avira keeps detecting virus & cannot log in to windows 7

[Kyle_MRF]

Firstly, i'd like to thank everyone who is willing to read this post. i have been getting constant virus alerts by avira yesterday. the virus was listed as 'VBS/Dinihou.trf.16'. The locations it was found was at desktop and startup under the directory 'publgdnzsz.vbs'. i quarantined it a few times, but the problem still persists. Then, i decided to scan with malwarebytes. i moved the threats found by malwarebytes to the quarantine. After restarting my computer, i found that i couldn't log in on normal mode. log in is only possible in safe mode.So, i assume maybe its because of the things i quarantined. i'd like to get your opinions on whether the quarantined items should be  restored or not. i'd like to apologize if my post doesn't follow the rules since this is my first post. Below is the log from the malwarebytes scan results, as well as the DDS.txt and Attach.txt :

 

attach.txt

dds.txt

[Kyle_MRF]

this is the scan results log :

 

mbam-log-2013-12-22 (03-35-12).txt

[Maniac]

Hello Kyle_MRF and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[Kyle_MRF]

i haven't tried the combofix solution you listed yet since it seems risky to run it without supervision, and i'm not really experienced with computers. so, i just tried meddling with the clean boot option. after disabling services named mbamschedule, mbamservice, google updater, skype and etc., i could log in normally again.not sure why, but for now, everything seems fine. should i continue with the combofix?

[Maniac]

No, please generate a new fresh DDS log files, but please do not take any action without my instructions if you want to help you, because I couldn't monitor your system.

[Kyle_MRF]

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.45.2
Run by Asus at 13:27:34 on 2013-12-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1966.715 [GMT 8:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Programs\My Lockbox\mylbx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\Asus\AppData\Roaming\Maxis Broadband\ouc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - <orphaned>
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [publgdnzsz] wscript.exe //B "C:\Users\Asus\AppData\Local\Temp\publgdnzsz.vbs"
uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [HW_OPENEYE_OUC_Maxis Broadband] "C:\Program Files (x86)\Maxis Broadband\UpdateDog\ouc.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{484E0D33-FBF5-4C7A-9426-B039770D7E17} : DHCPNameServer = 172.16.35.7 172.16.30.7
TCP: Interfaces\{617332FB-FB00-4680-BAE4-BAC56DC4A547} : NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{B9B140F5-50AC-45F9-A130-CE4CD6BA8775} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B9B140F5-50AC-45F9-A130-CE4CD6BA8775}\86F626F602D616E6 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{B9B140F5-50AC-45F9-A130-CE4CD6BA8775}\D69713033702D6567616D616C6C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B9B140F5-50AC-45F9-A130-CE4CD6BA8775}\D69713033704B444D4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BE0BE1D1-AC65-40B3-8D33-D31A7E9213BC} : NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{C815A880-33D8-4373-A79C-CBB1D9F53E64} : NameServer = 58.71.136.10 58.71.132.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mylbx] D:\Programs\My Lockbox\mylbx.exe /a
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\tm527uqp.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-05 15:17; {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}; C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\tm527uqp.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF - ExtSQL: 2013-11-07 12:53; mozilla_cc@internetdownloadmanager.com; C:\Users\Asus\AppData\Roaming\IDM\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\Windows\System32\drivers\BFRD4G.sys [2011-7-22 47232]
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows\System32\drivers\bftpdskc64.sys [2012-12-17 72016]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-22 28600]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-22 108440]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-23 95760]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows\System32\drivers\bftpusbx64.sys [2012-12-17 20608]
.
=============== Created Last 30 ================
.
2013-12-23 07:08:10 -------- d-----w- C:\Program Files (x86)\Steam
2013-12-22 03:24:45 -------- d-----w- C:\AdwCleaner
2013-12-22 02:01:35 -------- d-----w- C:\Users\Asus\AppData\Roaming\SUPERAntiSpyware.com
2013-12-22 02:01:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-22 02:01:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-22 01:30:59 -------- d-----w- C:\UsbFix
2013-12-21 19:25:42 39936 ----a-w- C:\Windows\SysWow64\drivers\extit.sys
2013-12-21 04:48:22 -------- d-----w- C:\Users\Asus\AppData\Roaming\Curiolab
2013-12-18 09:54:00 274032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\updater.exe
2013-12-18 09:54:00 22031984 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\xul.dll
2013-12-18 09:54:00 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\webapp-uninstaller.exe
2013-12-18 09:54:00 108144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\webapprt-stub.exe
.
==================== Find3M ====================
.
2013-12-17 11:39:21 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-12-17 11:39:21 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-12-12 04:06:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 04:06:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 19:26:19 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-11-04 12:36:02 381440 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-10-13 16:30:17 925184 ----a-w- C:\Windows\expstart.exe
2013-10-07 23:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 13:29:46.14 ===============

 

Attach.txt: 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 30/9/2012 3:54:42 PM
System Uptime: 24/12/2013 1:21:40 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K42JY
Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | Socket 989 | 2399/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 55.302 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 55.968 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0100\1010100
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0100\1010100
Service:
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® Turbo Boost Technology Driver
Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_1F371043&REV_06\3&11583659&0&FE
Manufacturer: Intel
Name: Intel® Turbo Boost Technology Driver
PNP Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_1F371043&REV_06\3&11583659&0&FE
Service: Impcd
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&10EF21E&0&74E543786B8F_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&10EF21E&0&74E543786B8F_C00000000
Service:
.
==== System Restore Points ===================
.
RP95: 12/12/2013 7:57:13 AM - Scheduled Checkpoint
RP96: 23/12/2013 2:04:06 PM - Removed FARO LS 1.1.406.58
.
==== Installed Programs ======================
.
µTorrent
4K Stogram 1.3
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
ASUS Virtual Camera
Avira Free Antivirus
BUFFALO Backup Utility
BUFFALO BuffaloTools Launcher
Buffalo RAMDISK Utility
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
Canon E500 series MP Drivers
Canon E500 series On-screen Manual
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CodeBlocks
CyberLink YouCam
DEVIL MAY CRY 4
Dota 2
FormatFactory 2.96
Glary Utilities 3.9.2
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
Internet Download Manager
Java 7 Update 45
Java Auto Updater
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
K-Lite Codec Pack 7.8.0 (Full)
LTspice IV
Malwarebytes Anti-Malware version 1.75.0.1300
Maxis Broadband
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft WSE 3.0 Runtime
Minilyrics
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
My Lockbox 2.9
NWZ-B170 WALKMAN Guide
Opera 12.16
PCSX2 - Playstation 2 Emulator
PIXresizer
Pokémon Trading Card Game Online
RAD Video Tools
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Skype Click to Call
Skype™ 6.2
Smart Defrag 2
Steam
SUPERAntiSpyware
swMSM
TagScanner 5.1.622
TeraCopy 2.27
TinyCAD 2.80.03
USB 2.0 VGA UVC WebCam
UsbFix
VLC media player 2.0.8
.
==== Event Viewer Messages From Past Week ========
.
24/12/2013 7:40:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
24/12/2013 7:25:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
23/12/2013 3:22:51 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23/12/2013 3:22:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23/12/2013 3:22:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/12/2013 3:22:13 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/12/2013 3:14:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
23/12/2013 3:14:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23/12/2013 3:13:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
23/12/2013 3:13:37 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/12/2013 2:10:18 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
23/12/2013 12:14:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
23/12/2013 11:51:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
23/12/2013 11:51:13 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
23/12/2013 11:50:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
23/12/2013 10:53:51 AM, Error: Service Control Manager [7023] - The Internet Connection Sharing (ICS) service terminated with the following error: %%-2147467243
23/12/2013 10:53:48 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
23/12/2013 10:53:48 AM, Error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
23/12/2013 10:53:48 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
23/12/2013 10:53:48 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
23/12/2013 10:53:48 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
23/12/2013 10:53:48 AM, Error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
23/12/2013 10:53:47 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
23/12/2013 10:51:48 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
23/12/2013 10:51:48 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
23/12/2013 1:52:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 1:50:10 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2013 1:50:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23/12/2013 1:50:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/12/2013 1:50:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/12/2013 1:50:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/12/2013 1:49:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache SASDIFSV SASKUTIL spldr Wanarpv6
23/12/2013 1:49:18 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
23/12/2013 1:48:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
23/12/2013 1:47:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
23/12/2013 1:45:48 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
22/12/2013 9:24:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
22/12/2013 9:23:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
22/12/2013 9:23:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
22/12/2013 9:22:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
22/12/2013 9:21:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
22/12/2013 9:21:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
22/12/2013 9:20:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
22/12/2013 9:19:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
22/12/2013 9:00:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache spldr Wanarpv6
22/12/2013 6:57:33 AM, Error: NetBT [4321] - The name "ASUS-PC :0" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.20.206 did not allow the name to be claimed by this computer.
22/12/2013 5:21:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
22/12/2013 5:20:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CscService service.
22/12/2013 5:20:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
22/12/2013 3:32:49 AM, Error: NetBT [4321] - The name "ASUS-PC :0" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.21.237 did not allow the name to be claimed by this computer.
22/12/2013 3:25:42 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\extit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
22/12/2013 12:14:47 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{484E0D33-FBF5-4C7A-9426-B039770D7E17} because another computer on the network has the same name. The server could not start.
22/12/2013 12:14:47 PM, Error: NetBT [4321] - The name "ASUS-PC :20" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.20.206 did not allow the name to be claimed by this computer.
22/12/2013 12:14:46 PM, Error: NetBT [4321] - The name "ASUS-PC :0" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.21.5 did not allow the name to be claimed by this computer.
22/12/2013 11:12:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/12/2013 11:05:54 AM, Error: NetBT [4321] - The name "ASUS-PC :20" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.21.237 did not allow the name to be claimed by this computer.
22/12/2013 10:01:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
22/12/2013 10:01:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
21/12/2013 12:44:54 PM, Error: NetBT [4321] - The name "ASUS-PC :0" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.20.239 did not allow the name to be claimed by this computer.
20/12/2013 11:53:12 AM, Error: NetBT [4321] - The name "ASUS-PC :20" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.20.78 did not allow the name to be claimed by this computer.
19/12/2013 10:40:42 AM, Error: NetBT [4321] - The name "ASUS-PC :20" could not be registered on the interface with IP address 10.51.20.107. The computer with the IP address 10.51.21.5 did not allow the name to be claimed by this computer.
17/12/2013 7:43:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
17/12/2013 7:40:31 PM, Error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
17/12/2013 7:40:30 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================

[Maniac]

Step 1

Please uninstall this application: µTorrent

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[Kyle_MRF]

Junkware Removal Tool log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Asus on Fri 27/12/2013 at 3:48:01.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 27/12/2013 at 3:55:58.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner log:

 

 

# AdwCleaner v3.016 - Report created 27/12/2013 at 04:00:31
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Asus - ASUS-PC
# Running from : C:\Users\Asus\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowse_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowse_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowseSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowseSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\OCS

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\tm527uqp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4256 octets] - [22/12/2013 11:24:59]
AdwCleaner[R1].txt - [4178 octets] - [23/12/2013 15:07:28]
AdwCleaner[R2].txt - [2672 octets] - [27/12/2013 03:59:36]
AdwCleaner[s0].txt - [4513 octets] - [23/12/2013 15:14:19]
AdwCleaner[s1].txt - [2582 octets] - [27/12/2013 04:00:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2642 octets] ##########

Malwarebytes' Anti-Malware log:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.26.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Asus :: ASUS-PC [administrator]

Protection: Disabled

27/12/2013 4:08:32 AM
MBAM-log-2013-12-27 (04-17-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258048
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-214854188-235747448-3433788705-1000\$RNK2907.rar (Backdoor.Agent) -> No action taken.

(end)

[Maniac]

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

• When should I re-format? How should I reinstall?
• Help: I Got Hacked. Now What Do I Do?
• Where to draw the line? When to recommend a format and reinstall?

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!