319-4EA0-B40A-96A77905D396}\14C49414E445630313: NameServer = 184.106.242.193,67.23.7.56

TCP: Interfaces\{8388B24F-5319-4EA0-B40A-96A77905D396}\14E6462756162E08993702960586F6E656024335: NameServer = 184.106.242.193,67.23.7.56

TCP: Interfaces\{8388B24F-5319-4EA0-B40A-96A77905D396}\64D414: NameServer = 184.106.242.193,67.23.7.56

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]

"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Launch Manager\LMutilps32.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Launch Manager\LMworker.exe

.

**************************************************************************

.

Completion time: 2013-09-05 01:29:42 - machine was rebooted

ComboFix-quarantined-files.txt 2013-09-05 03:59

.

Pre-Run: 110,997,364,736 bytes free

Post-Run: 109,986,926,592 bytes free

.

- - End Of File - - 884A0622BD13F1EDF84BB42999AB84CA

5C616939100B85E558DA92B899A0FC36

[Superdave]

The CF log shows you have two AV programs on your computer; Advanced SystemCare Ultimate and Bitdefender Antivirus . Please make sure that you only have one AV enabled at any time otherwise they will cause conflicts.

 

P2P - I see you have P2P software installed on your machine. uTorrent We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*********************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

[AndreaSmondria]

Perfect. I will make sure that both ASC and Bitdefender aren't running at the same time. Do you suggest removing ASC and getting another program for computer maintenance? I've heard that CCleaner is good. Is that an AV also?

 

I'll run RogueKiller now.

[AndreaSmondria]

When I run RK, the RK Quarantine folder came up with a "Debug" file in it. It only says this:

 

[00:00:0016] ***** Global Init *****

[00:00:0016] Has crashed before : 1

[00:00:0016] Create mutex : RogueKiller

[00:00:0032] Mutex Created : 0x1f8

[00:00:0032] Fill lists

 

 

I ran it again and again and got nothing. Do i rename it and run it again if it seems to have run without renaming it. Nothing happened but that folder appeared.

[AndreaSmondria]

the same thing happens when i rename it. All i get is the folder with that file in it.

[Superdave]

I've heard that CCleaner is good. Is that an AV also?

No, CCleaner is just a cleaning scanner to remove junk from your computer. BitDefender is a good AV. You should also keep AdwCleaner, Junkware Removal Tool and MBAM on your computer. Update them and run them on a regular basis to keep your computer clean.

 

I'd like to scan your machine with ESET OnlineScan

 

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

 

•Click the http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png button.

•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png icon on your desktop.
  

•Check http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png

•Click the http://i424.photobucket.com/albums/pp322/digistar/esetStart.png button.

•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png

•Push the Start button.

•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

•When the scan completes, push http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png

•Push http://i424.photobucket.com/albums/pp322/digistar/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

•Push the http://i424.photobucket.com/albums/pp322/digistar/esetBack.png button.

•Push http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt