22 replies to this topic

[Synetra]

I'm sorry but I need help, I can't seem to download Hijack this from their site. But this is the log that has gotten me worried from malwarebytes:


2012/09/05 20:51:29 +0100 MICHELLE-PC Michelle MESSAGE Starting protection
2012/09/05 20:51:30 +0100 MICHELLE-PC Michelle MESSAGE Executing scheduled update: Daily
2012/09/05 20:51:31 +0100 MICHELLE-PC Michelle MESSAGE Protection started successfully
2012/09/05 20:51:34 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection
2012/09/05 20:51:35 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully
2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Scheduled update executed successfully: database updated from version v2012.09.04.04 to version v2012.09.05.10
2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh
2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection
2012/09/05 20:52:52 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped
2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully
2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection
2012/09/05 20:52:55 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully
2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot QUARANTINE
2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle ERROR Quarantine failed: SetFileAttributes failed with error code 5
2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY
2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY
2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh
2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection
2012/09/05 23:29:29 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped
2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully
2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection
2012/09/05 23:29:31 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully

See it says the quarantine failed? I just ran a full scan and it came up clear. What should be my next step? I know this is an old log, I was just having a look through them and then saw this.

[AdvancedSetup]

Please start Malwarebytes and check for updates. Then do a Quick Scan and post back the log.

Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file and simply attach it to your reply here.

[Synetra]

 Attach.zip   2K   8 downloadsThankyou for getting back to me, there are the requested logs. I did find that on right clicking DDS, there wasn't an option to run it as an administrator. I also found that the attach report didn't need unzipping, so I tried to send it to a zipped folder to attach. I hope I have done this right otherwise. Again thankyou.


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE-PC [administrator]

Protection: Enabled

12/09/2012 09:31:51
mbam-log-2012-09-12 (09-31-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 198416
Time elapsed: 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Michelle at 9:44:38 on 2012-09-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16354.14044 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Michelle\AppData\Local\Apps\2.0\70NZ94KL.RXG\MPJQ7C2X.GBV\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe
C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1009&m=aspire_g7200
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632
uURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll
mURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A4FF57CD-E9F5-47B1-BFAC-91D70B364B20} : DhcpNameServer = 192.168.1.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll
BHO-X64: CAssistLive - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-11 44808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250568]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-31 135584]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-8-30 33592]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328]
S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-8-30 14136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-11 22:14:09 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-09-11 22:14:09 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-09-11 22:14:09 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-09-11 22:14:01 41224 ----a-w- C:\Windows\avastSS.scr
2012-09-11 22:04:03 -------- d-----w- C:\Users\Michelle\AppData\Local\Avg2013
2012-09-11 21:59:00 -------- d-----w- C:\Users\Michelle\AppData\Roaming\TuneUp Software
2012-09-11 19:47:12 -------- d--h--w- C:\ProgramData\Common Files
2012-09-11 19:47:12 -------- d-----w- C:\Users\Michelle\AppData\Local\MFAData
2012-09-11 19:47:12 -------- d-----w- C:\ProgramData\MFAData
2012-09-11 14:46:59 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86C433E4-F65E-4A6F-A217-3B01CF5DE277}\mpengine.dll
2012-09-10 21:51:07 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-09-10 21:09:27 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Microsoft Games
2012-09-10 21:09:04 -------- d-----w- C:\ProgramData\Microsoft Games
2012-09-10 21:09:04 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2012-09-10 21:01:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-09-06 18:51:58 -------- d-----w- C:\Users\Michelle\AppData\Local\ElevatedDiagnostics
2012-09-03 18:18:53 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-09-03 17:45:35 -------- d-----w- C:\Users\Michelle\AppData\Local\Microsoft Games
2012-09-03 17:35:54 -------- d-----w- C:\ProgramData\Battle.net
2012-09-03 17:31:02 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes
2012-09-03 17:31:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-03 17:30:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-03 17:30:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-03 14:17:45 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-03 14:08:08 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-03 14:08:08 -------- d-----w- C:\Program Files\AVAST Software
2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\drivers\athurx.sys
2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\athurx.sys
2012-09-03 13:58:38 -------- d-----w- C:\Windows\Options
2012-09-03 13:58:20 -------- d-----w- C:\ProgramData\TP-LINK
2012-09-03 13:53:34 -------- d-----w- C:\Users\Michelle\AppData\Roaming\LibreOffice
2012-09-01 09:51:33 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2012-08-31 15:58:07 -------- d-----w- C:\Users\Michelle\AppData\Local\IsolatedStorage
2012-08-31 15:58:06 -------- d-----w- C:\Users\Michelle\AppData\Local\Futuremark_Corporation
2012-08-31 15:17:20 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-08-31 15:17:14 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2012-08-31 15:17:14 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2012-08-31 15:17:13 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2012-08-31 15:17:13 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-08-31 15:17:13 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2012-08-31 15:17:13 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-08-31 15:17:13 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2012-08-31 15:17:13 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-08-31 15:17:13 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2012-08-31 15:17:13 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-08-31 13:06:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-31 13:06:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 13:06:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 13:05:45 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 13:05:45 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 12:59:57 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5
2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Windows Live Writer
2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Local\Windows Live Writer
2012-08-31 12:46:56 -------- d-----w- C:\Users\Michelle\AppData\Local\Apple Computer
2012-08-31 12:43:25 -------- dc----w- C:\Users\Michelle\AppData\Local\MigWiz
2012-08-31 08:46:56 -------- d-----w- C:\Users\Michelle\Tracing
2012-08-31 08:46:28 -------- d-----w- C:\Windows\en
2012-08-31 08:46:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-08-31 08:46:16 -------- d-----w- C:\Windows\PCHEALTH
2012-08-31 08:46:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-08-31 08:46:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-08-31 08:46:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-08-31 08:46:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-08-31 08:44:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-08-31 08:42:59 -------- d-----w- C:\Users\Michelle\AppData\Local\Google
2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Deployment
2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Apps
2012-08-31 08:41:27 -------- d-----w- C:\iDrive
2012-08-31 08:40:40 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-31 08:40:39 -------- d-----w- C:\Users\Michelle\AppData\Local\Conduit
2012-08-31 08:39:59 -------- d-----w- C:\Program Files (x86)\CAssistLive
2012-08-30 21:28:04 -------- d-----w- C:\Windows\Panther
2012-08-30 21:27:51 -------- d-sh--w- C:\Boot
2012-08-30 21:07:02 -------- d-----w- C:\archive_db
2012-08-30 15:56:46 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-30 15:56:46 -------- d-----w- C:\Windows\System32\Wat
2012-08-30 15:41:06 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-30 15:37:44 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-08-30 15:31:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-30 15:31:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-30 15:31:32 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-08-30 15:31:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-30 15:31:32 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-30 15:31:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-30 15:31:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-30 15:29:59 395776 ----a-w- C:\Windows\System32\webio.dll
2012-08-30 15:28:43 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-08-30 15:28:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-08-30 15:28:02 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-30 15:28:02 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-08-30 15:28:02 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-08-30 15:27:51 77312 ----a-w- C:\Windows\System32\packager.dll
2012-08-30 15:27:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-08-30 15:08:26 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-08-30 15:08:26 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-08-30 13:54:46 -------- d-----w- C:\Program Files (x86)\Setup Files
2012-08-30 13:38:55 -------- d-----w- C:\Windows\pss
2012-08-30 13:34:53 -------- d--h--w- C:\ControlCenterCount
2012-08-30 13:03:15 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-30 13:02:36 -------- d-----w- C:\Program Files\AMD
2012-08-30 13:02:36 -------- d-----w- C:\Program Files (x86)\AMD
2012-08-30 13:02:35 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-30 13:02:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-08-30 13:02:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-08-30 12:58:12 -------- d-----w- C:\AMD
2012-08-30 12:53:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-08-30 12:53:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-08-30 12:53:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-08-30 12:51:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-30 12:51:48 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-08-30 12:51:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-30 12:51:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-30 12:51:23 -------- d-----w- C:\Program Files (x86)\MSI
2012-08-30 12:50:34 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-08-30 12:50:13 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-30 12:47:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-08-30 12:47:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-08-30 12:47:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-08-30 12:47:00 -------- d-----w- C:\Program Files (x86)\Realtek
2012-08-30 12:44:15 -------- d-----w- C:\Users\Michelle\AppData\Local\AMD
2012-08-30 12:44:14 -------- d-----w- C:\Users\Michelle\AppData\Local\ATI
2012-08-30 12:42:08 44672 ----a-r- C:\Windows\System32\drivers\usbfilter.sys
2012-08-30 12:41:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-08-30 12:41:47 -------- d-----w- C:\ProgramData\AMD
2012-08-30 12:41:44 79488 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2012-08-30 12:41:44 40064 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
2012-08-30 12:41:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-08-30 12:41:36 -------- d-sh--w- C:\Windows\Installer
2012-08-30 12:41:36 -------- d-----w- C:\Program Files\ATI
2012-08-30 12:40:30 -------- d-----w- C:\Program Files\ATI Technologies
2012-08-30 12:37:58 -------- d-----w- C:\MSI
2012-08-23 12:55:04 -------- d-----w- C:\OEM
.
==================== Find3M ====================
.
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:22:36 77312 ----a-w- C:\Windows\System32\amdave64.dll
2012-07-28 01:22:28 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll
2012-07-28 01:22:16 74240 ----a-w- C:\Windows\System32\atisamu64.dll
2012-07-28 01:22:10 71168 ----a-w- C:\Windows\atisamu32.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-27 21:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-27 21:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-27 21:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-27 21:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-27 21:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-27 21:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-27 21:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-27 21:44:56 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-27 21:44:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 14:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 13:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 9:44:58.51 ===============

[AdvancedSetup]

Please download the adwCleaner
http://general-chang...de/2-adwcleaner


Run the Tool
Windows Vista and Windows 7 users
Right click on the adwCleaner.exe program and select the option "Run as administrator"

Select the Delete button not the search button and click it.

When the scan completes, it will open a notepad document.
Please save this file somewhere you can remember where it is and attach it on your next reply.


Next, please run a free online scan with the ESET Online Scanner

http://www.eset.eu/online-scanner

Note: You will need to use Internet Explorer for this scan.

* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the ActiveX control to install
* Click Start
* Make sure that the options Remove found threats and the option Scan unwanted applications is checked
* Click Scan
Wait for the scan to finish
* Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Attach that log on your next reply

Thank you

[Synetra]

ok as requested, I did notice the ESET Onlinescanner did Quarantine a file. But I'm not sure the log has saved correctly because there isn't much in it.

# AdwCleaner v2.001 - Logfile created 09/12/2012 at 10:45:39
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Michelle - MICHELLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Michelle\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Michelle\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\CAssistLive
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit
Folder Deleted : C:\Users\Michelle\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Michelle\AppData\LocalLow\CAssistLive
Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CAssistLive
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\CAssistLive
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2306632
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A366883A-2D70-4116-9B44-E41E5A1FAB50}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5DC0EBC-DBB9-439F-AEF7-468DBEA4ED55}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CAssistLive Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632 --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ]
Deleted [l.44] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.47] : keyword = "isearch.avg.com",
Deleted [l.50] : search_url = "hxxps://isearch.avg.com/search?cid={37E7584F-7AE0-4C18-BBD1-17923B800E23}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",
Deleted [l.1133] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632",
Deleted [l.1359] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ]

*************************

AdwCleaner[S1].txt - [5313 octets] - [12/09/2012 10:45:39]

########## EOF - C:\AdwCleaner[S1].txt - [5373 octets] ##########


The Eset log:



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

[Synetra]

EDIT: I went back to ESET and after deleteing the file it detected as a worm from the quarantine (the file was Acer Live\Home media, I'm sure it was something like that). I ran the scan again and this time it created a more detailed log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9792f5ca675bd14b85d61925aeb9c387
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-12 02:58:10
# local_time=2012-09-12 03:58:10 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 56292 99921939 0 0
# compatibility_mode=8192 67108863 100 0 13333 13333 0 0
# scanned=363670
# found=0
# cleaned=0
# scan_time=5001

[AdvancedSetup]

Next, download Security Check from here

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Start Malwarebytes and check for updates and run a Quick Scan and send me back the new log


Let me know how the computer is running now.

Thanks

[Synetra]

Ok here are the new logs, thanks for all the help, so whats the diagnosis, can I lift the sign off my PC that says "unclean" ? It seems to be running just fine at the moment.

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````



Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE-PC [administrator]

Protection: Enabled

12/09/2012 20:22:46
mbam-log-2012-09-12 (20-22-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 198946
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[AdvancedSetup]

Yes the computer appears to be working well now and the threats detected have been removed.

Please make sure to keep all your plugins such as Java, Flash, Acrobat Reader up to date at all times.
Keep your Anti-Virus and Malwarebytes up to date daily and always running as well as Windows updates.

If there is nothing else we should be done here now.

[Synetra]

I seem to be having blue screening now. I've taken photographs of the errors. Should I link those there?

[AdvancedSetup]

Please run the DDS scan again but this time please attach the logs don't just copy/paste into your post.

Thanks

[Synetra]

Thank you again, here are the files.

Attached Files

•  DDS.txt   30.42K   8 downloads
•  Attach.zip   2.72K   7 downloads

[AdvancedSetup]

The logs show that you intalled avast! Antivirus but you already have Norton Internet Security installed.
RP41: 12/09/2012 16:47:41 - avast! Free Antivirus Setup

You can only have 1 Anti-Virus program installed and running at one time. Please choose one and fully remove the other one.


Please remove one of the AV products and proceed with the following.

• Download ComboFix from below:
  
  Combofix download
  
  
  * IMPORTANT !!! Place combofix.exe on your Desktop
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
  
• Right click on combofix.exe & and choose Run as administrator and follow the prompts.
  
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  
• When finished, it will produce a log for you. Post that log in your next reply. You can also locate this file here c:\combofix.txt
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
  
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  ---------------------------------------------------------------------------------------------

[Synetra]

I should only have Norton installed, I was using AVAST. But before installing Norton I used the add remove programs to uninstall it. It seems its rather stubborn and some files haven't been removed. This is the Combofix log.

 Combofix.txt   33.06K   12 downloads

[AdvancedSetup]

Please download MiniToolBox, save it to your desktop and run it.
http://www.bleepingc...itoolbox/dl/65/

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and send back the Result.txt.
A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

[Synetra]

Here is the new log:  Result.txt   57.16K   13 downloads
You didn't say which devices (there where several options, so I selected "All"
Thankyou for taking the time to help me out with this, could I ask what you think might be going on? I've not had the blue screen error today yet, well so far.

[AdvancedSetup]

Hello Synetra,

The current issues with your computer appears to be general in nature and possibly caused by the infection but is damage not an ongoing infection. This is beyond the scope of malware detection and removal but I have provided some advice below that hopefully will help you to get your system working fully again.

There are some driver issues. It could possibly be due to corruption or pemrissions issues.
The first one looks to be part of a video driver (links below may help with fixing that)

http://www.rage3d.co....php?t=33987715
http://www.sevenforu...r-help-plz.html

The second one appears to probably be your Atheros wireless card. Please see if the link below helps
http://answers.micro...33-3809dce3a506

Basically in a nutshell a reinstall of the drivers might correct the issue for you. If not then you'll need to follow-up either here in the PC General forum or on one of the other many PC Support forums on the Internet.


System errors:
=============
Error: (09/13/2012 08:15:15 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (09/13/2012 08:15:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126


At this time you no longer appear to have an infection on the system. You can go ahead and remove combofix by clicking on START and type in the following or copy/paste.

COMBOFIX.EXE /uninstall

Thank you again.

[Synetra]

Thank your for all your help, I appreciate it. If I can just ask one last thing. Is my PC now safe to use for things such as online banking and shopping etc?

[AdvancedSetup]

Based on current findings none of the scanners or Anti-Virus tools are finding any type of infection. You should be safe to do so at this time.

If you do experience or come across anything that seems in the least suspicious though let me know and we can run some other AV tools if needed.

Thanks

[Synetra]

I have noticed something that has struck me as odd. Malware bytes settings seem to be being changed when I first turn my pc on. File system protection and Malicous website blocking. I do have Norton internet securtiy, could it be turning the features off?