Not sure if i have a virus or something

[michalpaladin]

I'm having many problems with my computer and need a little help. I'm running Windows 7 and I think I might have a virus, not sure.

1. The bottom right network icon has a red x over it, it says I'm not connected and that there are no connections available. But I can still access the internet, although any type of video is extremely choppy. When I troubleshoot it I get an error.
2. When I try to open a file like an MP3 or JPEG I get a message saying no such interface is supported.
3. My sound doesn't work at all.

I'm not sure how this happened but if someone could help me I would appreciate it.

Also, I hope I didn't post this in the wrong section 

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
First, let's start with a couple of easy fixes to see what happens.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run the following.
**********************************************************
This free tool from MS will fix a number of problems on your computer. Let's try it.

Please download and run MS Fix-it from here.

[michalpaladin]

Ok. After running rkill it went into cmd and then notepad or something and it wrote

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/15/2012 at 18:59:48.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Users\Michal\Desktop\MicrosoftFixit.AudioPlayback.RNP.13425796147046184.2.1.Run.exe


Rkill completed on 04/15/2012 at 18:59:52.


Then when i tried running Microsoft Fix it i got a message saying Troubleshooting cannot continue because an error has occurred.   

[SuperDave]

Ok. If this won't run in Normal mode please try running it in Safe Mode.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
********************************************************
Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[michalpaladin]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Michal :: MICHAL-PC [administrator]

4/15/2012 7:12:03 PM
mbam-log-2012-04-15 (19-12-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335623
Time elapsed: 38 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{58A21E6D-8C2F-48DF-B82D-5C72A54C68F6} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A21E6D-8C2F-48DF-B82D-5C72A54C68F6} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A21E6D-8C2F-48DF-B82D-5C72A54C68F6} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{58A21E6D-8C2F-48DF-B82D-5C72A54C68F6} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58A21E6D-8C2F-48DF-B82D-5C72A54C68F6} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

(end)






When I try to run aswMBR.exe  I get a message saying could not start application
When I try to save aswMBR.exe I get a message saying no registered application for this extension

[SuperDave]

Please try running this one.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[michalpaladin]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows 7 Ultimate Edition
Windows Information:       (build 7600), 64-bit
Base Board Manufacturer:   Gigabyte Technology Co., Ltd.
BIOS Manufacturer:      Award Software International, Inc.
System Manufacturer:      Gigabyte Technology Co., Ltd.
System Product Name:      H55-USB3
Logical Drives Mask:      0x000007fc

Kernel Drivers (total 161):
  0x0301B000 \SystemRoot\system32\ntoskrnl.exe
  0x035F6000 \SystemRoot\system32\hal.dll
  0x00BC7000 \SystemRoot\system32\kdcom.dll
  0x00CAE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CF2000 \SystemRoot\system32\PSHED.dll
  0x00D06000 \SystemRoot\system32\CLFS.SYS
  0x00E08000 \SystemRoot\system32\CI.dll
  0x00EC8000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F6C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F7B000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FD2000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00FDB000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00D64000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00FE5000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00D97000 \SystemRoot\System32\drivers\partmgr.sys
  0x00DAC000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FF2000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00C6C000 \SystemRoot\system32\DRIVERS\jraid.sys
  0x00DC1000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x00C8C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00DF0000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x010FA000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x01124000 \SystemRoot\system32\drivers\amdxata.sys
  0x0112F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0117B000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0122C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0118F000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013CE000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01000000 \SystemRoot\System32\Drivers\cng.sys
  0x013E8000 \SystemRoot\System32\drivers\pcw.sys
  0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01482000 \SystemRoot\system32\drivers\ndis.sys
  0x01574000 \SystemRoot\system32\drivers\NETIO.SYS
  0x015D4000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01601000 \SystemRoot\System32\drivers\tcpip.sys
  0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0144A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0145A000 \SystemRoot\System32\Drivers\spldr.sys
  0x010BF000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01462000 \SystemRoot\System32\Drivers\mup.sys
  0x01474000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x018A5000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x018DF000 \SystemRoot\system32\DRIVERS\disk.sys
  0x018F5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x0195B000 \SystemRoot\System32\DRIVERS\cmderd.sys
  0x01963000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x01800000 \SystemRoot\System32\DRIVERS\cmdguard.sys
  0x01890000 \SystemRoot\System32\Drivers\Null.SYS
  0x01899000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0198D000 \SystemRoot\System32\drivers\vga.sys
  0x0199B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x019C0000 \SystemRoot\System32\drivers\watchdog.sys
  0x019D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x019D9000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x019E2000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x019EB000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x0120A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x02CA5000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x02CC3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02CD0000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
  0x02CDC000 \SystemRoot\system32\drivers\afd.sys
  0x02D65000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02DAA000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x02DB5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02DBE000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02DE4000 \SystemRoot\system32\DRIVERS\inspect.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02C0F000 \SystemRoot\system32\DRIVERS\serial.sys
  0x02C2C000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02C47000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x02C5B000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x03EFA000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03F4B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03F57000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03F62000 \SystemRoot\System32\drivers\discache.sys
  0x03F71000 \SystemRoot\system32\drivers\csc.sys
  0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03E1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03E2F000 \SystemRoot\system32\DRIVERS\AppleCharger.sys
  0x03E37000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x03E5D000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0480E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x053F1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x0407C000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x04170000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x041B6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x041DA000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x041EB000 \SystemRoot\system32\drivers\usbuhci.sys
  0x04000000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x04056000 \SystemRoot\system32\drivers\usbehci.sys
  0x03E73000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
  0x04067000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x03EA2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x042BE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x042FC000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x04308000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x04315000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x04325000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0433B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x0435F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0436B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0439A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x043B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x043D6000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x043F0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0420F000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x0421E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04220000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04263000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x05A82000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05ADC000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
  0x05AF3000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05B08000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x05B2B000 \SystemRoot\system32\drivers\portcls.sys
  0x05B68000 \SystemRoot\system32\drivers\drmk.sys
  0x05B8A000 \SystemRoot\system32\drivers\ksthunk.sys
  0x068F5000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x06B27000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x06B35000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x06B41000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x06B4A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x06B5D000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x00020000 \SystemRoot\System32\win32k.sys
  0x06B78000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06B84000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x06BA1000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x06BAF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x06BC8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x06BD1000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x06BDE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x06BEC000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x004D0000 \SystemRoot\System32\TSDDD.dll
  0x006E0000 \SystemRoot\System32\cdd.dll
  0x00990000 \SystemRoot\System32\ATMFD.DLL
  0x06800000 \SystemRoot\system32\drivers\luafv.sys
  0x06823000 \SystemRoot\system32\drivers\WudfPf.sys
  0x06844000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x06859000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06E3A000 \SystemRoot\system32\drivers\HTTP.sys
  0x06F02000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x06F20000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x06F38000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06F65000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x06FB3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0741F000 \SystemRoot\system32\drivers\peauth.sys
  0x074C5000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x074D0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x074FD000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0750F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x078F5000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0798A000 \??\C:\Windows\gdrv.sys
  0x07800000 \SystemRoot\system32\drivers\spsys.sys
  0x07871000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x76E20000 \Windows\System32\ntdll.dll
  0x48120000 \Windows\System32\smss.exe
  0xFF140000 \Windows\System32\apisetschema.dll
  0xFF1B0000 \Windows\System32\autochk.exe

Processes (total 63):
       0 System Idle Process
       4 System
     412 C:\Windows\System32\smss.exe
     572 csrss.exe
     636 C:\Windows\System32\wininit.exe
     660 csrss.exe
     708 C:\Windows\System32\services.exe
     716 C:\Windows\System32\lsass.exe
     724 C:\Windows\System32\lsm.exe
     848 C:\Windows\System32\winlogon.exe
     880 C:\Windows\System32\svchost.exe
     944 C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
     964 C:\Windows\System32\nvvsvc.exe
    1004 C:\Windows\System32\svchost.exe
     464 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
     648 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\audiodg.exe
    1252 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1372 C:\Windows\System32\svchost.exe
    1448 C:\Windows\System32\nvvsvc.exe
    1752 C:\Windows\System32\spoolsv.exe
    1796 C:\Windows\System32\svchost.exe
    2036 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1260 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    1364 C:\Program Files\Bonjour\mDNSResponder.exe
    1468 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
    1548 C:\Windows\SysWOW64\XSrvSetup.exe
    1640 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1708 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
    1788 C:\Windows\System32\sppsvc.exe
    1848 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1940 C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    1660 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    1736 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2612 WUDFHost.exe
    2724 C:\Windows\System32\svchost.exe
    2864 C:\Windows\System32\taskhost.exe
    2992 C:\Windows\System32\dwm.exe
    3060 C:\Windows\explorer.exe
    3012 C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
    1140 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
     568 C:\Program Files (x86)\AVG Secure Search\vprot.exe
     720 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
     588 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    3276 C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
    3432 C:\Program Files\iPod\bin\iPodService.exe
    3604 C:\Windows\System32\SearchIndexer.exe
    3868 C:\Windows\System32\SearchProtocolHost.exe
    3960 C:\Windows\System32\svchost.exe
    4020 C:\Program Files (x86)\Opera\opera.exe
    3264 C:\Windows\SysWOW64\dllhost.exe
    3916 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
    4028 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    4056 C:\Windows\System32\svchost.exe
    3240 C:\Windows\SysWOW64\dllhost.exe
    2188 C:\Windows\SysWOW64\dllhost.exe
     916 C:\Users\Michal\Desktop\MBRCheck.exe
    4016 C:\Windows\System32\conhost.exe
    3684 C:\Windows\System32\osk.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`6a100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000031`51100000  (NTFS)

PhysicalDrive0 Model Number: WDCWD10EARS-003BB1, Rev: 80.00A80

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9


Done!

[SuperDave]

Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[michalpaladin]

ComboFix 12-04-16.04 - Michal 04/17/2012  15:13:01.1.4 - x64
Running from: c:\users\Michal\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
E:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-17 to 2012-04-17  )))))))))))))))))))))))))))))))
.
.
2012-04-15 23:09 . 2012-04-15 23:09   --------   d-----w-   c:\users\Michal\AppData\Roaming\Malwarebytes
2012-04-15 23:09 . 2012-04-15 23:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-15 23:09 . 2012-04-15 23:09   --------   d-----w-   c:\programdata\Malwarebytes
2012-04-15 23:09 . 2012-04-04 19:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-04-15 04:36 . 2012-04-15 04:38   1328914   ----a-w-   C:\regdll.bat
2012-04-15 04:25 . 2012-04-15 04:25   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD8AFD9-59F5-42F9-AB7B-879E7711205A}\offreg.dll
2012-04-15 04:08 . 2012-03-20 07:51   8669240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD8AFD9-59F5-42F9-AB7B-879E7711205A}\mpengine.dll
2012-04-15 03:50 . 2012-04-15 03:50   --------   d-----w-   c:\programdata\CPA_VA
2012-04-13 14:24 . 2012-04-13 14:24   --------   d-----w-   c:\programdata\UAB
2012-04-13 14:24 . 2012-04-13 14:24   --------   d-----w-   c:\users\Michal\AppData\Local\PC_Drivers_Headquarters
2012-04-13 14:24 . 2012-04-13 14:24   --------   d-----w-   c:\programdata\Driver Inspector
2012-04-13 14:24 . 2012-04-13 14:24   --------   d-----w-   c:\program files (x86)\Driver Inspector
2012-04-13 14:19 . 2012-04-13 14:22   --------   d-----w-   c:\users\Michal\AppData\Roaming\DriverFinder
2012-04-12 02:27 . 2012-04-13 05:30   --------   d-----w-   C:\smartoffice
2012-04-12 02:26 . 2012-04-13 05:30   --------   d-----w-   c:\program files (x86)\Wajam
2012-04-12 02:26 . 2012-04-12 02:26   --------   d-----w-   c:\users\Michal\AppData\Local\Wajam
2012-04-02 18:38 . 2012-04-02 18:38   --------   d-----w-   c:\windows\en
2012-04-02 18:37 . 2012-04-02 18:37   --------   d-----w-   c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-02 18:35 . 2012-04-02 18:37   --------   d-----w-   c:\program files (x86)\Windows Live
2012-04-02 18:31 . 2010-08-11 05:19   3860992   ----a-w-   c:\windows\system32\UIRibbon.dll
2012-04-02 18:31 . 2010-08-11 05:13   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2012-04-02 18:31 . 2010-08-11 04:44   2983424   ----a-w-   c:\windows\SysWow64\UIRibbon.dll
2012-04-02 18:31 . 2010-08-11 04:35   1164800   ----a-w-   c:\windows\SysWow64\UIRibbonRes.dll
2012-04-02 18:28 . 2012-04-14 22:25   --------   d-----w-   c:\users\Michal\AppData\Local\Windows Live
2012-04-02 18:28 . 2012-04-02 18:28   --------   d-----w-   c:\program files (x86)\Common Files\Windows Live
2012-04-02 17:18 . 2012-04-02 17:18   --------   d-----w-   c:\windows\system32\appmgmt
2012-04-02 17:04 . 2012-04-02 17:05   --------   d-----w-   C:\Fraps
2012-03-31 15:57 . 2012-03-31 15:57   --------   d-----w-   c:\programdata\Uniblue
2012-03-30 20:17 . 2011-02-19 06:37   1135104   ----a-w-   c:\windows\system32\FntCache.dll
2012-03-30 13:33 . 2006-06-20 08:56   225280   ----a-w-   c:\windows\SysWow64\rewire.dll
2012-03-30 13:33 . 2012-03-30 13:33   --------   d-----w-   c:\users\Michal\AppData\Roaming\OpenCandy
2012-03-30 13:32 . 2009-09-15 09:14   1554944   ----a-w-   c:\windows\SysWow64\vorbis.acm
2012-03-30 13:31 . 2012-04-02 17:08   --------   d-----w-   c:\program files (x86)\VstPlugins
2012-03-30 13:31 . 2012-03-30 13:31   --------   d-----w-   c:\program files (x86)\Outsim
2012-03-30 13:29 . 2012-03-30 13:32   --------   d-----w-   c:\program files (x86)\Image-Line
2012-03-29 01:07 . 2012-03-29 20:09   --------   d-----w-   c:\programdata\regid.1986-12.com.adobe
2012-03-29 01:01 . 2012-03-29 01:02   --------   d-----w-   c:\program files\Common Files\Adobe
2012-03-29 01:00 . 2012-03-29 01:00   --------   d-----w-   c:\program files (x86)\Adobe Media Player
2012-03-29 00:58 . 2012-03-29 00:58   --------   d-----w-   c:\program files (x86)\Common Files\Adobe AIR
2012-03-26 15:16 . 2012-03-26 15:16   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2012-03-26 01:13 . 2012-03-26 01:13   --------   d-----w-   c:\users\Michal\AppData\Local\Apple Computer
2012-03-26 01:13 . 2012-03-26 02:03   --------   d-----w-   c:\users\Michal\AppData\Roaming\Apple Computer
2012-03-26 01:12 . 2012-03-26 01:12   --------   dc----w-   c:\windows\system32\DRVSTORE
2012-03-26 01:12 . 2009-05-18 17:17   34152   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-26 01:12 . 2008-04-17 16:12   126312   ----a-w-   c:\windows\system32\GEARAspi64.dll
2012-03-26 01:12 . 2008-04-17 16:12   107368   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
2012-03-26 01:11 . 2012-03-26 01:11   --------   d-----w-   c:\program files\iPod
2012-03-26 01:11 . 2012-03-26 01:12   --------   d-----w-   c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-26 01:11 . 2012-03-26 01:12   --------   d-----w-   c:\program files\iTunes
2012-03-26 01:11 . 2012-03-26 01:12   --------   d-----w-   c:\program files (x86)\iTunes
2012-03-26 01:11 . 2012-03-26 01:11   --------   d-----w-   c:\programdata\Apple Computer
2012-03-26 01:11 . 2012-03-26 01:11   --------   d-----w-   c:\users\Michal\AppData\Local\Apple
2012-03-26 01:11 . 2012-03-26 01:11   --------   d-----w-   c:\program files (x86)\Apple Software Update
2012-03-26 01:11 . 2012-03-26 01:11   --------   d-----w-   c:\program files\Common Files\Apple
2012-03-26 01:10 . 2012-03-26 01:10   --------   d-----w-   c:\program files (x86)\Bonjour
2012-03-26 01:10 . 2012-03-26 01:10   --------   d-----w-   c:\program files\Bonjour
2012-03-26 01:10 . 2012-03-26 01:11   --------   d-----w-   c:\program files (x86)\Common Files\Apple
2012-03-26 01:10 . 2012-03-26 01:11   --------   d-----w-   c:\programdata\Apple
2012-03-25 18:17 . 2012-03-25 18:17   --------   d-----w-   c:\windows\SysWow64\Wat
2012-03-25 18:17 . 2012-03-25 18:17   --------   d-----w-   c:\windows\system32\Wat
2012-03-25 17:52 . 2010-09-14 06:45   367104   ----a-w-   c:\windows\system32\wcncsvc.dll
2012-03-25 17:52 . 2010-09-14 06:07   276992   ----a-w-   c:\windows\SysWow64\wcncsvc.dll
2012-03-25 17:33 . 2009-09-10 06:28   311808   ----a-w-   c:\windows\system32\msv1_0.dll
2012-03-25 17:33 . 2009-09-10 05:52   257024   ----a-w-   c:\windows\SysWow64\msv1_0.dll
2012-03-25 17:15 . 2011-11-19 18:30   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-25 17:15 . 2011-11-19 14:25   3957616   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-25 17:15 . 2011-11-19 14:25   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-25 17:13 . 2009-11-25 16:47   99176   ----a-w-   c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-25 17:13 . 2009-11-25 16:47   49472   ----a-w-   c:\windows\SysWow64\netfxperf.dll
2012-03-25 17:13 . 2009-11-25 16:47   48960   ----a-w-   c:\windows\system32\netfxperf.dll
2012-03-25 17:13 . 2009-11-25 16:47   297808   ----a-w-   c:\windows\SysWow64\mscoree.dll
2012-03-25 17:13 . 2009-11-25 16:47   295264   ----a-w-   c:\windows\SysWow64\PresentationHost.exe
2012-03-25 17:13 . 2009-11-25 16:47   1130824   ----a-w-   c:\windows\SysWow64\dfshim.dll
2012-03-25 17:13 . 2009-11-25 16:47   109912   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2012-03-25 17:13 . 2009-11-25 16:47   444752   ----a-w-   c:\windows\system32\mscoree.dll
2012-03-25 17:13 . 2009-11-25 16:47   320352   ----a-w-   c:\windows\system32\PresentationHost.exe
2012-03-25 17:13 . 2009-11-25 16:47   1942856   ----a-w-   c:\windows\system32\dfshim.dll
2012-03-25 16:51 . 2010-03-04 04:32   243712   ----a-w-   c:\windows\system32\drivers\ks.sys
2012-03-24 20:21 . 2012-03-24 20:21   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-03-24 16:09 . 2010-12-18 06:11   714752   ----a-w-   c:\windows\system32\kerberos.dll
2012-03-24 16:09 . 2010-12-18 05:29   541184   ----a-w-   c:\windows\SysWow64\kerberos.dll
2012-03-24 16:07 . 2012-02-03 04:16   3143168   ----a-w-   c:\windows\system32\win32k.sys
2012-03-24 16:06 . 2010-08-21 06:29   558592   ----a-w-   c:\windows\system32\spoolsv.exe
2012-03-24 16:05 . 2011-04-29 03:13   461312   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-03-24 16:04 . 2011-05-24 11:21   404992   ----a-w-   c:\windows\system32\umpnpmgr.dll
2012-03-24 15:51 . 2011-11-19 15:07   77312   ----a-w-   c:\windows\system32\packager.dll
2012-03-24 15:51 . 2011-11-19 14:06   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-03-24 03:43 . 2009-12-29 08:03   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-03-24 03:43 . 2009-12-29 06:55   172032   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-03-24 03:43 . 2012-01-25 06:27   76288   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-03-24 03:43 . 2012-01-25 06:27   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-03-24 03:43 . 2012-01-25 06:20   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-03-24 03:43 . 2012-02-15 06:27   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-24 03:43 . 2012-02-15 05:44   826368   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-24 03:43 . 2012-02-15 04:47   204800   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-24 03:43 . 2012-02-15 04:46   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-24 03:43 . 2010-01-09 07:19   139264   ----a-w-   c:\windows\system32\cabview.dll
2012-03-24 03:43 . 2010-01-09 06:52   132608   ----a-w-   c:\windows\SysWow64\cabview.dll
2012-03-24 03:37 . 2012-03-24 03:37   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2012-03-24 03:37 . 2012-03-28 12:07   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2012-03-24 03:37 . 2012-03-24 03:37   --------   d-----w-   c:\windows\PCHEALTH
2012-03-24 03:37 . 2012-03-24 03:37   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2012-03-24 03:36 . 2012-03-24 03:36   --------   d-----w-   c:\users\Michal\AppData\Local\Microsoft Help
2012-03-24 03:36 . 2012-03-26 15:17   --------   d-----w-   c:\programdata\Microsoft Help
2012-03-24 03:36 . 2012-03-24 03:36   --------   d-----r-   C:\MSOCache
2012-03-24 03:32 . 2010-04-12 08:55   91568   ----a-w-   c:\windows\system32\drivers\scdemu.sys
2012-03-24 03:32 . 2012-03-24 03:32   --------   d-----w-   c:\program files (x86)\PowerISO
2012-03-24 03:21 . 2012-03-24 03:26   --------   d-----w-   c:\program files (x86)\MagicISO
2012-03-24 02:41 . 2012-03-24 02:41   --------   d-----w-   c:\program files (x86)\uTorrent
2012-03-24 02:41 . 2012-04-14 19:06   --------   d-----w-   c:\users\Michal\AppData\Roaming\uTorrent
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 19:19 . 2011-10-13 15:19   25640   ----a-w-   c:\windows\gdrv.sys
2012-04-02 18:35 . 2011-03-28 22:36   19352   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-30 13:20 . 2011-10-13 15:19   30528   ----a-w-   c:\windows\GVTDrv64.sys
2012-03-08 22:37 . 2012-03-08 22:37   302448   ----a-w-   c:\windows\WLXPGSS.SCR
2012-03-05 01:07 . 2012-03-05 01:07   18944   ----a-r-   c:\users\Michal\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-02-22 16:30 . 2011-10-14 02:05   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 15:01 . 2012-02-15 15:01   52736   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01   4547944   ----a-w-   c:\windows\system32\usbaaplrc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-10-13 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90eee664-34b1-422a-a782-779af65cdf6d}"= "c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{90eee664-34b1-422a-a782-779af65cdf6d}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 19:26   3908192   ----a-w-   c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90eee664-34b1-422a-a782-779af65cdf6d}]
2010-11-29 19:26   3908192   ----a-w-   c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 00:53   1869152   ----a-w-   c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90eee664-34b1-422a-a782-779af65cdf6d}"= "c:\program files (x86)\IncrediMail_MediaBar_4\tbIncr.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{90eee664-34b1-422a-a782-779af65cdf6d}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-03 79360]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-30 30528]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-31 235624]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF31103.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={FEC8AACD-ED3D-47FF-9B85-935B3812B6C6}&mid=3f40a436586647d18f56cd2623a0548f-2ceb1c3ae83ccacb4ae077f8cc122ef958b79670&lang=en&ds=st011&pr=sa&d=2012-03-04 19:41&v=10.0.0.7&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: tms.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
WebBrowser-{90EEE664-34B1-422A-A782-779AF65CDF6D} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
.
**************************************************************************
.
Completion time: 2012-04-17  15:24:27 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-17 19:24
.
Pre-Run: 26,945,699,840 bytes free
Post-Run: 26,543,521,792 bytes free
.
- - End Of File - - 05E41AD8ED4BD39100027DE3146FBBEE

[SuperDave]

P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
uTorrent
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[michalpaladin]

 Results of screen317's Security Check version 0.99.32 
 Windows 7  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 AVG Security Toolbar   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Adobe Reader X 10.0.1 Adobe Reader out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````






For the second part when I press scan using Rooter I get a message saying Malware Finder has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

Theres always something lol

[SuperDave]

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************************
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
• If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
• Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
• When you have re-booted,and tell me how your computer is running now

[michalpaladin]

It says my computer is clean but I'm still having all these issues. Maybe its not a virus. Hmmmmm

[year+ old attachment deleted by admin]

[SuperDave]

That's just Sophos showing off. One more scan, if you please. Could you please tell me the issues that are still on-going with your computer? 

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[michalpaladin]

1. The bottom right network icon has a red x over it, it says I'm not connected and that there are no connections available. When I troubleshoot it I get an error. But I can still access the Internet, although any type of video from Youtube, Facebook etc. is extremely choppy, not even watchable.
2. When I try to open a file like an MP3 or JPEG I get a message saying no such interface is supported. Some other programs wont start up either.
3. My sound doesn't work at all. Its not like I need sound though... I can't listen to music or watch videos! 


Basically everything that wasn't working is still not working, ha ha. Also, just recently my Internet browser has been slowing down and not responding at times. This might be because I'm on the net while ESET is still scanning.

Here is the text.




C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll   a variant of Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll   Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe   probably a variant of Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll   Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll   Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir   Win32/Toolbar.Zugo application   deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir   a variant of Win32/Toolbar.Zugo application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir   a variant of Win32/Toolbar.Zugo application   cleaned by deleting - quarantined