Still Infected after Mal Pro & BitDefender-Logs Attached

[keithsmith]

I have Malwarebytes Pro and Bitdefender Anti-Virus installed and have complete basic clean up processes with both--yet my PC is still very slow and locks too frequently. The hard drive and processor crank almost continuously.

I think I still have some infection however neither of the tools are finding it. In addition to MBAM & Bitdefender, I have run the TSS and Malwarebyte Anti-Rootkit tools--no additional kills there and they do not find ZeroAccess or others. RKill tool logs show a ZeroAccess registery entry warnings.

I am pasting my DSS log and Rkill log below and attaching the Attach log. Please help me find and kill whatever is still attacking. Thanks in advance for your help!

Keith

----RKILL LOG--------------------------------------------------------

Rkill 2.4.6 by Lawrence Abrams (Grinler)

Copyright 2008-2013 BleepingComputer.com

Program started at: 03/12/2013 07:53:56 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

* C:\Users\Keith Smith\AppData\Local\{6b7324ab-763f-6491-ffc6-e6463cd33fff}\ [ZA Dir]

* C:\Users\Keith Smith\AppData\Local\{6b7324ab-763f-6491-ffc6-e6463cd33fff}\L\ [ZA Dir]

* C:\Users\Keith Smith\AppData\Local\{6b7324ab-763f-6491-ffc6-e6463cd33fff}\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 03/12/2013 07:54:07 AM

Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

--------DSS Log--------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.13.2

Run by Keith Smith at 20:40:43 on 2013-03-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8108.4267 [GMT -4:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\atashost.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe

C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Care\VCAdmin.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig

mStart Page = about:blank

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

mWinlogon: Userinit = userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -

BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [RCUI] "C:\PROGRA~2\RINGCE~1\RINGCE~1\RCUI.exe"

uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [PCTD Service Activation] "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SALESF~1.LNK -

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Trusted Zone: linkedin.com

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab

TCP: NameServer = 24.178.162.3 66.189.0.100 24.217.201.67

TCP: Interfaces\{11662CEF-7ACD-4201-AF8B-CE6F72E29CA1} : DHCPNameServer = 172.26.38.1 172.26.38.2

TCP: Interfaces\{3A2070F4-7E20-4E16-A1C9-1FAF6219773D} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67

TCP: Interfaces\{3A2070F4-7E20-4E16-A1C9-1FAF6219773D}\6596379647F62775C4 : DHCPNameServer = 128.0.0.8

TCP: Interfaces\{3A2070F4-7E20-4E16-A1C9-1FAF6219773D}\75F66666F62746F57457563747 : DHCPNameServer = 192.168.91.2

TCP: Interfaces\{3A2070F4-7E20-4E16-A1C9-1FAF6219773D}\B4569647860235D696478602960586F6E6560253 : DHCPNameServer = 198.224.182.135 198.224.183.135

TCP: Interfaces\{3A2070F4-7E20-4E16-A1C9-1FAF6219773D}\B637D6964786232E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2

TCP: Interfaces\{89331790-AF3D-4D2F-A3AC-1CDF213C331C} : DHCPNameServer = 198.224.181.135 198.224.178.135

TCP: Interfaces\{AFA8176A-8FCF-49B4-809C-57F5E3B7905C} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-2-6 707528]

R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-2-6 145696]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-2-6 103504]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-30 204288]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-1-8 136784]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-13 249648]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-26 19968]

R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-2-6 261056]

R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-2-6 589000]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-1-28 344616]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-1-28 39464]

R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2012-10-1 352144]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-30 317440]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-10-30 12289472]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-18 24176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-14 87552]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-14 207872]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-28 425064]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-6-21 42392]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/28 18:30:22;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-9-27 248304]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-9-15 195320]

S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-2-6 82384]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-6 19456]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-1-28 340072]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-6 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-6 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]

.

=============== Created Last 30 ================

.

2013-03-19 19:38:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37C5B579-1C06-46C2-91FA-F5C14C22AE99}\offreg.dll

2013-03-19 15:40:10 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37C5B579-1C06-46C2-91FA-F5C14C22AE99}\mpengine.dll

2013-03-15 18:53:07 -------- d-----w- C:\Program Files\Derby Magic

2013-03-08 20:42:30 -------- d-----w- C:\Users\Keith Smith\AppData\Local\WinZip Courier

2013-03-08 20:39:40 -------- d-----w- C:\ProgramData\WinZipEC

2013-03-07 16:44:11 -------- d-----w- C:\Users\Keith Smith\AppData\Roaming\DBF Manager

2013-03-07 16:43:53 -------- d-----w- C:\Program Files (x86)\DBF Manager

2013-03-06 22:44:02 -------- d-----w- C:\Users\Keith Smith\AppData\Roaming\IsolatedStorage

2013-03-06 22:44:02 -------- d-----w- C:\ProgramData\IsolatedStorage

2013-03-06 22:43:58 -------- d-----w- C:\Users\Keith Smith\AppData\Local\_

2013-03-06 22:43:50 -------- d-----w- C:\Program Files\FileViewPro

2013-02-27 14:38:38 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2013-02-27 14:26:19 -------- d-----w- C:\Users\Keith Smith\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2013-02-27 14:26:18 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant

2013-02-20 19:59:37 -------- d-----w- C:\Windows\en

2013-02-20 19:57:30 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5de08eec1ce0fa407\skydrivesetup.exe

2013-02-20 19:57:30 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2013-02-20 19:57:30 -------- d-----r- C:\Users\Keith Smith\SkyDrive

2013-02-20 19:57:23 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2013-02-20 19:56:24 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5c40bb851ce0fa404\DSETUP.dll

2013-02-20 19:56:24 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5c40bb851ce0fa404\DXSETUP.exe

2013-02-20 19:56:24 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5c40bb851ce0fa404\dsetup32.dll

2013-02-20 19:56:22 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5b0db5461ce0fa402\DSETUP.dll

2013-02-20 19:56:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5b0db5461ce0fa402\DXSETUP.exe

2013-02-20 19:56:22 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5b0db5461ce0fa402\dsetup32.dll

2013-02-20 19:56:21 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5aa8895b1ce0fa401\DSETUP.dll

2013-02-20 19:56:21 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5aa8895b1ce0fa401\DXSETUP.exe

2013-02-20 19:56:21 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5aa8895b1ce0fa401\dsetup32.dll

2013-02-20 19:56:19 -------- d-----w- C:\Users\Keith Smith\AppData\Local\Windows Live

2013-02-20 19:45:54 -------- d-----w- C:\Users\Keith Smith\AppData\Local\{B8B614C8-61D2-408D-8217-AFA61965963A}

2013-02-20 19:40:38 -------- d-----w- C:\Users\Keith Smith\AppData\Roaming\Youtube Downloader HD

2013-02-20 19:40:27 -------- d-----w- C:\Program Files (x86)\Youtube Downloader HD

.

==================== Find3M ====================

.

2013-03-13 07:11:08 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 07:11:08 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-08 07:48:47 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-08 07:48:46 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-08 07:48:46 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-06 06:10:36 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys

2013-02-06 04:46:15 447991 ----a-w- C:\ProgramData\1360125836.bdinstall.bin

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-01 17:16:51 60864 ----a-w- C:\Users\Keith Smith\g2mdlhlpx.exe

2013-02-01 06:38:26 1752992 ----a-w- C:\rkill.exe

2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-12 01:31:18 707528 ----a-w- C:\Windows\System32\drivers\avc3.sys

2013-01-12 01:31:18 589000 ----a-w- C:\Windows\System32\drivers\avckf.sys

2013-01-09 03:58:30 223312 ----a-w- C:\Windows\SysWow64\atsckernel.exe

2013-01-09 03:58:30 136784 ----a-w- C:\Windows\SysWow64\atashost.exe

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-04-16 15:17:27 3993600 ----a-w- C:\Program Files (x86)\GUT6FD3.tmp

.

============= FINISH: 20:41:42.43 ===============

Attach.txt

[MrCharlie]

Welcome to the forum.

AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

It appears you have Defender enabled, please permanently disable it..you have Bitdefender running:

http://www.howtogeek...ow-turn-it-off/

Next...........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!